Microsoft-authentication-library-for-dotnet: UWP authentication sometimes crashes

Still hitting this issue, just received a report with this stack trace. Any updates to this?

MSAL.UAP.4.3.1.0.MsalException: 
        ErrorCode: authentication_ui_failed 
Microsoft.Identity.Client.MsalException: WAB authentication failed ---> System.Exception: Der Prozess wurde unerwartet beendet. (Exception from HRESULT: 0x8007042B)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 
   at Microsoft.Identity.Client.Platforms.uap.WebUI.<>c__DisplayClass7_0.<<AcquireAuthorizationAsync>b__0>d.MoveNext() + 0x1c8
--- End of stack trace from previous location where exception was thrown --- 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 
   at Microsoft.Identity.Client.Platforms.uap.DispatcherTaskExtensions.<>c__DisplayClass0_0`1.<<RunTaskAsync>b__0>d.MoveNext() + 0x133
--- End of stack trace from previous location where exception was thrown --- 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x 

Hi @tipa - any chance you could list the capabilities for you app?

Also, is the stack trace identical to the one posted by the OP? Google translates is as "The process ended unexpectedly" - this may be a bug in WAB / calling WAB.

I am currently using these capabilites:

  <Capabilities>
    <Capability Name="internetClient" />
    <uap:Capability Name="appointments" />
    <uap:Capability Name="userAccountInformation"/>
    <Capability Name="privateNetworkClientServer"/>
    <DeviceCapability Name="location" />
    <DeviceCapability Name="proximity" />
  </Capabilities>

I am actually not sure any more where I took the stack trace from in my first post, but I checked my mails for previous stack traces and found these:

Microsoft.Identity.Client.MsalException: WAB authentication failed ---> System.IO.FileNotFoundException: The system cannot locate the resource specified. (Exception from HRESULT: 0x800C0005)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 
   at Microsoft.Identity.Client.Platforms.uap.WebUI.<>c__DisplayClass7_0.<<AcquireAuthorizationAsync>b__0>d.MoveNext() + 0x1c8
--- End of stack trace from previous location where exception was thrown --- 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 
   at Microsoft.Identity.Client.Platforms.uap.DispatcherTaskExtensions.<>c__DisplayClass0_0`1.<<RunTaskAsync>b__0>d.MoveNext() + 0x133
--- End of stack trace from previous location where exception was thrown --- 
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 
   at System.Runtime.CompilerServices.Ta 

Microsoft.Identity.Client.MsalException: WAB authentication failed ---> System.Exception: The process terminated unexpectedly. (Exception from HRESULT: 0x8007042B)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Platforms.uap.WebUI.<>c__DisplayClass7_0.<<AcquireAuthorizationAsync>b__0>d.MoveNext() + 0x1c8
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Platforms.uap.DispatcherTaskExtensions.<>c__DisplayClass0_0`1.<<RunTaskAsync>b__0>d.MoveNext() + 0x133
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServi

Microsoft.Identity.Client.MsalException: WAB authentication failed ---> System.IO.FileNotFoundException: Das System kann die angegebene Datei nicht finden. (Exception from HRESULT: 0x80070002) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.Platforms.uap.WebUI.<>c__DisplayClass7_0.<<AcquireAuthorizationAsync>b__0>d.MoveNext() + 0x1c8--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.Platforms.uap.DispatcherTaskExtensions.<>c__DisplayClass0_0`1.<<RunTaskAsync>b__0>d.MoveNext() + 0x133--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.Platforms.uap.DispatcherTaskExtensions.<RunTaskAsync>d__0`1.MoveNext() + 0x261--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.Platforms.uap.WebUI.<AcquireAuthorizationAsync>d__7.MoveNext() + 0x1f4 --- End of inner exception stack trace --- at Microsoft.Identity.Client.Platforms.uap.WebUI.<AcquireAuthorizationAsync>d__7.MoveNext() + 0x2a6--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<AcquireAuthorizationAsync>d__10.MoveNext() + 0x1a2--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at System.Runtime.CompilerServices.TaskAwaiter.GetResult() + 0xb at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext() + 0x18d--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__14.MoveNext() + 0x3c8--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17 at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext() + 0x194--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17

Any updates on this? Is the capability "internetClient" the only one that's needed? Even when logging in to a OneDrive for Business Account?

I do believe that InternetClient is the only one needed. the other 3 "enterprisey" ones are used in Integrated Windows Authentication (i.e. Kerberos) to figure out the currently logged in user. MSAL does not have any special code paths related to resources / scopes - there is nothing different in accessing OneDrive versus accessing Graph.

For the reports you keep getting, can you confirm if the problem is transient or not? Does reopening the app allow users to re-login?

For the reports you keep getting, can you confirm if the problem is transient or not? Does reopening the app allow users to re-login?

I asked my users that encountered the issue and one responded that he kept getting the error permanently, even after restart of the app and PC

Will treat this as a bug. MSAL delegates the auth part of the WAB component (Windows Authentication Broker).

@tipa : I think you read the readme for this sample: https://github.com/azure-samples/active-directory-xamarin-native-v2#UWP-specific-considerations, but checking in case?

No I'm not using the UseCorporateNework property in my app.
Regarding the WAB crashes: I don't think this is necessarily a MSAL specific issue as the same problem also happens when these users try to login via Google or Dropbox (for which I use WebAuthenticationBroker directly). But it would be great to understand why this happens and if there's anything I or the user can do to resolve it.

Hi @tipa

I've followed this up with the folks who own this component. Firstly, they confirmed that the capabilities used are as you described

Second, the need more information around the error, i.e. WAB logs. They have pointed at: https://docs.microsoft.com/en-us/windows/win32/secauthn/web-authentication-problems

Provide an exception that says that it looks the file is corrupted (apparently that happens to DPAPI files?), and provide the API so that the app deletes it if it wants.
MsalCacheCorruptedException

• Retry()
• Delete()

or

just delete the file.

Make sure we have enough logging, and also let the app dev know through an exception. The exception should have all the information about the fact that the file was deleted and recreated because corrupted (#supportablity)

Thanks for your comments. I will ask my users for logs and update this issue as soon as I receive them.
@jmprieur is it possible that you are referring to issue https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1064? I think a MsalCacheCorruptedException would be a good solution for that issue (+ an API to delete the file via the library)

@tipa : yes, I think they probably have the same root cause. @bgavrilMS do you confirm?

No, this is not the same root cause. There are 2 root causes identified by @tipa :

1. Reading the token cache from a DPAPI protected file which sometimes gets corrupted (issue #1064).
2. Calling WAB to perform the interactive flow (issue #1098 - this one)

I plan to tackle the first one by automatically deleting the token cache file, which will result in the user having to re-authenticate (better than uninstalling the app). For the second issue, I am following up with the WAB team to see if a retry mechanism would help.

I added a retry when calling WAB and some information on how to collect logs if this occurs again. It's not a fix per se, but hopefully it will bring us closer to a solution.

@tipa @bratsche This is included in the 4.5.0 release.

Second, the need more information around the error, i.e. WAB logs. They have pointed at: https://docs.microsoft.com/en-us/windows/win32/secauthn/web-authentication-problems

I now had the case that a user ran into the same problem and he also was able to gather the logs as described in the article linked in the error message. Is there a way I can share the logs with you? I'd prefer not to upload them to Github.

MSAL.UAP.4.7.0.0.MsalClientException: 
ErrorCode: authentication_ui_failed 
Microsoft.Identity.Client.MsalClientException: Web Authentication Broker (WAB) authentication failed. To collect WAB logs, please follow https://aka.ms/msal-net-wab-logs ---> System.IO.FileNotFoundException: The system cannot locate the resource specified. (Exception from HRESULT: 0x800C0005)

@tipa ; you can send them to me: Jean-Marc dot Prieur at microsoft.com

Sure, I've just sent them

We are seeing a similar issue on an end-user system. (cc @kevcrooks)

Microsoft.Identity.Client 4.11.0
UWP, WINDOWS 10.0.18362
Desktop, Interactive authentication flow
Using Azure AD B2C
We have provided the internetClient capability.

Expected behaviour: the AcquireTokenInteractive box should appear after the ExecuteAsync() method is called, for the user to log in

Actual behaviour: The box does not appear, and an exception is thrown:

Exception: Microsoft.Identity.Client.MsalClientException
Message: Web Authentication Broker (WAB) authentication failed. To collect WAB logs, please follow https://aka.ms/msal-net-wab-logs
StackTrace: 
Microsoft.Identity.Client.Platforms.uap.WebUI.<AcquireAuthorizationAsync>d__6.MoveNext() + 0x2cb
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceInternalAsync>d__6.MoveNext() + 0x202
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceVerifierAsync>d__4.MoveNext() + 0xed
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext() + 0x374
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__8.MoveNext() + 0x293
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__14.MoveNext() + 0x488
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext() + 0x170
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x21
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0x70
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task) + 0x38
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task) + 0x17
   at [email protected](Unit) + 0x1b
   at FSharp.Control.Tasks.TaskBuilder.tryWith[a](FSharpFunc`2, FSharpFunc`2) + 0x3b

Is this the same issue or shall I post a new issue @jmprieur ? Is there no way to get WAB to report a useful exception?

@charlesroddie - please log a separate issue

@bgavrilMS done https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1782

@tipa - it looks like the WAB error is because it cannot reach the ping-sso url

AuthHost encountered a navigation error at URL: <https://ping-sso.schneider-electric.com/idp/eyJ2c2lkIjoic2UuY29tIn0=/prp.wsf?client-request-id=c07c1ec.........

 HR_INET_E_RESOURCE_NOT_FOUND

A few thoughts:

• we do not collect exception messages in the logs by default, because they could contain personal identifiable information (PII)
• it's possible that WAB had a nicer error message for you in the inner exception, but this was not logged
• if possible, enable PII logging
• problem might be external to WAB and related to VPN. You should be able to craft an authroziation url on your own and observe if you can navigate to it.
• I'll work with the WAB team to see if we can improve the experience.

Thanks for looking into it. This was quite an old log, once I have another user who is experiencing this and willing to collect the (PII) logs, I send them in.