-
Notifications
You must be signed in to change notification settings - Fork 340
AcquireTokenSilentAsync using a cached token
Once MSAL.NET has acquired a user token for a Web API, it caches it. Next time the application wants a token, it should first call AcquireTokenSilentAsync to verify if an acceptable token is in the cache, and if not, call AcquireTokenAsync.
Contrary to what happens in ADAL.NET, the design of MSAL.NET is such that AcquireTokenAsync never looks at the cache. This is your responsibility as an application developer to call AcquireTokenSilentAsync first.
The recommended call pattern is to first try to call AcquireTokenSilentAsync, and if it fails with a MsalUiRequiredException, call AcquireTokenAsync
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenSilentAsync(scopes, app.Users.FirstOrDefault());
}
catch (MsalUiRequiredException ex)
{
// A MsalUiRequiredException happened on AcquireTokenSilentAsync.
// This indicates you need to call AcquireTokenAsync to acquire a token
System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
try
{
result = await app.AcquireTokenAsync(scopes);
}
catch (MsalException msalex)
{
ResultText.Text = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
}
}
catch (Exception ex)
{
ResultText.Text = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
return;
}
if (result != null)
{
string accessToken = result.AccessToken;
// Use the token
}For the code in context, please see the active-directory-dotnet-desktop-msgraph-v2 sample
For Web applications which use OpenID Connect Authorization Code flow, the recommended pattern in the Controllers is to:
- instantiate a
ConfidentialClientApplicationwith a token cache for which you would have customized the serialization See token cache serialization for Web apps - Call
AcquireTokenSilentAsync - if this fails with a
MsalUiRequiredException, request more scopes.
This is illustrated in the active-directory-dotnet-webapp-openidconnect-v2 sample in HomeController, line 116-145
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Xamarin Docs
- UWP
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- High Availability
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code