| title | description |
|---|---|
Known issues with MSAL.NET |
Troubleshoot MSAL.NET with our guide on known issues, including device compliance failures, AndroidActivityNotFound exceptions, and build issues. |
MSAL throws a few types of exceptions, please see Exceptions.
Please read the guide on High Availability.
Users are unable to login interactively and a "Device is not compliant" error is shown when:
- The tenant admin has enabled the "Require device to be marked as compliant" Conditional Access policy
- The app is invoking public client flows (i.e. rich client apps, not web sites)
- The app is using the embedded browser control available in ADAL or MSAL (this is the default for .NET Framework apps)
- The recommended approach is to use WAM.
- You can also configure MSAL to use the system (default OS) browser. Details in Using web browsers (MSAL.NET). Both Microsoft Edge and Chrome browsers are able to satisfy the device policy.
- If using ADAL, migrate to MSAL. There is no mitigation for ADAL.
On Android, an AndroidActivityNotFound exception is thrown when the device does not have a browser with tabs. See Xamarin Android system browser considerations for using MSAL.NET
Please see Xamarin iOS Considerations.
On a Desktop app, a StateMismatchError exception is thrown when the using a long Facebook ID (via B2C) in conjunction with the embedded browser.
For more details, please refer to our documentation.
Behavior: an error similar to Microsoft.Windows.SDK.Contracts.targets(4,5): error : Must use PackageReference is thrown
Starting with version 4.23, MSAL references Microsoft.Windows.SDK.Contracts. NuGet can only resolve this reference if the application consuming MSAL references it as <PackageReference> and not via the legacy packages.config mechanism. See #2247 for details on how to fix this.