active-directory-b2c-xamarin-native: Error: We can't connect to the service you need right now. Check your network connection or try this again later

Hello all,

I have been trying to get this example to work. First Android, then iOS and finally with UWP simply to get better error results. Ideally I would like it working on iOS. I have a B2C client and a web API set up and working. How do I know this? Because I have the “active-directory-b2c-wpf” example working fine.

In the UWP client the application runs when when I click the sign in button a dialog appears with the progress spinner and then after a second or two I get an error message “We can’t connect to the service you need right now. Check your network connection or tray again later”. If I close this window the client code throws an exception:

Microsoft.Identity.Client.MsalException: WAB authentication failed ---> System.IO.FileNotFoundException: The specified protocol is unknown. (Exception from HRESULT: 0x800C000D)
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

If I compare what is going down the wire from the WPF client and the UWP client when the AcquireTokenAsync method is called they differ.

The WPF client sends the following information (xxxx replaces sensitive info):

GET /te/xxxxx.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/authorize?scope=https%3A%2F%2Fxxxxx.onmicrosoft.com%2Fcms%2Faccess+offline_access+openid+profile&response_type=code&client_id=xxxxx&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&client-request-id=fcdb2f65-9ef2-4c0b-af69-cc337d4067d6&x-client-SKU=MSAL.Desktop&x-client-Ver=1.1.0.0&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+6.2.9200.0&prompt=select_account&code_challenge=9ErDqtNfDqGU7IFtTVBccVILq49xl_h50xyv8S25cE8&code_challenge_method=S256&state=a006328c-036b-487b-a9e9-0813facaa55a HTTP/1.1

The UWP client sends something of the form:

GET /tfp/xxxxx.onmicrosoft.com/b2c_1_susi/v2.0/.well-known/openid-configuration HTTP/1.1

I have checked and double checked the b2c-xamarin-native code compared to the b2c-wpf and they are identical apart from the call to AcquireTokenAsync.

In WPF it looks like the following:

 authResult = await App.PublicClientApp.AcquireTokenAsync(
               App.ApiScopes,
               GetUserByPolicy(App.PublicClientApp.Users, App.PolicySignUpSignIn),
               UIBehavior.SelectAccount, string.Empty, null, App.Authority);

for UWP it looks like:

 AuthenticationResult ar = await App.PCA.AcquireTokenAsync(
                  App.ApiScopes,
                  GetUserByPolicy(App.PCA.Users, App.PolicySignUpSignIn),
                  App.UiParent);

Do I need to configure something different on the backend to get mobile/UWP clients working or do I need to look elsewhere?

Any help would be appreciated.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 21

Most upvoted comments

Ran into this issue as well running the UWP project, after looking at the sample code with the sample tenant and looking at the PCA object I was able to find that the RedirectUri property on the PublicClientApplication gets overridden from what you put in the UserDetailsClient\App.cs. If you look in the UserDetailsClient.UWP/MainPage.cs you will see it gets overridden.

If you copy that RedirectUri and add that to your B2C application ‘Custom Redirect URI’ along with the msal<applicationID>://auth from the directions and save it it should work.

+4
matgutschow on Oct 20, 2017

Thank you @jennyf19 .

+1
n8allan on Dec 5, 2019

@n8allan the sample has been fixed

+1
jennyf19 on Dec 4, 2019

@n8allan oh…i see. Thank you. We (MSAL .NET team) do not own that sample. Sorry you lost time on it. We will sync w/the sample owners and update. I opened an issue there, it’s linked below.

Also, @n8allan did you get any error messages or anything from MSAL? We have responses that should guide you to fixing issues like this, but if you were stuck for hours, then obviously we do not. Any suggestions you have to help make this more actionable for customers are much appreciated.

cc: @jmprieur - I’ll submit a PR to update their sample.

+1
jennyf19 on Nov 21, 2019

I wish I had seen that sample instead. This is the one I was referring to and as you can see it doesn’t have that critical line.

+1
n8allan on Nov 21, 2019

Not sure why this was closed when this remains a genuine problem with the ad b2c sample. .WithRedirectUri() should be added to the sample (when creating the AuthenticationClient) and associated documentation. Without this, the sample doesn’t work and unless someone stumbles on this issue, they’ll be hopelessly stuck (I was for hours).

+1
n8allan on Nov 19, 2019

@JPhilC @josuuribe @matgutschow @nalthoff @sellingerd @yschkatula @alessandro-avila @ajaykeshri

For UWP, you need to set the following in the Package.appxmanifest of the UWP app, in the Capabilities tab: -Enterprise Authentication -Private Networks (Client & Server) -Shared User Cert IWA not enabled by default because apps requesting the Enterprise Auth or Shared User Cert capabilities require a higher level of verification

For example:

  <Capabilities>
    <Capability Name="internetClient" />
    <Capability Name="privateNetworkClientServer" />
    <uap:Capability Name="enterpriseAuthentication" />
    <uap:Capability Name="userAccountInformation" />
  </Capabilities>

See here for more details

+1
jennyf19 on Feb 11, 2019
Read more comments on GitHub
← MachineLearningNotebooks: Unable to install azureml-fsspec
active-directory-b2c-xamarin-native: Redirect URI not working on Android →