active-directory-b2c-xamarin-native: Error: We can't connect to the service you need right now. Check your network connection or try this again later
Hello all,
I have been trying to get this example to work. First Android, then iOS and finally with UWP simply to get better error results. Ideally I would like it working on iOS. I have a B2C client and a web API set up and working. How do I know this? Because I have the “active-directory-b2c-wpf” example working fine.
In the UWP client the application runs when when I click the sign in button a dialog appears with the progress spinner and then after a second or two I get an error message “We can’t connect to the service you need right now. Check your network connection or tray again later”. If I close this window the client code throws an exception:
Microsoft.Identity.Client.MsalException: WAB authentication failed ---> System.IO.FileNotFoundException: The specified protocol is unknown. (Exception from HRESULT: 0x800C000D)
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
If I compare what is going down the wire from the WPF client and the UWP client when the AcquireTokenAsync method is called they differ.
The WPF client sends the following information (xxxx replaces sensitive info):
GET /te/xxxxx.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/authorize?scope=https%3A%2F%2Fxxxxx.onmicrosoft.com%2Fcms%2Faccess+offline_access+openid+profile&response_type=code&client_id=xxxxx&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&client-request-id=fcdb2f65-9ef2-4c0b-af69-cc337d4067d6&x-client-SKU=MSAL.Desktop&x-client-Ver=1.1.0.0&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+6.2.9200.0&prompt=select_account&code_challenge=9ErDqtNfDqGU7IFtTVBccVILq49xl_h50xyv8S25cE8&code_challenge_method=S256&state=a006328c-036b-487b-a9e9-0813facaa55a HTTP/1.1
The UWP client sends something of the form:
GET /tfp/xxxxx.onmicrosoft.com/b2c_1_susi/v2.0/.well-known/openid-configuration HTTP/1.1
I have checked and double checked the b2c-xamarin-native code compared to the b2c-wpf and they are identical apart from the call to AcquireTokenAsync.
In WPF it looks like the following:
authResult = await App.PublicClientApp.AcquireTokenAsync(
App.ApiScopes,
GetUserByPolicy(App.PublicClientApp.Users, App.PolicySignUpSignIn),
UIBehavior.SelectAccount, string.Empty, null, App.Authority);
for UWP it looks like:
AuthenticationResult ar = await App.PCA.AcquireTokenAsync(
App.ApiScopes,
GetUserByPolicy(App.PCA.Users, App.PolicySignUpSignIn),
App.UiParent);
Do I need to configure something different on the backend to get mobile/UWP clients working or do I need to look elsewhere?
Any help would be appreciated.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 21
Ran into this issue as well running the UWP project, after looking at the sample code with the sample tenant and looking at the PCA object I was able to find that the
RedirectUri
property on thePublicClientApplication
gets overridden from what you put in theUserDetailsClient\App.cs
. If you look in the UserDetailsClient.UWP/MainPage.cs you will see it gets overridden.If you copy that RedirectUri and add that to your B2C application ‘Custom Redirect URI’ along with the
msal<applicationID>://auth
from the directions and save it it should work.Thank you @jennyf19 .
@n8allan the sample has been fixed
@n8allan oh…i see. Thank you. We (MSAL .NET team) do not own that sample. Sorry you lost time on it. We will sync w/the sample owners and update. I opened an issue there, it’s linked below.
Also, @n8allan did you get any error messages or anything from MSAL? We have responses that should guide you to fixing issues like this, but if you were stuck for hours, then obviously we do not. Any suggestions you have to help make this more actionable for customers are much appreciated.
cc: @jmprieur - I’ll submit a PR to update their sample.
I wish I had seen that sample instead. This is the one I was referring to and as you can see it doesn’t have that critical line.
Not sure why this was closed when this remains a genuine problem with the ad b2c sample. .WithRedirectUri() should be added to the sample (when creating the AuthenticationClient) and associated documentation. Without this, the sample doesn’t work and unless someone stumbles on this issue, they’ll be hopelessly stuck (I was for hours).
@JPhilC @josuuribe @matgutschow @nalthoff @sellingerd @yschkatula @alessandro-avila @ajaykeshri
For UWP, you need to set the following in the Package.appxmanifest of the UWP app, in the Capabilities tab: -Enterprise Authentication -Private Networks (Client & Server) -Shared User Cert IWA not enabled by default because apps requesting the Enterprise Auth or Shared User Cert capabilities require a higher level of verification
For example:
See here for more details