Skip to content
This repository has been archived by the owner on Jun 30, 2023. It is now read-only.

AcquireTokenSilentAsync using Integrated authentication on Windows (Kerberos)

Jump to bottom
Bogdan Gavril edited this page Jun 25, 2018 · 16 revisions

If you application runs on Windows (.NET Framework, Windows 8.1, UWP) on a machine which is either domain join, or AAD joined, and connected to the enterprise network (on premises, or through a VPN), it can benefit from another override of AcquireTokenSilent leveraging Windows Integrated Authentication (WIA). This uses Kerberos.

The code is really simple. you need to instanciate a UserCredential, and use the corresponding override of AcquireTokenAsync:

result = await context.AcquireTokenAsync(resource, clientId, new UserCredential());

Note that, sometimes, policies set by the administrators on machines do not enable the logged-in user to be looked-up. In that case you should use the constructor of ``UserCredential` passing the upn of the user as a parameter, instead of the default, parameter less constructor.

result = await context.AcquireTokenAsync(resource, clientId,
                                         new UserCredential("john@contoso.com"));

image

Note that this method is not available part of the AuthenticationContext class, but as an AcquireTokenAsync extension method of the AuthenticationContextIntegratedAuthExtensions class. This extension method takes as a parameter, in addition to the resource and clientId of the public client application an instance of UserCredential.

Samples illustrating the windows integrated authentication

Sample Description
active-directory-dotnet-native-headless A windows desktop program that demonstrates non-interactive authentication to Azure AD using a username & password and optionaly windows integrated authentication.

Getting started with ADAL.NET

Desktop/Mobile apps

Web apps/Web APIs/daemon apps

Advanced topics

News

Contribute

FAQ

Other resources

Log messages

Clone this wiki locally