Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,933 questions
Azure AD Seamless Login to replace Windows Authentication - Microsoft Identity Web App
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 11%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
hyoeumb
6
Reputation points
Good evening, we had a question on Microsoft Identity authentication we hoped you could help with. Our team is transitioning some of our web applications (hosted on-premise) from using Windows Authentication to Azure AD authentication and we’re running into an issue when the browser cannot detect the user is “Logged in” to their Microsoft Account. This application is a ASP .NET 6 web application and the majority of our users are Windows users logged into their computers with Seamless SSO enabled at the AD level.
On an intermittent basis, a failure will occur and upon failure, we redirect the user to the below message in RED. "A silent sign-in request was sent but no user is signed in."
We have identified that the user isn’t sent to a prompt because we’ve set the below option to “none” in Program.cs – for a more seamless experience (similar to Windows Authentication). We realize we can possibly set this to "select_account" as well.
// Specify this is a web app and needs auth code flow
.AddMicrosoftIdentityWebApp(options =>
{
builder.Configuration.Bind("AzureAd", options);
options.MaxAge = TimeSpan.FromDays(1);
// This causes the signin to prompt the user for which
// account to use - useful when there are multiple accounts signed into the browser
// To show a prompt: options.Prompt = "select_account";
// Hide prompt: options.Prompt = "none";
options.Prompt = "none";
I can replicate the current issue if I do the following:
- Clear all my cookies and cache
- Visit the web application, the above error occurs and does not retry auth.
- After successfully authenticating to MS outside of the application
- I refresh the URL and the site allows access
- If I clear all my cookies and cache again, the site rejects authentication and does not retry.
We would like to know if there is a better way to have the application “re-authenticate” the user automatically, without a prompt. Our business users point to Windows Authentication "always working" for them and we'd like to try to best replicate this behavior with Azure AD. We realize we can set “options.Prompt” to “select_account”, but that would that prompt occur on every authentication?
Its previously mentioned to possibly provide login_hint or domain_hint, would this work? Where during the authentication process can that be set and how can I gather the login_hint during the .AddMicrosoftIdentityWebApp() setup process?
Thanks so much for any insight you might have, appreciate your time.
Azure App Service
{count} vote
-
brtrach-MSFT 17,731 Reputation points Microsoft Employee Moderator2023-01-14T05:38:43.38+00:00 Since the community did not have any input, if you are still having this error, please reach out to us at azcommunity@microsoft.com with the subject as ATTN: Bryan and in the body of the message include your Azure subscription ID.
Sign in to comment
Sign in to answer