发表新帖
发表新帖

AcquireTokenSilent always Failed to acquire token silently

后端 未结
关注
5 621
清酒与你
清酒与你 2021-01-04 04:16

Using ADAL I have two AuthenticationContext using a Token Cache persisted in SQL.

Using AcquireTokenByAuthorizationCode it writes the Token

相关标签:
5条回答
  • 轮回少年
    2021-01-04 04:44

    I don't understand the call:

    authContext.AcquireTokenSilent(
    _authority,
    _clientCredential,
    new UserIdentifier(companyId.ToString(), UserIdentifierType.UniqueId)
).AccessToken;

    The UserIdentifier must match the value in the cache, and CompanyID does not sound like any of the identifier you get back for the token.

    Please take a look at the sample I pointed you to on the other thread, and specifically on the identifier used in call to AcquireTokenSilent in https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet/blob/master/TodoListWebApp/Controllers/TodoListController.cs

    You don't get to choose which identifier to use in that call, that is determined by what claims AAD issues. The only identifiers you can choose are at the cache instance level, not in individual AcquireToken* calls.

    0 讨论(0)
  • 梦如初夏
    2021-01-04 04:52

    The issue was that basically I was using Common Authority https://login.windows.net/common/oauth2/authorize in my App. It works for AcquireTokenByAuthorizationCode() but not for AcquireTokenSilent().

    So I needed it to save the TenantId when call AcquireTokenByAuthorizationCode() and an authority use an authority like https://login.windows.net/<tenant ID>/oauth2/authorizewhen call AcquireTokenSilent(). This way the same code above works.

    0 讨论(0)
  • 温柔的废话
    2021-01-04 04:55

    Check if token is existing in cache else sign out and ask user to sign in.

    AuthenticationContext authContext = new AuthenticationContext(Startup.Authority,
                        new NaiveSessionCache(userObjectID));
                    if (authContext.TokenCache.Count == 0)
                    {
                        authContext.TokenCache.Clear();
                        CosmosInterface.Utils.AuthenticationHelper.token = null;
                        HttpContext.GetOwinContext().Authentication.SignOut(
                            OpenIdConnectAuthenticationDefaults.AuthenticationType,
                            CookieAuthenticationDefaults.AuthenticationType);
                    }
    0 讨论(0)
  • 悲哀的现实
    2021-01-04 04:57

    I had the same issue in ASPNetCore (1.0) and the reason was that I wasn't storing the authentication token after logging in. I solved it by adding OnAuthorizationCodeReceived in the Startup class and changing my Response ype to ResponseType = OpenIdConnectResponseType.CodeIdToken.

    Hope it helps.

    Sample: https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/blob/aspnet10/WebApp-WebAPI-OpenIdConnect-DotNet/Startup.cs#L100

    0 讨论(0)
  • 谎友^
    2021-01-04 04:59

    This is an old question - but for me, I needed to clear my cookies on the client and then it forced the browser to re-auth and everything was fine again.

    0 讨论(0)
 看不清?
提交回复
热议问题