AAD B2C is definitely an interesting approach to simplify dealing with various cloud identities. However, we should not forget, that working with security is always complex and can be very wired. In this post I will describe one example.
Let’s assume, we want to perform a sign in operation from some application. In my case this is WPF application. It means it is running on Windows in .NET Desktop framework.
To sign-in, I use following code, which use MSAL API:
var authResult = await App.PublicClientApp.AcquireTokenAsync(App.ApiScopes, GetUserByPolicy(App.PublicClientApp.Users, “BLABLA”), UIBehavior.SelectAccount, string.Empty, null, App.Authority);
| This code will fail with following error, because the policy “BLABLA” does not exist. | System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type Microsoft.Identity.Client.Internal.OAuth2.TokenResponse. Encountered unexpected character '<'. ---> System.Xml.XmlException: Encountered unexpected character '<'. If you trace HTTP traffic, you will find more information behind this error:
<h2>404 - File or directory not found.</h2>
<h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> | | | | |
This means, that error 404 will happen if you specify the policy which does not exist, at least.
Posted
Aug 07 2017, 07:35 AM
by
Damir Dobric