none
Active Directory Authentication Library and File Token Cache

    Question

  • Hi

    We have some native applications that needs to be authenticated. We are using Azure Active Directory to authenticate users with their Active Directory accounts. 

    We have the application registered with Azure AD, installed and configured Active Directory Authentication Library (ADAL) and using ADAL to get tokens from Azure AD. We are using acquireTokenAsync method to get the token. We have TokenCache class extended to FileTokenCache as shown in some of the sample GitHub projects, with BeforeAccessNotification and AfterAccessNotification shown below. 

    private void AfterAccessNotification(TokenCacheNotificationArgs args) { // If ADAL access operation resulted in a cache update, need // to update cache data if (this.HasStateChanged) { // Lock the file, before any operation lock (fileLockObj) { // Write changes in the persistent store File.WriteAllBytes(cacheDataFilePath, ProtectedData.Protect(this.Serialize(), null, DataProtectionScope.CurrentUser)); // Restore the HasStateChanged bit to false this.HasStateChanged = false; } } }

            private void BeforeAccessNotification(TokenCacheNotificationArgs args)
            {
                // lock the cache data file, before file is deserialized
                lock (fileLockObj)
                {
                    this.Deserialize(File.Exists(cacheDataFilePath) ?
                        ProtectedData.Unprotect(File.ReadAllBytes
                        (cacheDataFilePath), null,
                        DataProtectionScope.CurrentUser) : null);
                }
            }


    When there is no token file saved, the authentication works well, meaning login prompt is displayed and the user is authenticated if a valid user name and password is typed in. If the token file is saved and the user has changed account credentials, the application does not prompt for the password. The PlatformParameters for acquireTokenAsync() is set to PromptBehaviour.Auto. Since the credentials are changed, we need to see the prompt.

    I am trying to understand why I don't see a login dialog. Even though I have cache data file, since credentials are changed, I am expecting the dialog to show up, but it is not. Any guidance is truly appreciated.

    Thanks,

    K














    Thursday, March 30, 2017 10:00 AM

All replies

  • Authentication prompt happens when the access token becomes invalid or is not present. Could it be that you are not waiting long enough for the access token to become invalid (usually 1h after its acquisition) to test your pwd change effect on prompting? When you do not use a cache and restart the application or delete the existing token, the credential prompt will happen since the access token is not present, whether or not you have changed the user password.
    Monday, April 3, 2017 4:03 PM
  • Yes, I did not wait long enough for the access token to become invalid to test after the password change. Thank you for your reply.

    Thanks,

    K

    Monday, May 15, 2017 10:00 AM