AcquireTokenSilentAsync using Integrated authentication on Windows (Kerberos)
If you application runs on Windows (.NET Framework, Windows 8.1, UWP) on a machine which is either domain join, or AAD joint, and connected to the enterprise network (on premises, or through a VPN), it can benefit from another override of AcquireTokenSilent leveraging Windows Integrated Authentication (WIA). This uses Kerberos.
The code is really simple. you need to instanciate a UserCredential, and use the corresponding override of AcquireTokenAsync:
result = await context.AcquireTokenAsync(resource, clientId, new UserCredential());Note that, sometimes, policies set by the administrators on machines do not enable the logged-in user to be looked-up. In that case you should use the constructor of ``UserCredential` passing the upn of the user as a parameter, instead of the default, parameter less constructor.
result = await context.AcquireTokenAsync(resource, clientId,
new UserCredential("john@contoso.com"));
Note that this method is not available part of the
AuthenticationContextclass, but as anAcquireTokenAsyncextension method of theAuthenticationContextIntegratedAuthExtensionsclass. This extension method takes as a parameter, in addition to the resource and clientId of the public client application an instance ofUserCredential.
| Sample | Description |
|---|---|
| active-directory-dotnet-native-headless | A windows desktop program that demonstrates non-interactive authentication to Azure AD using a username & password and optionaly windows integrated authentication. |