Fixing issue “AADSTS70005” by enabling the implicit authentication flow for your Azure AD app

Azure Active Directory (Azure AD)

While either developing or just trying to use an application that authenticates against Azure AD, you might get an error message that contains error code “AADSTS70005“. This means that you’re trying to use implicit authentication flow, but it isn’t allowed for your app. If you have access to the Azure AD you’re authentication against, it’s easy to fix! See more below…

Reason

You might get an error, somewhat like this:

AADSTS70005: response_type 'token' is not supported for the application Trace ID: <Guid_1> Correlation ID: <Guid_2> Timestamp...

This is returned by your Azure AD instance, as it doesn’t allow the use of implicit OAuth2 authentication flow for the application id you’re using.

Solution: Enable the Implicit Authentication Flow

Okay, luckily the fix is going to be easy. You can resolve the issue by enabling the implicit authentication flow for OAuth2. There’s actually no switch in GUI for this – you’ll have to edit the manifest of your registered Azure AD application yourself. Follow these steps: Continue reading

How to fix AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.

SOLVE ALL THE ERRORS!

Have you run into the cryptical “AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.” error? I have. This post will tell you how to fix it.

How to fix AADSTS50059?

I encountered this error while trying to reload a page with some JavaScript that authenticates against Graph API. It completely blocks the functionality, as it redirects the user to login page. Luckily, at least in my case, this was easily fixed! Your error might look something like this:

Request Id: <guid>
Correlation Id: <guid>
Timestamp: 2018-04-27T20:58:36Z
Message: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.

Okay – so the error claims Azure AD fails to recognize your tenant, as the request or provided credentials didn’t provide that. But is that even true?  Continue reading

4 ways to fix error AADSTS65001 (The user or administrator has not consented to use the application)

Azure AD Login error

Fixing issues with Azure AD authentication for Enterprise applications can be tricky. This article contains multiple different fixes to an issue, where granting admin consent has somehow failed. Not all of the different solutions will work for all situations, though! That’s why I included a couple of different options to try… 🙂

Why do you even get issues with Admin Consent (like AADSTS65001)?

Imagine this: You’re trying to add or use an app, but the requires such permissions from your tenant, that only an administrator can grant. Typically to add this kind of an app, you’ll have to be a global administrator.

This is when an admin consent is required for the usage of the app – and if that hasn’t been granted, you’ll get errors about administrators not having consented to the use of the app you’re accessing.

Additionally, just to make the investigation just a bit more complicated, if it’s an enterprise application, it could also be in an invalid state after someone tried adding the app without sufficient permissions.

I’ve been investigating a lot of these issues in relation to organizations using a mobile app, which the customer has been deploying as an enterprise application. Most of the things should apply for web-based apps or console programs or whatever else you’re deploying, too – especially if they’re enterprise applications in Azure AD!

The whole error might look something like this: Continue reading

New version of Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL.NET) is out – good time to update!

Mock Function call to force loading an assembly - how elegant!

There’s now a new version of the assembly Microsoft.IdentityModel.Clients.ActiveDirectory available – plenty of reasons to update right away! Let me offer you one hot take on the matter since the earlier 3.x -versions of the package had some issues.

Why bother updating?

In an earlier post I described an issue I had with Microsoft.IdentityModel.Clients.ActiveDirectory.Platform not getting copied during the build in a referencing project. In 3.17.0, which the developers published this month, they fixed the issue! The new package actually contains separate DLLs for different platforms.

In essence this means, that from C#/.NET -developer’s standing point, the team has assimilated the Microsoft.IdentityModel.Clients.ActiveDirectory.Platform assembly, among other platform DLLs, into Microsoft.IdentityModel.Clients.ActiveDirectory package itself. Hence, you’ll need no more funky hacks to ensure, that Visual Studio will end up copying the DLLs during the build! 🙂

What’s new with Microsoft.IdentityModel.Clients.ActiveDirectory 3.17?

Continue reading

A quick (and handy!) hack to force referenced assembly to getting copied to a project

Mock Function call to force loading an assembly - how elegant!

Visual Studio failing to copy a referenced assembly to a project in build might lead to surprising runtime errors. This post will explain one method of fixing these issues, using Microsoft.IdentityModel.Clients.ActiveDirectory as the example – as earlier versions of that assembly had this issue!

Problem

After build, you might get this kind of error:

Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.13.1.846, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. 

System.IO.FileNotFoundException at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.Assembly.Load(AssemblyName assemblyRef) at Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformPlugin.LoadPlatformSpecificAssembly()

In my case, I had referenced both of these DLLs in my “class library project”, which provided my console program a lot of functionality:

  • Microsoft.IdentityModel.Clients.ActiveDirectory.Platform
  • Microsoft.IdentityModel.Clients.ActiveDirectory

Continue reading