device in Azure

Question

I am using https://learn.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-iwa-v2/active-directory-dotnet-iwa-v2/#step-2-register-the-sample-with-your-azure-active-directory-tenant https://learn.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-iwa-v2/active-directory-dotnet-iwa-v2/#step-2-register-the-sample-with-your-azure-active-directory-tenant to generate token and I have followed the procedure as mentioned in the above link. I have provided clientID in appsetting.json file and it keeps keeping Failed to get user name error.

I have used the admin account to generated the app.

screenshot of error:

Answer 1

Based on our discussion, this issue should have been resolved. I will summarize the solution here.

As the sample overview says:

This sample demonstrates how to use MSAL.NET from apps that run on a domain joined or AAD joined Windows machine.

So you need to use an AAD joined Windows machine to test this sample.

Firstly, you need to add your Windows machine into your AAD domain.

Then when you run this sample, you may encounter the following error: The user or administrator has not consented to use the application with ID '{appId}' named '{appName}'.

This is because you haven't got user consent for this app in your AAD. You need to call AcquireTokenInteractive instead of AcquireTokenByIntegratedWindowsAuth in line 93 in PublicAppUsingIntegratedWindowsAuthentication.cs file. And then call AcquireTokenByIntegratedWindowsAuth again.

Now you can get the user signed-in on the Windows machine successfully.

---

Update:

Based on Constraints, IWA supports federated users only, meaning users created in Active Directory and backed by Azure AD. Users created directly in Azure AD, without Active Directory backing (managed users) can't use this authentication flow.

So if you want to use IWA(Integrated Windows Authentication), you need a federated account to test it.