MSAL AcquireTokenInteractive code hangs / infinte loop when web application hosts on IIS

asked 2020-09-10T18:17:32.707+00:00
SyncTestUser1 1 Reputation point

I am using this chunk of code to get the access token. code is working fine on IIS Express but when I host web app in to IIS then code hangs and went in to infinite loop.

                authResult = await app.AcquireTokenInteractive(scopes).WithUseEmbeddedWebView(true)

I also opened the firewall ports on windows.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,562 questions
{count} votes

2 answers

Sort by: Most helpful
  1. answered 2020-09-14T23:17:15.777+00:00
    Saurabh Sharma 17,286 Reputation points Microsoft Employee

    @SyncTestUser1 Thanks for sharing your code. Your web apps should use IConfidentialClientApplication and not PublicClientApplicationOptions. Publicclientapplication is not intended to be used like that. Also, as your IIS runs under a differential credential set but cannot interact with the current login user session and being a remote process IIS is not capable of launching a browser as compared to IIS express your calls are stuck. Please let me know how it goes after the modification.

    Also, it may be good idea to use aync/await pattern instead of wait() in your code.

  2. answered 2021-04-01T11:09:59.673+00:00
    TEJENDRA PRASAD PATEL 66 Reputation points


    I am trying to acquire Token using certificate to connect Graph API. Its works in console application and local IIS express.

    However, when hosted same in IIS it get stuck and timed out.

    var msalClient = ConfidentialClientApplicationBuilder
                .WithAuthority(AadAuthorityAudience.AzureAdMyOrg, true)
             result = await msalClient.AcquireTokenForClient(scopes).ExecuteAsync(); // ****Gets Stuck** - IT DOES NOT EVEN GO TO NEXT STEP**
            requestMessage.Headers.Authorization =
                new AuthenticationHeaderValue("bearer", await GetAccessTokenAsync());
            var users = await graphClient.Users.Request().Filter($"mail eq '{emailAddress}'").GetAsync();

    I have createD ASP.NET MVC for poc and will convert into Web API.

    I do not want to use user login token or such... There is no login page and we want to interact MS Graph API using application specific Client ID.

    Please some one help on this.

    thank you!

    No comments