How to resolve “No account or login hint was passed to the AcquireTokenSilent” with a Web App and no persistent token cache

You have implemented Microsoft Authentication Library or Microsoft Identity Web and now you are seeing the following error message: No account or login hint was passed to the AcquireTokenSilent The root cause is because the Token Cache is empty when you are trying to acquire a token silently when account was attempted to be pulled from MSAL. So on Web Applications like Asp.Net or Asp.Net Core, this is generally when…

Read More

Troubleshooting ASP.NET Core Azure AD-protected Web API Authorization issues

There is plenty of content on the internet that shows you how to use ASP.NET Core Authentication pipeline to protect a Web API with Azure Active Directory.  This is all working great except when your Web API returns a 401 Unauthorized error without providing much information.  You can end up spending a lot of time, pulling your hair out trying to figure out what can go wrong even though you…

Read More

Walkthrough: How to protect an ASP.NET Core Web API application with Azure AD

Pre-requisite: The ASP.NET Core Web API project in this tutorial uses Visual Studio 2017 with .Net Core runtime version 2.2 Application Registration: We will need to create an App Registration for the web API and an App Registration for the client app calling the web API in Azure Active Directory. Web API: From the Azure portal, navigate to the Azure Active Directory blade -> App registrations -> New registration to…

Read More

How to inject custom data into the ‘state’ parameter in an OpenID Connect MVC Application

It’s often desirable for an Azure Active Directory (Azure AD)- integrated application to maintain application state when sending request to Azure AD for login. The recommended way to achieve this is to use the ‘state’ parameter as defined in the OpenID Connect standards. Also mentioned in our documentation, the ‘state’ parameter is used for both preventing cross-site request forgery attacks and to maintain user’s state before authentication request occurs: For…

Read More

Troubleshooting Asp.Net OWIN and Asp.Net Core Authentication sign-in failures with Azure Active Directory

Let get started! This article assumes you are using your own code to perform the authentication to Azure Active Directory. IMPORTANT: So if your using Azure App Services or Azure Function Apps Authentication/Authorization feature, this article is not for you. You are developing a Asp.Net OWIN or Asp.Net Core Authentication web application and integrating it with Azure Active Directory. You run into some issues during the sign-in process with no…

Read More