search

AzureAD / azure-activedirectory-library-for-dotnet

ADAL authentication libraries for .net
http://aka.ms/aaddev
MIT License
358 stars 214 forks source link

3.19.0 UWP Initial Authentication Request Returns Cancel #969

Closed aherrick closed 6 years ago

aherrick commented 6 years ago

Updated from 3.17.3 to 3.19.0.

In 3.19.0 when I make an initial request to Authenticate and AquireToken, it instantly returns a "Cancelled" response. The next time the request happens however it works as expected.

Reverting back to 3.17.3 works as expected and allows for Authentication.

See example code:

            var authResultResp = new AuthenticationResultResp();
            try
            {
                var authContext = new AuthenticationContext(authority);
                var platformParams = new PlatformParameters(PromptBehavior.Auto, false);

                authResultResp.AuthenticationResult = await authContext.AcquireTokenAsync(resource, clientId, new Uri(returnUri), platformParams);
            }
            catch (AdalException ex)
            {
                authResultResp.ErrorMsg = ex.ErrorCode;
            }
            catch (Exception ex)
            {
                authResultResp.ErrorMsg = ex.Message;
            }
jmprieur commented 6 years ago

@aherrick thanks for the feedback Which platform are you using? .NET Framework? Xamarin ? can you please share some repro code?

aherrick commented 6 years ago

This is Xamarin Forms 2.5.0.122203 UWP.

The code is above calling into AquireTokenAsync It throws AdalExceptionon initial attempt.

On second attempt it works fine. With 3.17.3 it works fine on first try.

SomkaPe commented 6 years ago

@aherrick could you please provide details about AdalException - exception message, error code..., stacktrace

aherrick commented 6 years ago

Message:

User canceled authentication

Stack trace:

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.VerifyAuthorizationResult()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.<PreTokenRequest>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at AXLE_Driver.UWP.PlatformSpecific.Authenticator.<Authenticate>d__0.MoveNext()
jmprieur commented 6 years ago

@aherrick could you please check with ADAL.NET 3.19.1 (published yesterday): we fixed a deadlock which could happen if developers called the API blocking async calls on the UI thread. This does not seem to be the case of your code above, but maybe this code is called from a method which uses .Result or .Wait() ?

aherrick commented 6 years ago

Same issue with 3.19.1

jennyf19 commented 6 years ago

Hi @aherrick Can you try with 3.18? Trying to narrow this down to a version if possible. Thanks.

aherrick commented 6 years ago

Just confirmed it does do it in 3.18

Still working fine in 3.17.3

GFlisch commented 6 years ago

I have the same issue and I have opened a Premier Service support ticket for this. Ok for 3.17.3, NOK for > 3.17.3.

jmprieur commented 6 years ago

@aherrick @GFlisch do you have repro code that we could check?

jennyf19 commented 6 years ago

@GFlisch @aherrick We are actively investigating this and working on a fix.

GFlisch commented 6 years ago

Hi

Did you still need a repro code?

Any idea when the issue will be solved ?

Thanks,

Gilles

Sent from windows 10 mobile.

From: jennyf19 notifications@github.com Sent: Tuesday, February 6, 2018 5:06:41 PM To: AzureAD/azure-activedirectory-library-for-dotnet Cc: GFlisch; Mention Subject: Re: [AzureAD/azure-activedirectory-library-for-dotnet] 3.19.0 UWP Initial Authentication Request Returns Cancel (#969)

@GFlischhttps://github.com/gflisch @aherrickhttps://github.com/aherrick We are actively investigating this and working on a fix.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/969#issuecomment-363470982, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFpNKTDt2M6PS_9C7ieoRA5ol7PmHqFKks5tSHiQgaJpZM4Ry10f.

jennyf19 commented 6 years ago

@GFlisch @aherrick

The fix will be in ADAL 3.19.2, which should be released early next week.

The issue was due to a race condition. We did not enforce, on the UWP platform, the call of WIA (Web Integrated Authentication) from the UI thread. A recent addition related to "authority aliases" surfaced the issue in a more repeatable way. Thanks again for bringing this to our attention.

cc: @henrik-me @SomkaPe

GFlisch commented 6 years ago

Hi jennyf19,

If you want that we test it when a prerelease of the package exists.

Don’t hesitate.

Gilles

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: jennyf19mailto:notifications@github.com Sent: Saturday, February 24, 2018 4:27 PM To: AzureAD/azure-activedirectory-library-for-dotnetmailto:azure-activedirectory-library-for-dotnet@noreply.github.com Cc: GFlischmailto:github@flisch.be; Mentionmailto:mention@noreply.github.com Subject: Re: [AzureAD/azure-activedirectory-library-for-dotnet] 3.19.0 UWP Initial Authentication Request Returns Cancel (#969)

@GFlischhttps://github.com/gflisch @aherrickhttps://github.com/aherrick

The fix will be in ADAL 3.19.2, which should be released early next week.

The issue was due to a race condition. We did not enforce, on the UWP platform, the call of WIA (Web Integrated Authentication) from the UI thread. A recent addition related to "authority aliaseshttps://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/AuthenticationContext:-the-connection-to-Azure-AD#advanced-note-server-driven-aliases-of-authorities-adalnet--318" surfaced the issue in a more repeatable way. Thanks again for bringing this to our attention.

cc: @henrik-mehttps://github.com/henrik-me @SomkaPehttps://github.com/somkape

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/969#issuecomment-368235858, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFpNKYa5toBFrJgZhPAZRKt0Fsz15l-Lks5tYCpIgaJpZM4Ry10f.

henrik-me commented 6 years ago

@GFlisch @aherrick can you validate using the bits in pr #982 ? We will be releasing the bits this week however we are a bit stretched on the timing and will not be able to provide the package today. We expect to be able to release tomorrow or Wednesday.

jennyf19 commented 6 years ago

@GFlisch @aherrick We just released ADAL 3.19.2 with the UWP fix. Please try it out and let us know if this resolves your issue.

GFlisch commented 6 years ago

Hi,

Just tested and it works.

Thanks for the fix.

Gilles

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: jennyf19mailto:notifications@github.com Sent: Friday, March 2, 2018 3:20 AM To: AzureAD/azure-activedirectory-library-for-dotnetmailto:azure-activedirectory-library-for-dotnet@noreply.github.com Cc: GFlischmailto:github@flisch.be; Mentionmailto:mention@noreply.github.com Subject: Re: [AzureAD/azure-activedirectory-library-for-dotnet] 3.19.0 UWP Initial Authentication Request Returns Cancel (#969)

@GFlischhttps://github.com/gflisch @aherrickhttps://github.com/aherrick We just released ADAL 3.19.2https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/releases/tag/v3.19.2 with the UWP fix. Please try it out and let us know if this resolves your issue.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/969#issuecomment-369798528, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFpNKY-8sS0C128z0KFPDQYVX4GvP_tDks5taKxYgaJpZM4Ry10f.

jmprieur commented 6 years ago

Thanks for confirming, @GFlisch