-
Notifications
You must be signed in to change notification settings - Fork 340
Client Throttling
Bogdan Gavril edited this page May 5, 2020
·
19 revisions
MSAL detects certain conditions (see below) where the application should not make repeated calls to AAD. If a call is made, then an MsalThrottledServiceException
or an MsalThrottledUiRequiredException
is thrown by MSAL. These are subtypes of MsalServiceException
, so this behaviour does not introduce a breaking change. If MSAL would not apply client-side throttling, the application would still not be able to acquire tokens, as AAD would throw the error.
- If the server is having problems or if an application is requesting tokens too often, AAD will responds with an HTTP code 429 and with header of
Retry-After X seconds
. The application will see anMsalServiceException
with header details. The throttling state is maintained for the X seconds. Affects all flows. Introduced in 4.13.0.
- If AAD is having problems it may respond with an HTTP 5xx error code with no Retry-After header. The throttling state is maintained for 1 minute. Affects only public client flows. Introduced in 4.13.0
- MSAL throws
MsalUiRequiredException
when authentication cannot be resolved silently and the end-user needs to use a browser. This is a common occurrence when a tenant admin introduced 2FA or when a user password expires. Retrying the silent authentication cannot succeed. Affects only theAcquireTokenSilent
. Introduced in 4.14.0
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Xamarin Docs
- UWP
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- High Availability
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code