-
Notifications
You must be signed in to change notification settings - Fork 340
Known issues
MSAL throws a few types of exceptions, please see here.
Please read the guide on High Availability
System.Security.Cryptography.CryptographicException: A device attached to the system is not functioning.
When running in a tight loop, the crypto API sometimes throws the exception above. The root cause seems to be Windows API and affects all .NET versions, although higher .NET versions (4.6+) seem to encounter this more. We are working on finding a workaround. The issue is mostly seen in Client Credential flow.
Users are unable to login interactively and a "Device is not compliant" error is shown when:
- the tenant admin has enabled the "Require device to be marked as compliant" Conditional Access policy
- the app is invoking public client flows (i.e. rich client apps, not web sites)
- the app is using the embedded browser control available in ADAL or MSAL (this is the default for .NET Framework apps)
- the recommended approach is to use WAM
- Otherwise, you can also configure MSAL to use the system (default OS) browser (details here). Both Chrome and Microsoft Edge browsers are able to satisfy the device policy.
- if using ADAL, migrate to MSAL first. There is no mitigation for ADAL use.
On Android, an AndroidActivityNotFound exception is thrown when the device does not have a browser with tabs
https://docs.microsoft.com/en-gb/azure/active-directory/develop/msal-net-system-browser-android-considerations#known-issues
The recommended approach is to use WAM
Most issues on UWP occur due to network problems, such as proxies that block the traffic etc. Integrated Windows Auth may also be blocked by admins. For more details see:
On a Desktop app, a StateMismatchError exception is thrown when the using a long Facebook ID (via B2C) in conjunction with the embedded browser.
For more details, please refer: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/StateMismatchError
Behaviour: an error similar to Microsoft.Windows.SDK.Contracts.targets(4,5): error : Must use PackageReference is thrown
Starting with version 4.23, MSAL references Microsoft.Windows.SDK.Contracts. NuGet can only resolve this reference if the application consuming MSAL references it as <PackageReference> and not via the legacy packages.config mechanism. See #2247 for details on how to fix this.
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Xamarin Docs
- UWP
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- High Availability
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code