I am trying to integrate our application a regular .net desktop service that runs in the user context with ADFS, and a Web API. The user is a domain user and this is a regular AD environment. The MVC aspect of the website are working well with the browser.
I am on ADAL3(VS2017), windows server 2016, I referred this link [ADFS SSO CloudIdentity] am able to use UserCredentialPassword to get a token successfully and call into my Web API, I just followed the steps and changed things to async.
However using the logged on credential bit where a new UserCredential() should indicate to call to get the token from current thread doesn't work at all for me, on ADAL 2, I am getting null pointer exception and on ADAL3 I get
MSIS7065: There are no registered protocol handlers on path /adfs/oauth2/token to process the incoming request.
I did see a similar query on SO but based on my understanding the OP there is falling back on browser based behaviour.
Falling back at browser based auth (with Promptbehaviour.never) based behaviour is undesired because I have seen a lot of config issues on customer site where even with the relevant settings enabled the browser was assuming it to be an internet site and logging in fails.
Code for reference
string authority = "https://adfs.domain.com/adfs";
string resourceURI = "https://local.ip:44325";
string clientID = "19cda707-b1bf-48a1-b4ac-a7df00e1a689";
AuthenticationContext ac = new AuthenticationContext(authority, false);
// I expect that the user's credential are picked up here.
AuthenticationResult authResult =
await ac.AcquireTokenAsync(resourceURI, clientID,
new UserCredential());
string authHeader = authResult.CreateAuthorizationHeader();
var client = new HttpClient();
var request = new HttpRequestMessage( HttpMethod.Get,
"https://local.ip:44325/api/values");
request.Headers.TryAddWithoutValidation( "Authorization", authHeader);
var response = await client.SendAsync(request);
string responseString = await response.Content.ReadAsStringAsync();
The call fails in acquiretokenasync.
