Hi @Anonymous ,
There are a number of limitations when using the AcquireTokenByIntegratedWindowsAuth
method, and it seems likely that this is the cause of your issue. These limitations are listed here. Among others, the flow has the following constraints:
1) This can only be used with federated users created in an Active Directory and backed by Azure Active Directory. Users created directly in AAD without AD backing cannot use this auth flow.
2) It does not work for MSA users.
3) IWA will fail when used with interactive MFA. (See explanation and constraints.)
4) If you are testing with your own user account, consent must be granted to the application for your account. For other users, they will need to consent to the application accessing their account details, or the tenant admin must grant consent across the tenant using the Grant admin consent for Tenant button in the portal.
5) Microsoft personal accounts are not supported.
6) This flow is enabled for .net desktop, .net core and Windows Universal Apps.
7) The error can also occur if Integrated Windows Authentication is not enabled in the browser properties.
References:
Integrated Windows Constraints
AD FS Troubleshooting
MSAL Error
Let me know if this helps. If these constraints do not apply to your situation we may need to do a deeper dive into your environment.
-
If the information helped you, please Accept the answer. This will help us and other community members as well.