How to prompt with the current Windows user's identity hint in ADAL AcquireToken
-
22-12-2019 - |
Pergunta
When using the ADAL client to perform federated login, the authenticationContext.AcquireToken(resourceUri, clientId, redirectUri, userId)
overload of AcquireToken
will not show the WindowsIdentity.Name
(i.e. Domain\User
as the login name, despite being able to authenticate with that style of user name. The MSDN documentation of AcquireToken does not mention any requirements related to the userId parameter.
What are the requirements to send a user Id prompt?
Solução
This AcquireToken
overload requires the user ID (login hint, once it's converted into an OAuth2 message under the abstraction) to be an email-formatted UPN.
System.DirectoryServices.AccountManagement.UserPrincipal.UserPrincipalName
is the most convenient route to the interactive ActiveDirectory user's UPN I've found so far. Notably, this isn't a claim on the default WindowsIdentity
ClaimsIdentity
.