microsoft-authentication-library-for-dotnet | Microsoft Authentication Library (MSAL) for NET | Azure library

 by   AzureAD C# Version: 4.54.1 License: MIT

kandi X-RAY | microsoft-authentication-library-for-dotnet Summary

kandi X-RAY | microsoft-authentication-library-for-dotnet Summary

microsoft-authentication-library-for-dotnet is a C# library typically used in Cloud, Azure, Xamarin applications. microsoft-authentication-library-for-dotnet has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

Microsoft Authentication Library (MSAL) for .NET
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              microsoft-authentication-library-for-dotnet has a medium active ecosystem.
              It has 1122 star(s) with 296 fork(s). There are 112 watchers for this library.
              There were 4 major release(s) in the last 12 months.
              There are 172 open issues and 2054 have been closed. On average issues are closed in 87 days. There are 3 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of microsoft-authentication-library-for-dotnet is 4.54.1

            kandi-Quality Quality

              microsoft-authentication-library-for-dotnet has 0 bugs and 0 code smells.

            kandi-Security Security

              microsoft-authentication-library-for-dotnet has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              microsoft-authentication-library-for-dotnet code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              microsoft-authentication-library-for-dotnet is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              microsoft-authentication-library-for-dotnet releases are available to install and integrate.
              Installation instructions are available. Examples and code snippets are not available.
              It has 23563 lines of code, 10 functions and 1126 files.
              It has low code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of microsoft-authentication-library-for-dotnet
            Get all kandi verified functions for this library.

            microsoft-authentication-library-for-dotnet Key Features

            No Key Features are available at this moment for microsoft-authentication-library-for-dotnet.

            microsoft-authentication-library-for-dotnet Examples and Code Snippets

            No Code Snippets are available at this moment for microsoft-authentication-library-for-dotnet.

            Community Discussions

            QUESTION

            Azure tableclient in console app using interactive authentication
            Asked 2022-Mar-23 at 15:58

            I'm trying to access Azure Table Storage using the TableClient class, but I want to authenticate using AzureAD credentials via the browser popup.

            I have tried 2 approaches and are sure I have things configured correctly in Azure, but I just keep getting

            This request is not authorized to perform this operation using this permission.

            Here is test code 1 using MSAL

            ...

            ANSWER

            Answered 2022-Mar-23 at 15:58

            To access table data using your Azure AD credentials, your user account should be assigned either Storage Table Data Contributor or Storage Table Data Reader role.

            Please assign one of these roles to your user account and re-acquire the token. You should not get the error you are getting then.

            Source https://stackoverflow.com/questions/71587202

            QUESTION

            Using Microsoft Authentication Library (MSAL) in Unity for SSO in iOS app
            Asked 2022-Mar-16 at 09:31

            We develop a bunch of augmented reality applications for our company. The applications are based on the game engine Unity (currently in the version 2020.3.7f1). Now, we're facing the point that we'd like to implement a SSO method in our apps, so every member of our company authenticates himself with his company user credentials. To authenticate the user we want to / have to use the Microsoft identity platform and thus the Microsoft Authentication Library (MSAL).

            We already created an client on Azure with a client id, redirect uri, authority uri, endpoint, tenant, etc and it was tested successfully with an official sample project by Microsoft (https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-ios).

            But now we stuck at the point to establish this process in Unity. We created the MSAL library dll (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet), imported it into Unity and called it by using the namespace Microsoft.Identity.Client. Due to security reasons we're only allowed to use PublicClientApplicationBuilder (which makes totally sense) so we need the web based login screen. The problem is that we can't implement a web view in Unity where the user can sign in to Microsoft and we can parse the received token out of the web view into our app for further communications.

            We did a lot of internet research to find a solution but there are only some posts about MSAL in Unity in combination with Android and other posts which reference to the git repos I mentioned before.

            How can we use MSAL in Unity for iOS devices?

            Example code:

            ...

            ANSWER

            Answered 2021-Nov-16 at 13:45

            The standard solution for mobile is the AppAuth pattern, which involves use of an integrated system browser to sign the user in. See this code example article for how that looks, so that you understand the required behaviour.

            So it looks like they key thing to do with iOS is to avoid logins via webviews and tell MSAL to use an ASWebAuthenticationSession window - this Microsoft article explains how.

            Source https://stackoverflow.com/questions/69973596

            QUESTION

            can't reset password of signed in user without specific role
            Asked 2021-Apr-12 at 08:19

            I have a C# application running in Azure Functions, I need to change password of a specific user using username\password credentials.

            My app using MSAL for authentication (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet)

            and in order to obtain the ability to authenticate with username\password flow this option is used: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Username-Password-Authentication.

            I'm using Graph API for changing the password of the user (https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http)

            I do manage to reset password that way only if I grant the user one of those built-in assign-roles:

            Password Admin, Helpdesk Admin, Authentication Admin, User Admin, Privileged Authentication Admin, Global Admin

            but if I don't give the user one those roles it get the following error message when trying to update the user using PATCH request https://graph.microsoft.com/v1.0/users/########-####-####-####-########

            Message: { "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2021-04-07T12:56:56", "request-id": "########-#####-#####-#####-#####", "client-request-id": "########-####-####-####-########" } } }

            My problem is that I don't want to give those permission to any user just to change its own password since those roles are too strong.

            It doesn't make sense to me that a user can't change its own password with that flow, since with PowerShell it is possible for example with Update-AzureADSignedInUserPassword and no special roles needed for the user. Why the role does effect it when I try to do the same operation with my flow. any ideas how to overcome this problem, what I'm doing wrong or is that even possible in that flow?

            Thanks ahead

            ...

            ANSWER

            Answered 2021-Apr-12 at 08:19

            Trying to use the changePassword endpoint should meet your requirements. You do not need to grant users any administrator roles.

            Source https://stackoverflow.com/questions/66988170

            QUESTION

            On behalf of flow returns AADSTS50013: Assertion failed signature validation
            Asked 2021-Feb-25 at 09:35

            I am using this package to authenticate the user from the react native mobile app. After acquiring the access token I am sending it to my .net WebAPI which tries to call ConfidentialClientApplication.AcquireTokenOnBehalfOf. Both the react native mobile app and the webapi are using the same client id from the azure app registration and scopes.

            ...

            ANSWER

            Answered 2021-Feb-25 at 09:35

            I got this working by carefully following the example here. I hadn't configured what was required in the "Expose an API" blade of the app registration and subsequently hadn't added the new api permissions.

            Source https://stackoverflow.com/questions/66348398

            QUESTION

            Will MSAL be able to maintain a token cache and refreshes tokens for you when they are close to expire in case of Custom REST API secured by Azure AD
            Asked 2020-Nov-16 at 07:25

            Based on the documentation details for MSAL (Azure AD) mentioned at : https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/MSAL.NET-supports-multiple-application-architectures-and-multiple-platforms#msalnet-is-about-acquiring-tokens-not-protecting-an-api

            I am working on POC : ASP.NET Web App accessing Custom REST API protected by Azure AD.

            The link mentioned above says that MSAL.NET (Microsoft Authentication Library for .NET) enables developers of .NET applications to acquire tokens in order to call secured Web APIs. These Web APIs can be the Microsoft Graph, other Microsoft APIS, 3rd party Web APIs, or your own Web API.

            Based on the above definition is it good to assume that MSAL will be helping in maintaining a token cache and refreshes tokens for you when they are close to expire in case of the Custom REST APIs also.

            Can anyone help me here by providing their guidance on it further.

            ...

            ANSWER

            Answered 2020-Nov-16 at 07:25

            MSAL and Azure AD don't give special treatment to MS Graph API tokens (except the ability to use a short name for scopes). It can refresh any of the tokens as long as the way to refresh is still valid. In the case of implicit grant (used by MSAL.js 1.x), the user must have an active AAD session in the browser. In most other cases you use a refresh token to get a new token; as long as the refresh token is still valid, you can get a new token even after the access token has expired.

            Source https://stackoverflow.com/questions/64854005

            QUESTION

            Microsoft Graph Authentication with MSAL (problem)
            Asked 2020-Aug-20 at 10:37

            I've been struggling to successfully get data from microsoft graph, to be more precise, struggling to get valid authentication token. I followed all instructions and code samples from their github but I cannot get it to work. In image below is my code.

            Important fact is that when I hardcode token, which I got from Graph Explorer, it works perfectly... When I try to get data with token obtained with AuthProvider, I get exception Request_ResourceNotFound.

            App is registered, access is granted (that's why it works with hardcoded token). NuGet references imported are Microsoft.Graph, Microsoft.Graph.Client, Microsoft.Identity.Client (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet)

            If someone can help me with this problem or suggest anything, I would be grateful.

            ...

            ANSWER

            Answered 2020-Aug-20 at 10:37

            Problem was that I was requesting "Me" endpoint, while authenticating as application (not user). Exception message was not clear enough to understand that at first...

            Source https://stackoverflow.com/questions/63502346

            QUESTION

            Access mailbox via Graph (MSAL.NET/Azure AD 2.0) from deamon service: administrator access should be limited to single mailboxes
            Asked 2020-Jul-21 at 01:02

            When you access a mailbox of a specific user via a background service using MS Graph, the token will expire after 90 days since MSGraph (MSAL.NET/Azure AD 2.0) does not return a refresh token (see here).

            Using administrator consent should resolve this issue, but the only choice is to get access to ALL mailboxes of the organization. This is way too great a security risk for this task.

            Does anybody know a middle ground for this? Is there a way to get the refresh token when using user consent, or limit admin consent to 1 mailbox?

            Is this an issue that Microsoft should resolve?

            ...

            ANSWER

            Answered 2020-Jul-21 at 01:02

            Microsoft Graph documentation has provided a method to accomplish this requirement.

            Just use the New-ApplicationAccessPolicy PowerShell cmdlet to configure access control.

            Source https://stackoverflow.com/questions/62993174

            QUESTION

            EWS Streaming Subscription with Exchange Online
            Asked 2020-Jun-19 at 12:51

            My main question: Working with Exchange Online, how is the streaming subscription supposed to work in relation to the periodic access token refresh?

            Details: I have been using EWS streaming subscriptions for some time for on-premise Exchange. Following the usual process I create a StreamingSubscriptionConnection, add the mailbox subscriptions to it, and then open the connection. When the OnDisconnect event fires, we re-open the connection.

            We have now implemented the streaming subscription for mailboxes in Exchange Online, which requires us to use Modern Auth with Microsoft.Identity.Client. As advised on this page, we are forcing a refresh of the access token every 30 minutes on a background thread.

            Everything works great, until we refresh the access token. At that point, when a connection's OnDisconnect event fires, and we attempt to re-open the connection, it fails with 401 Unauthorized. We currently have it re-assigning the Credentials property of the ExchangeService object, after refreshing the token, but that doesn't seem to have any effect on the StreamingSubscriptionConnection objects which were created prior to refreshing the token.

            Note the StreamingSubscriptionConnection class doesn't have a Credentials property that we can reset after the token refresh. How is the connection object supposed to get the updated credentials?

            Thank you!

            John

            UPDATE

            It turns out I was not actually updating the Credentials property of the ExchangeService object after refreshing the token. Once I got that sorted, the re-opening of the connection works fine.

            For anyone who might be interested, here's how we're doing this. First define the scopes:

            ...

            ANSWER

            Answered 2020-Jun-19 at 12:36

            It turns out I was not actually updating the Credentials property of the ExchangeService object after refreshing the token. Once I got that sorted, the re-opening of the connection works fine.

            Source https://stackoverflow.com/questions/62451686

            QUESTION

            How to handle AppCacheTokens of multi-tenant daemon service application using MSAL.NET
            Asked 2020-May-14 at 17:21

            Is it possible to use MSAL.NET authentication library to handle appCacheTokens that are generated multi-tenant daemon service app(i.e. the Client Credential grant). in this scenario i have to build (n) number of confidential client applications based on tenant ids and need to maintain the tokens.

            ...

            ANSWER

            Answered 2020-May-14 at 17:21

            You can specify a different tenant id when acquiring a token.

            This should work:

            Source https://stackoverflow.com/questions/61802091

            QUESTION

            Azure OAuth2 Client Credential flow - getting token for multiple scopes throws error
            Asked 2020-Jan-11 at 18:05

            When using the MSAL library to generate access token for a background console application, using client_credentials, to call two REST endpoints, the get token call is created as:

            ...

            ANSWER

            Answered 2020-Jan-11 at 09:41

            When you acquire an access token, you can only specify scopes for one API. It seems to me you are trying to acquire a token with permissions to 2 APIs. This is not possible.

            An access token always only contains permissions to one API. So you must request them separately.

            This is due to a token having an audience (aud) claim that identifies the API it is meant for. It cannot have two values.

            Source https://stackoverflow.com/questions/59692988

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install microsoft-authentication-library-for-dotnet

            You can download it from GitHub.

            Support

            MSAL.NET became Generally Available with MSAL.NET 3.0.8. Since MSAL.NET moved to 4.x.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/AzureAD/microsoft-authentication-library-for-dotnet.git

          • CLI

            gh repo clone AzureAD/microsoft-authentication-library-for-dotnet

          • sshUrl

            git@github.com:AzureAD/microsoft-authentication-library-for-dotnet.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link