Failing to authenticate windows live accounts Windows Azure AD

https://stackoverflow.com/questions/18849622

28-06-2022
|

Question

Users are created in azure AD for a native application that i built. I would like users to use their windows live ID if they have one, otherwise I would create an AD account for them.

AD accounts are able to login, but whenever a windows live account tries to login I get the following error message

No service namespace named 'timetray' was found in the data store.

I'm not sure what this means, what is the service namespace, or where can i find the datastore.

The name for the service namespace that i am using is the resource id uri for an application that I provisioned in the Active Directory

 private Uri redirectUri = new Uri("http://TimeTray");
    private string clientId = "{{Client-ID}}";
    private AuthenticationContext _authenticationContext;
    private string domainName = "common";
    private string resourceAppIdUri = "http://TimeTray";
    private string resourceBaseAddress = "http://timetray.azurohosted.com/";

    public void Authenticate(OnLoginComplete onLoginComplete)
    {
        CredManCache creds = new CredManCache();
        _authenticationContext = new AuthenticationContext("https://login.windows.net/" + domainName, creds);
        AuthenticationResult authenticationResult = _authenticationContext.AcquireToken(resourceAppIdUri, clientId, redirectUri);
       // _authenticationContext.AcquireToken(
        UserEntity user = new UserEntity();
        user.NTUserName = authenticationResult.UserInfo.UserId;
        user.SID = authenticationResult.UserInfo.UserId;
        onLoginComplete(user);
    }

Solution

I assume you are setting up ADAL with AAD.

When creating AuthenticationContext:

Instead of https://login.windows.net/" + domainName (common)

Try

https://login.windows.net/[Guid for the web api configured on your client in Azure AD]/FederationMetadata/2007-06/FederationMetadata.xml

In its data store, Azure will now look for service namespace [guid] instead of what is deferred from the login name "billy"@timetray.onmicrosoft.com.

See in MSDN sample http://code.msdn.microsoft.com/AAL-Native-Application-to-fd648dcf#content

It states "Set the authority to https://login.windows.net/common to defer choosing the AAD domain till the user signs in."

Also, use http://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/

I guess you also need to create users in Azure AD that are linked to existing Microsoft Accounts.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow