Azure-sdk-for-net: WindowsAuthenticationAzureServiceTokenProvider.GetTokenAsync thows when using Microsoft.IdentityModel.Clients.ActiveDirectory 4+
Original Issue: https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1283
All our machines are domain joined and corpnet user/group identities are replicated to Azure AD under onmicrosoft.com directory.
We've been using this code:
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback);
var keyVaultClient = new KeyVaultClient(authenticationCallback);
keyVaultClient.GetSecretsAsync(<url>).Dump(); //this throws
to access KeyVault no problem with these packages:
<package id="Microsoft.Azure.KeyVault" version="3.0.0" targetFramework="net461" />
<package id="Microsoft.Azure.KeyVault.WebKey" version="3.0.0" targetFramework="net461" />
<package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.3" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.19.8" targetFramework="net461" />
However we recently had to update to "Microsoft.IdentityModel.Clients.ActiveDirectory" version="4.0.0-preview" and the authentication workflow we have been using stopped working (ActiveDirectory 4.1-preview also fails). se we have to reference Microsoft.IdentityModel.Clients.ActiveDirectory version 4+ in most of our solutions. However Microsoft.Azure.Services.AppAuthetnication references Microsoft.IdentityModel.Clients.ActiveDirectory 3.14.2 which still had the ActiveDirectory.Platforms.dll.
This is the failure:
Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47. Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.14.2.11, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
Even with a binding redirect this fails because the Platforms namespace is now merged into ActiveDirectory.
The simple fix would be to update the Microsoft.IdentityModel.Clients.ActiveDirectory in Azure.Services.AppAuthentication.
PR to fix this issue: https://github.com/Azure/azure-sdk-for-net/pull/5007
Ofekw
All 5 comments
@Ofekw please reopen if this is still an issue after the PR merged.
shahabhijeet
on 18 Dec 2018
(The PR was merged and then reverted)
Issue is still ongoing but I believe there was a conversion offline with yourself and @nonik0. You mentioned it will be addressed in the future when the whole package updates to ADAL 4 or MSAL... I look forward to it.
Ofekw
on 18 Dec 2018
Whats the status on this? Would like to update the ActiveDirectory package to the latest version instead of keeping it at 3.19.8.
Zenuka
on 10 Apr 2019
@Ofekw @Zenuka Wanted to let you know that we just released the newest version 1.3.0 of AppAuth, where the ADAL dependency has been updated to 4.3.
nonik0
on 24 Jul 2019
Awesome!
MattSFT
on 26 Jul 2019
Related issues
ohadschn
路
3Comments
JoeBrockhaus
路
4Comments
AliGuemues
路
3Comments
tudort-iquest
路
3Comments
sakher-sawan
路
4Comments
Most helpful comment
@Ofekw @Zenuka Wanted to let you know that we just released the newest version 1.3.0 of AppAuth, where the ADAL dependency has been updated to 4.3.