How to debug/trace ADAL authentication?

Question

I was trying one of the Azure Active Directory samples Microsoft has published here: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet

I managed t

Answer 1

In ADAL v3, you create a class that implements IAdalLogCallback:

public class AdalLoggerCallback : IAdalLogCallback
{
  public void Log(LogLevel level, string message)
  {
    Console.Write(message);
  }
}

Then, set the Callback property of the static LoggerCallbackHandler object:

LoggerCallbackHandler.Callback = new AdalLoggerCallback();

Answer 2

While the accepted answer does turn on the tracing for ADAL (client library), I ran into an issue where I needed tracing enabled for OWIN authentication middleware.

My code was just getting an authorization denied from my service when inserting this middleware:

public void Configuration(IAppBuilder app)
{
    app.UseWindowsAzureActiveDirectoryBearerAuthentication(
        new WindowsAzureActiveDirectoryBearerAuthenticationOptions
    {
        Audience = ConfigurationManager.AppSettings["Audience"],
        Tenant = ConfigurationManager.AppSettings["Tenant"]
    }
}

Turning on logging can be done by adding the following section to the web.config of your project:

<configuration>
  <system.diagnostics>
    <switches>
      <add name="Microsoft.Owin" value="Verbose" />
    </switches>
  </system.diagnostics>
</configuration>

The output will by default appear in your debug console window, but you can change this by adding trace listeners. I found a very informative article here.

It turned out I forgot to turn off issuer validation for a multi-tenant service.

Answer 3

You can enable logger using

Trace.Listeners.Add(new ConsoleTraceListener()); AdalTrace.LegacyTraceSwitch.Level = TraceLevel.Verbose;

Fulll details here https://github.com/AzureAD/azure-activedirectory-library-for-dotnet#logs