[Bug] Cannot use .WithUseEmbeddedWebView on net6-windows TFW

[A9G-Data-Droid]

Which version of MSAL.NET are you using?
MSAL.NET 4.42.0.0

Platform
net6-windows
Microsoft Visual Studio Community 2022 (64-bit) - Current Version 17.1.0
Windows 10 Pro 21H1 19043.1526

What authentication flow has the issue?

• Desktop / Mobile
  • Interactive

Other?

Is this a new or existing app?

c. This is a new app or experiment.

Repro

string[] scopes = new string[] {"user.read"};
var app = PublicClientApplicationBuilder.Create(clientId).Build();
AuthenticationResult result = await app.AcquireTokenInteractive(scopes)
        .WithUseEmbeddedWebView(true)
        .ExecuteAsync();

Expected behavior
I would expect the embedded login prompt to pop up.

Actual behavior
I get an unhandled Microsoft.Identity.Client.MsalClientException details below.

Possible solution
The error says that this feature is supported in net5-windows10.0.17763.0 so I would expect this same feature to exist in net6-windows

Additional context / logs / screenshots / links to code

Microsoft.Identity.Client.MsalClientException
  HResult=0x80131500
  Message=If you have a Windows application which targets net5 or net5-windows, please change the target to net5-windows10.0.17763.0, which provides support from Win7 to Win10. For details, see https://github.com/dotnet/designs/blob/main/accepted/2020/platform-checks/platform-checks.mdIf you have a cross-platform (Windows, Mac, Linux) application which targets net5, please dual target net5 and net5-windows10.0.17763.0.Your installer should deploy the net5 version on Mac and Linux and the net5-window10.0.17763.0 on Win7 - Win10.For details, see https://github.com/dotnet/designs/blob/main/accepted/2020/platform-checks/platform-checks.mdIf you have a .NET Core 3.1 app, please reference the NuGet package Microsoft.Identity.Client.Desktop and call the extension method .WithDesktopFeatures() first.For details, see https://aka.ms/msal-net-webview2 or use the system WebView - see https://aka.ms/msal-net-os-browser
  Source=Microsoft.Identity.Client
  StackTrace:
   at Microsoft.Identity.Client.Platforms.Shared.NetStdCore.NetCoreWebUIFactory.CreateAuthenticationDialog(CoreUIParent coreUIParent, WebViewPreference webViewPreference, RequestContext requestContext)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.CreateWebAuthenticationDialog()
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceVerifierAsync>d__4.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()

[bgavrilMS]

You need to use net6-windows10.0.177763.0. This does not mean that you restrict your app to running only on Win10. You can add <SupportedOSPlatformVersion>7</SupportedOSPlatformVersion> to support all the way down to Win7. MSAL will do the right thing.

[A9G-Data-Droid]

Thanks @bgavrilMS ! That did the trick. I've never had to add an OS version string to my TFW before. It's unintuitive. Is there any plan to make things work with the regular net6-windows target? Seems to me that if you have Windows, you know you can pop the embedded window.

Although now I'm just getting a blank window instead of the regular AzureAD login prompt:

[biwaresrl]

I've tried the suggested solution but I've got to the same point as @A9G-Data-Droid .

The only thing I can see more is that I logged an Exception after the ExecuteAsync() but before the blank window get shown:

System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Identity.Client.Platforms.Features.WebView2WebUi.WinFormsPanelWithWebView2.WebView2Control_CoreWebView2InitializationCompleted(Object sender, CoreWebView2InitializationCompletedEventArgs e)

I'm using net6-windows10.0.17763.0 as suggested

[A9G-Data-Droid]

Maybe this issue is not closed. I haven't been able to test the GUI window. I have been getting the token from the OS. The GUI will need to pop when the token expires.

[samusaran]

My main issue is that I could use the system browser, but if I fail to authenticate, or even just close the browser, the authentication process hangs without giving me any error, while the embedded view returns an exception that I can handle (like it did on .net framework 4.7.2).

[samusaran]

The issue seems to be here:

microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/Platforms/Features/WebView2WebUi/WinFormsPanelWithWebView2.cs

Line 236 in 001a6b3

_webView2.CoreWebView2.Settings.AreDefaultContextMenusEnabled = false;

because CoreWebView2 is null.

The WebView2 docs states that settings the Source property should be enough to set CoreWebView2 to something, but I see other people on stackoverflow stating that they needed to call EnsureCoreWebView2Async(CoreWebView2Environment).

I'll try to see if using that fixes the problem.

[bgavrilMS]

The recommendation is to use WAM, not embedded browser. Please see https://aka.ms/msal-net-wam

[bgavrilMS]

But still, we need to fix this null reference exception. If WebView2 cannot be initialized, we should fallback to WV1. Or remove WV2 support completely.

[bgavrilMS]

Since we do not expose WebView2 directly to customers, I propose we remove it completely. WebView1 is more stable as a fallback login mechanism, and WAM is the primary focus.

[bgavrilMS]

Proposal: Let's drop WebView2 and move it to a sample instead. It has this problem and also the device ID doesn't seem to get injected correctly by WAM into it. WebView1 seems to work better in satisfying the "Device is managed" CA policy.

[A9G-Data-Droid]

I'm confused. The official Microsoft recommendation is to stop using WebView and begin using WebView2. Don't you work for Microsoft?

FROM: https://docs.microsoft.com/en-us/windows/communitytoolkit/controls/wpf-winforms/webview

Note
WebView has been replaced by WebView2; therefore, you are advised to now use WebView2 instead. If you would like to give feedback directly for WebView2, you can do so here on the Edge repository.

[bgavrilMS]

@A9G-Data-Droid - I'm not advising you to use WebView1, I'm advising you to use WAM https://aka.ms/msal-net-wam which provides better security and has fewer such issues.

Feel free to use WebView2 in your own projects, the API is much better and HTML support are much better than WebView1.

[bgavrilMS]

MSAL now uses WebView1 for AAD authority, but continues to use WebView2 for B2C.

For the null ref exception, this would happen if WebView2 isn't initialized properly (by MSAL). Are you using it from a console app, a WinForms app or a WPF app? Are you calling AcquireTokenInteractive from UI thread or from background thread?

[samusaran]

I’m using it from a NET 6 WinForms app. I was calling it by a UI Thread, in Winforms control events. I’ve now transitioned to using WAM and it works better than before! Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows From: Bogdan ***@***.***> Sent: 15 April 2022 12:24 To: ***@***.***> Cc: Alessandro ***@***.***>; ***@***.***> Subject: Re: [AzureAD/microsoft-authentication-library-for-dotnet] [Bug] Cannot use `.WithUseEmbeddedWebView` on `net6-windows` TFW (Issue #3206) MSAL now uses WebView1 for AAD authority, but continues to use WebView2 for B2C. For the null ref exception, this would happen if WebView2 isn't initialized properly (by MSAL). Are you using it from a console app, a WinForms app or a WPF app? Are you calling AcquireTokenInteractive from UI thread or from background thread? — Reply to this email directly, view it on GitHub<#3206 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AACG7N5JCWO5VAW2VU6WQFTVFE7UNANCNFSM5P4C65MQ>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[A9G-Data-Droid]

Thanks @bgavrilMS
My project is a (.net6) library that can be called from any other project so that I can quickly add AAD authentication to any tool that may need it in the future. When running my unit tests, I guess that's a console app? (WAM is working silently and I never see the UI)

[bgavrilMS]

Yes, I think it's like a console app, i.e. there is no UI thread.

[bgavrilMS]

Please target net6-windows10.0.177763.0 to get embedded webview by default. Otherwise, for a pure net6 app, add a reference to Microsoft.identity.Client.Desktop package and add WithDesktopFeatures

[A9G-Data-Droid]

@bgavrilMS I just tested adding Microsoft.Identity.Client.Desktop (4.49.1) to my .net6 project and I get this error on compile:

Severity	Code	Description	Project	File	Line	Suppression State
Error	NETSDK1149	Microsoft.Identity.Client.Desktop.dll cannot be referenced because it uses built-in support for WinRT, which is no longer supported in .NET 5 and higher.  An updated version of the component supporting .NET 5 is needed. For more information, see https://aka.ms/netsdk1149	C:\Program Files\dotnet\sdk\7.0.101\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets	1027	

Related detail: https://learn.microsoft.com/en-us/dotnet/core/tools/sdk-errors/netsdk1149?f1url=%3FappId%3DDev16IDEF1%26l%3DEN-US%26k%3Dk(NETSDK1149)%26rd%3Dtrue

[bgavrilMS]

@A9G-Data-Droid - my bad- please edit your .csproj file and change the target framework from net6 or net6-windows to net6-windows10.0.17763.0. Do not reference Microsoft.identity.Client.Desktop

[A9G-Data-Droid]

Ok, that is working. My question remains about net6-windows10.0.177763.0: That's an arbitrary number that will be obsolete some day. When will this functionality be wrapped into net6-windows? This is something that people will actually target without reading this obscure issue.

[bgavrilMS]

Ah, it's not an random number, it represents a version of the Windows SDK. We won't introduce breaking changes.

net6-windows means - I target Windows, e.g. WinForms, Registry etc.
net6-windows10.0.177763.0 means - I target Windows, and want to use Windows SDK version 10.0.17763.0 and its associated APIs.

But we are actually planning to stop calling WIndows SDK and rely only on net6-windows - this will most likely be done as part of #3375

[rtheil-growlink]

Just adding to this... I have a .Net 7 WPF app where I has having this issue. Very simple change to 10.0.17763.0 and suddenly WebView2 shows up as a dependency for Identity.Client

[bgavrilMS]

Just adding to this... I have a .Net 7 WPF app where I has having this issue. Very simple change to 10.0.17763.0 and suddenly WebView2 shows up as a dependency for Identity.Client

Does that cause a problem for you @rtheil-growlink ? MSAL is in the business of popping up webviews...

[rtheil-growlink]

Sorry, maybe I was not clear? Could not get WebView2 to be utilized when trying to use Microsoft auth. Changing OS target solved the issue and allowed the WebView2 dependency to show up as part of Microsoft.Identity.Client, and allowing the in-app popup for MSA.