search

AzureAD / microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET
https://aka.ms/msal-net
MIT License
1.36k stars 333 forks source link

[Bug] IWA fails if 2 work and schools accounts are present on machine #1742

Closed neha-bhargava closed 4 years ago

neha-bhargava commented 4 years ago

Which Version of MSAL are you using ? Latest

Platform net classic

What authentication flow has the issue?

Other? - please describe;

Is this a new or existing app? Using the NetFxConsoleApp

Repro When there are 2 accounts in work or school accounts section.

await pca.AcquireTokenByIntegratedWindowsAuth(s_scopes)ExecuteAsync();

Expected behavior Successfully authenticates

Actual behavior Exception is thrown

Possible Solution

Additional context/ Logs / Screenshots Stacktrace: Error (True) MSAL 4.4.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 [04/03/2020 20:37:29 - fdacfe3e-abee-40c3-bca6-010ddb60ce0b] (UnknownClient: 0.0.0.0) MSAL.Desktop.4.4.0.0.MsalClientException: ErrorCode: get_user_name_failed Microsoft.Identity.Client.MsalClientException: Failed to get user name ---> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done --- End of inner exception stack trace --- at Microsoft.Identity.Client.Platforms.net45.NetDesktopPlatformProxy.GetUserPrincipalName(Int32 nameFormat) in C:\git\msal\microsoft-authentication-library-for-dotnet\src\client\Microsoft.Identity.Client\Platforms\net45\NetDesktopPlatformProxy.cs:line 80 at Microsoft.Identity.Client.Platforms.net45.NetDesktopPlatformProxy.GetUserPrincipalNameAsync() in C:\git\msal\microsoft-authentication-library-for-dotnet\src\client\Microsoft.Identity.Client\Platforms\net45\NetDesktopPlatformProxy.cs:line 62 at Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler.d__3.MoveNext() in C:\git\msal\microsoft-authentication-library-for-dotnet\src\client\Microsoft.Identity.Client\WsTrust\CommonNonInteractiveHandler.cs:line 31

jmprieur commented 4 years ago

Thansk @neha-bhargava @bgavrilMS : I believe Pop is not implemented yet for IWA? It would depend on Kerberos implementing it?

bgavrilMS commented 4 years ago

I edited the bug to make it clear that this has nothing to do with POP. The bug is in the code that extracts the current Windows user.

henrik-me commented 4 years ago

Triage: suggestion, use current logged in user as the fallback

neha-bhargava commented 4 years ago

This is not an issue, the account was not federated. The documentation is updated with a more descriptive message.