microsoft-authentication-library-for-dotnet: [Bug?] COMException calling PublicClientApplication.AcquireTokenSilentAsync

Which version of MSAL.NET are you using? MSAL.NET 4.45.0

Platform .NET 6.0

What authentication flow has the issue? WAM (not broker preview) Authorization code flow

Is this a new or existing app? Existing application. New scenario.

Repro Context: We have test engineer wanting to perform test automation.

User logs into Windows using a non-domain account. The application is then “run-as” a domain account. I’m told it is a service account.

First we call IPublicClientApplication.GetAccountsAsync() which returns a single item which is the service account.

We then call await IPublicClientApplication.AcquireTokenSilent(scopes, account) .ExecuteAsync() .ConfigureAwait(false);

Expected behavior I expected MSAL to throw a MSALUIRequiredException if interactive login was required. But I don’t know what to do with a COMException.

Actual behavior System.Runtime.InteropServices.COMException: 'A specified logon session does not exist. It may have already been terminated. (0x80070520)'

Additional context / logs / screenshots / links to code Checked the local security policy and found “Network access: Do not allow storage of passwords and credentials for network authentication” was disabled. So that isn’t the cause. But I don’t know what else might be.