msal

问题 I am using MSAL for Azure AD authentication in a Xamarin app. The validity of the token is 1 day (seen using the value of ExpiresOn of AuthenticationResult). My problem is that, after 1 hour, AcquireTokenSilentAsync fails and then AcquireToken needs to be called. I am not able to understand that even though the token validity is 1 day, and the validity of refresh token is even more, why is it asking for authentication after every 1 hour ? Can this be changed using any parameter value or any

问题 I'm using Azure AD B2C with msal.js in my React app. Currently, when the user tries to enter the protected area of my app, msal.js redirects the user to the login in page which provides a link to the sign up page. Is there a way for me to send users directly to the sign up page? There are cases when I know the user has not yet signed up so it's bad user experience to send the user first to the sign in page then let them click and go to the sign up page. It would be nicer to just send them

问题 I've set up a small ASP.NET Core v3 webapp using Microsoft.Identity.Web from https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC This works fine. But when I log in as userA and then delete this user from our Azure AD, the user stays logged in. How can I forge my app to regularly check if the user still exists or if his roles have changed? From Cookie not expiring for Azure AD auth I understand I can set OpenIdConnectOptions

问题 We're trying to work out how to consume an MSAL access token from a front-end vue.js application on our hapi.js back-end. Following the documentation for Single Page Applications we are successfully adding the MSAL accessToken to our http requests as a Bearer token. This token can be seen on the back-end if we disable JWT on the API server. How do we validate the MSAL access token so that we can return a valid JWT token? (secondary question is what is the recommended auth strategy for the

问题 So I have an Angular and C# Web API 2 app that uses Microsoft Authentication (msal.js) for the login. Now I'm trying to save data and I need the details of the current logged user. Is there a way to get the logged user from the C# Controller? I can do this in Angular, but I think it's not secured to do it from the client side so I was thinking if maybe there was a way that the backend knows who's the logged user. Thanks in advance! EDIT Startup.Auth.cs var tvps = new TokenValidationParameters

问题 Angular site hosted on an Azure storage account as a static website receives 500 when it's invoking an Azure B2C-protected Function App function. The function is receiving a 404. Update The original title for this question was "Angular app which invokes B2C-secured Functions App receives 401 Unauthorized response". The solution was, as @Alex AIT suggested (below), to replace the https://<b2c_tenant_name>.b2clogin.com/<b2c_tenant_name>.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=

问题 I'm using msal js library to redirect SPA to b2c policy. I can't find an example of sending some custom claim to the b2c policy (like extension_Brand) from javascript application. What I have found is .NET example: https://github.com/Azure-Samples/active-directory-b2c-advanced-policies/blob/d62c3f9e573ac8b5a9adc1565c6254f632e2a531/wingtipgamesb2c/src/WingTipMusicWebApplication/Startup.cs#L108 But it uses .NET library. Which JS library can send claim to the b2c policy? 回答1: There are no JS

问题 Cheers, I'm looking for some clarification regarding authentication libraries for use with Azure AD, particularly regarding the differences between Microsoft.AspNetCore and Microsoft.IdentityModel based libraries. I am implementing an Api in .net core for which authentication will be managed with Azure Active Directory (AAD). Based on the needs of the application I am looking to use the original (v1) endpoint with ADAL rather than the v2 endpoint due to some features not being available with

问题 I'm getting an error (mentioned below) when I'm trying to use Cortana Bot user token (which is a Graph token) to generate an "on-behalf-of" token to another consuming Web API application using ClientAssertionCertificate / ClientCredential targeted to another consuming Web API by passing its AppId as ResourceId and userAssertion generated by using Cortana Bot user token. When checked our Bot AAD settings it is configured with other consuming Web API (API B) as valid application along with

问题 I'm getting an error (mentioned below) when I'm trying to use Cortana Bot user token (which is a Graph token) to generate an "on-behalf-of" token to another consuming Web API application using ClientAssertionCertificate / ClientCredential targeted to another consuming Web API by passing its AppId as ResourceId and userAssertion generated by using Cortana Bot user token. When checked our Bot AAD settings it is configured with other consuming Web API (API B) as valid application along with