I have an ASP.NET MVC Core 2.2 application, that integrates with an Azure AD B2C to authenticate users. I can sign in correctly, and the user is authenticated.
I also have created an ASP.NET Core Web API which is also integrated with the Azure B2C AD, and the goal is to call that web api from an ASP.NET MVC controller action method. So in the MVC app I need to get the access token first. So I added the following test code in the controller of the MVC site:
if(HttpContext.User.Identity.IsAuthenticated){string signedInUserID =HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;TokenCache userTokenCache =newMSALSessionCache(signedInUserID,HttpContext).GetMsalCacheInstance();ConfidentialClientApplication cca =newConfidentialClientApplication(mgpPortalApplicationId, authority, redirectUri,newClientCredential(mgpPortalSecretKey), userTokenCache,null);IEnumerable<IAccount> accounts =await cca.GetAccountsAsync();IAccount firstAccount = accounts.FirstOrDefault();AuthenticationResult result =await cca.AcquireTokenSilentAsync(null, firstAccount, authority,false);HttpClient client =newHttpClient();HttpRequestMessage request =newHttpRequestMessage(HttpMethod.Get,"https://localhost:44307/api/values");
request.Headers.Authorization=newAuthenticationHeaderValue("Bearer", result.AccessToken);HttpResponseMessage response =await client.SendAsync(request);}The problem is that accounts.FirstOrDefault() gives
back null.
Additional observation: if I run the demo https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapp,
which uses an older Microsoft.Identity.Client version, then the call to cca.Users.FirstOrDefault() gives back a user correctly, and it all works ok. However,
when I upgrade this demo project to .NET Core 2.2 and Microsoft.Identity.Client 2.7, then I have to pass an IAccount and so I need to call GetAccountsAsync(),
and this returns no account.
Any idea?
I described this issue also here: https://stackoverflow.com/questions/54335269/get-access-token-in-web-site-integrated-with-azure-ad-b2c