Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
MSAL throws a few types of exceptions, please see Exceptions.
Confidential Client
Please read the guide on High Availability.
Public Client
Device Compliance failures on Windows 10
Users are unable to login interactively and a "Device is not compliant" error is shown when:
- The tenant admin has enabled the "Require device to be marked as compliant" Conditional Access policy
- The app is invoking public client flows (i.e. rich client apps, not web sites)
- The app is using the embedded browser control available in ADAL or MSAL (this is the default for .NET Framework apps)
Mitigation
- The recommended approach is to use WAM.
- You can also configure MSAL to use the system (default OS) browser. Details in Using web browsers (MSAL.NET). Both Microsoft Edge and Chrome browsers are able to satisfy the device policy.
- If using ADAL, migrate to MSAL. There is no mitigation for ADAL.
Android
On Android, an AndroidActivityNotFound exception is thrown when the device does not have a browser with tabs. See Xamarin Android system browser considerations for using MSAL.NET
iOS
Please see Xamarin iOS Considerations.
Desktop
On a Desktop app, a StateMismatchError exception is thrown when the using a long Facebook ID (via B2C) in conjunction with the embedded browser.
For more details, please refer to our documentation.
Build issues
Behavior: an error similar to Microsoft.Windows.SDK.Contracts.targets(4,5): error : Must use PackageReference is thrown
Starting with version 4.23, MSAL references Microsoft.Windows.SDK.Contracts. NuGet can only resolve this reference if the application consuming MSAL references it as <PackageReference> and not via the legacy packages.config mechanism. See #2247 for details on how to fix this.