How to force Azure AD authentication login to use open browser

Question

How to force Azure AD authentication login to use open browser

Simo Pöysä 0

Hi,

In development we are using .NET 6 with Azure Active Directory authentication for logging to Azure services from the application. So far when starting the debugging the login window always opened in an already open browser and thus remembering the existing login (so no need to insert login credentials and MFA again).

After updating the NuGet package Microsoft.Identity.Client from 4.51.0 to 4.52.0 it now always opens a new browser when debugging (same still happening with currently latest version 4.54.1) and requires the login credentials with MFA for every single new debugging session. Is it somehow possible to change some configuration or such to force it to open the login in existing open browser like it was working before?

In the connectionstring we have been using "Authentication=Active Directory Interactive". I also tried with "Authentication=Active Directory Default" as well with having login credentials stored in Visual Studio and in environment variables but neither seem to make any difference.

Best,

Simo

1 answer

Your answer

Answer 1

@Simo Pöysä

Thank you for posting your query on Microsoft Q&A. From above description I could understand that after updating NuGet package Microsoft.Identity.Client from 4.51.0 to 4.52.0 your application is prompting for a password and MFA in a new browser session every time instead of redirecting/pop up.

Please do correct me if this is not the case by responding in the comments section.

On .NET Core, MSAL.NET will start the system browser as a separate process. MSAL.NET doesn't have control over this browser, but once the user finishes authentication, the web page is redirected in such a way that MSAL.NET can intercept the URI.

You may try BrowserLoginStyle type its set to none by default.

You may try using Prompt.SelectAccount Field
AcquireToken will send prompt=select_account to the authorization server's authorize endpoint. which would present to the user a list of accounts from which one can be selected for authentication.

public static readonly Microsoft.Identity.Client.Prompt SelectAccount;

However if for best experience kindly use Prompt.NoPrompt Field, Let the identity service decide on the best user experience, based on browser cookies and on the login hint, which can be specified using WithAccount() or WithLoginHint()

public static readonly Microsoft.Identity.Client.Prompt NoPrompt;

Ref: https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.client.prompt?view=msal-dotnet-latest

Thanks

Akshay Kaushik

Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

Simo Pöysä 0 Reputation points

2023-07-11T10:45:23.65+00:00

If I understand correctly, BrowserLoginStyle is setting that can be used on the UI side code. However the issue I'm having has nothing to do with UI code. I'm only debugging the backend solution.

Microsoft.Identity.Client.Prompt doesn't seem to contain an option about opening the prompt in existing or new browser. We do want to keep the prompt but to open it in the existing open browser.
Simo Pöysä 0 Reputation points

2023-08-04T08:46:32.6033333+00:00

As I commented before this did not solve the issue. Is it possible to get more guidance please?
Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator

2023-09-05T11:12:13.78+00:00

Kindly send an email at "azcommunity@microsoft.com",

with subject line as : Attn | Akshay | How to force Azure AD authentication login to use open browser

Body containing the Q&A query link: How to force Azure AD authentication login to use open browser - Microsoft Q&A

Subscription ID of your tenant

Thanks,

Akshay Kaushik

Share via

How to force Azure AD authentication login to use open browser

1 answer

Your answer