Get error: “Password is required for managed user” when authenticating user with ADAL Library












1














Try to run the project of active-directory-dotnet-native-headless, it works when acquiring token with username password. But failed and throw exception when acquiring token with Windows Integrated auth(WIA) as below:



            //UserCredential uc = TextualPrompt();

            // if you want to use Windows integrated auth, comment the line above and uncomment the one below

            UserCredential uc = new UserCredential();

            try

            {

                result = authContext.AcquireTokenAsync(todoListResourceId, clientId, uc).Result;

            }

            catch (Exception ee)

            {

                ShowError(ee);

                return;

            }


The error is:




An unexpected error occurred. Message: One or more errors occurred.
Inner Exception : password_required_for_managed_user: Password is
required for managed user




The PC to run the program has joined AD, the user to run the program is also domain user. OS is windows 10.



Is there any further configuration need to be done on AAD to make it work?






.net azure-active-directory adal wia







share|improve this question






















  • You can't mix and match. Windows integrated authentication will never work for cloud (Azure AD). The fact that you are on a AD joined computer does not change the situation much. Azure AD only talks modern protocols - OpenID Connect, OAuth, not so m8dern - ws-federation and to some extend SAML. None of them is compatible with kerberos/ntlm, without additional work. Use app wothout windows integrated and find appropriate sample to work on.
    – astaykov
    Jun 19 '18 at 7:09
















1














Try to run the project of active-directory-dotnet-native-headless, it works when acquiring token with username password. But failed and throw exception when acquiring token with Windows Integrated auth(WIA) as below:



            //UserCredential uc = TextualPrompt();

            // if you want to use Windows integrated auth, comment the line above and uncomment the one below

            UserCredential uc = new UserCredential();

            try

            {

                result = authContext.AcquireTokenAsync(todoListResourceId, clientId, uc).Result;

            }

            catch (Exception ee)

            {

                ShowError(ee);

                return;

            }


The error is:




An unexpected error occurred. Message: One or more errors occurred.
Inner Exception : password_required_for_managed_user: Password is
required for managed user




The PC to run the program has joined AD, the user to run the program is also domain user. OS is windows 10.



Is there any further configuration need to be done on AAD to make it work?






.net azure-active-directory adal wia







share|improve this question






















  • You can't mix and match. Windows integrated authentication will never work for cloud (Azure AD). The fact that you are on a AD joined computer does not change the situation much. Azure AD only talks modern protocols - OpenID Connect, OAuth, not so m8dern - ws-federation and to some extend SAML. None of them is compatible with kerberos/ntlm, without additional work. Use app wothout windows integrated and find appropriate sample to work on.
    – astaykov
    Jun 19 '18 at 7:09














1












1








1







Try to run the project of active-directory-dotnet-native-headless, it works when acquiring token with username password. But failed and throw exception when acquiring token with Windows Integrated auth(WIA) as below:



            //UserCredential uc = TextualPrompt();

            // if you want to use Windows integrated auth, comment the line above and uncomment the one below

            UserCredential uc = new UserCredential();

            try

            {

                result = authContext.AcquireTokenAsync(todoListResourceId, clientId, uc).Result;

            }

            catch (Exception ee)

            {

                ShowError(ee);

                return;

            }


The error is:




An unexpected error occurred. Message: One or more errors occurred.
Inner Exception : password_required_for_managed_user: Password is
required for managed user




The PC to run the program has joined AD, the user to run the program is also domain user. OS is windows 10.



Is there any further configuration need to be done on AAD to make it work?






.net azure-active-directory adal wia







share|improve this question













Try to run the project of active-directory-dotnet-native-headless, it works when acquiring token with username password. But failed and throw exception when acquiring token with Windows Integrated auth(WIA) as below:



            //UserCredential uc = TextualPrompt();

            // if you want to use Windows integrated auth, comment the line above and uncomment the one below

            UserCredential uc = new UserCredential();

            try

            {

                result = authContext.AcquireTokenAsync(todoListResourceId, clientId, uc).Result;

            }

            catch (Exception ee)

            {

                ShowError(ee);

                return;

            }


The error is:




An unexpected error occurred. Message: One or more errors occurred.
Inner Exception : password_required_for_managed_user: Password is
required for managed user




The PC to run the program has joined AD, the user to run the program is also domain user. OS is windows 10.



Is there any further configuration need to be done on AAD to make it work?






.net azure-active-directory adal wia




.net azure-active-directory adal wia






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jun 19 '18 at 0:28









JamesJames

61




61












  • You can't mix and match. Windows integrated authentication will never work for cloud (Azure AD). The fact that you are on a AD joined computer does not change the situation much. Azure AD only talks modern protocols - OpenID Connect, OAuth, not so m8dern - ws-federation and to some extend SAML. None of them is compatible with kerberos/ntlm, without additional work. Use app wothout windows integrated and find appropriate sample to work on.
    – astaykov
    Jun 19 '18 at 7:09


















  • You can't mix and match. Windows integrated authentication will never work for cloud (Azure AD). The fact that you are on a AD joined computer does not change the situation much. Azure AD only talks modern protocols - OpenID Connect, OAuth, not so m8dern - ws-federation and to some extend SAML. None of them is compatible with kerberos/ntlm, without additional work. Use app wothout windows integrated and find appropriate sample to work on.
    – astaykov
    Jun 19 '18 at 7:09
















You can't mix and match. Windows integrated authentication will never work for cloud (Azure AD). The fact that you are on a AD joined computer does not change the situation much. Azure AD only talks modern protocols - OpenID Connect, OAuth, not so m8dern - ws-federation and to some extend SAML. None of them is compatible with kerberos/ntlm, without additional work. Use app wothout windows integrated and find appropriate sample to work on.
– astaykov
Jun 19 '18 at 7:09




You can't mix and match. Windows integrated authentication will never work for cloud (Azure AD). The fact that you are on a AD joined computer does not change the situation much. Azure AD only talks modern protocols - OpenID Connect, OAuth, not so m8dern - ws-federation and to some extend SAML. None of them is compatible with kerberos/ntlm, without additional work. Use app wothout windows integrated and find appropriate sample to work on.
– astaykov
Jun 19 '18 at 7:09












1 Answer
1






active

oldest

votes


















0














You get this strange exception for a "managed" user when doing an Integrated Windows Auth (IWA) flow. Managed users are those created in AAD without an AD backing. IWA is based on an old protocol that works by calling some apis on the AD server. Since there is no AD server, we can't enable this flow.



I've updated the error messages on ADAL and MSAL and added details to the docs.






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f50919092%2fget-error-password-is-required-for-managed-user-when-authenticating-user-with%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You get this strange exception for a "managed" user when doing an Integrated Windows Auth (IWA) flow. Managed users are those created in AAD without an AD backing. IWA is based on an old protocol that works by calling some apis on the AD server. Since there is no AD server, we can't enable this flow.



    I've updated the error messages on ADAL and MSAL and added details to the docs.






    share|improve this answer


























      0














      You get this strange exception for a "managed" user when doing an Integrated Windows Auth (IWA) flow. Managed users are those created in AAD without an AD backing. IWA is based on an old protocol that works by calling some apis on the AD server. Since there is no AD server, we can't enable this flow.



      I've updated the error messages on ADAL and MSAL and added details to the docs.






      share|improve this answer
























        0












        0








        0






        You get this strange exception for a "managed" user when doing an Integrated Windows Auth (IWA) flow. Managed users are those created in AAD without an AD backing. IWA is based on an old protocol that works by calling some apis on the AD server. Since there is no AD server, we can't enable this flow.



        I've updated the error messages on ADAL and MSAL and added details to the docs.






        share|improve this answer












        You get this strange exception for a "managed" user when doing an Integrated Windows Auth (IWA) flow. Managed users are those created in AAD without an AD backing. IWA is based on an old protocol that works by calling some apis on the AD server. Since there is no AD server, we can't enable this flow.



        I've updated the error messages on ADAL and MSAL and added details to the docs.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 21 '18 at 18:17









        Bogdan Gavril MSFTBogdan Gavril MSFT

        11k84668




        11k84668






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f50919092%2fget-error-password-is-required-for-managed-user-when-authenticating-user-with%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Feedback on college project

            Image
            5 0 $begingroup$ I would appreciate some feedback regarding best practices on the following code for a college project. What should go in the controller and what in the views? How to attach and remove the views to the single main frame? Change the Controller after successful login? Studentenverwaltung.java package com.studentenverwaltung; import com.studentenverwaltung.controller.LoginController; import com.studentenverwaltung.model.User; import com.studentenverwaltung.view.LoginView; import javax.swing.*; import java.awt.*; class Studentenverwaltung implements Runnable { public static void main(String args) { EventQueue.invokeLater(new Studentenverwaltung()); } @Override public void run() { User user = new User(); LoginView loginView = new LoginView(u...
            Read more

            Futebolista

            Image
            Ronaldo primeiro jogador a ser eleito por três vezes o melhor jogador do mundo pela FIFA. Ronaldinho Gaúcho atuando pelo Barcelona onde foi duas vezes eleito o melhor jogador do mundo pela FIFA. Kaká atuando pelo Milan onde foi eleito em 2007 o melhor jogador do mundo pela FIFA. Lothar Matthäus primeiro jogador a ser eleito o melhor jogador do mundo pela FIFA em 1991 pela Inter de Milão. Neymar durante partida contra a Escócia, em 27 de março de 2011. Crianças praticando futebol. Robinho, futebolista brasileiro, em 15 de novembro de 2006. Atletas do Chelsea, da Inglaterra. A venda de camisas com nome e número dos jogadores é uma grande fonte de arrecadação. Jürgen Klinsmann atuou como jogador e foi treinador da Alemanha. Estádio de futebol, principal local onde laboram os jogadores. O jogador de futebol , ou Futebolista , é um atleta profissional de futebol, e cuja prática do desporto coletivo é fundamental. Estes trabalhadores sã...
            Read more

            Albești (Vaslui)

            Image
            Coordenadas: 46 42 ºN 27 33 ° L Albeşti      Comuna    Região histórica Moldávia Distrito Vaslui Área  - Total 59,10 km² População (2007)  - Total 3 303     • Densidade 55,9 hab./km² Sítio www.albesti.ro/ Albeşti é uma comuna romena localizada no distrito de Vaslui, na região de Moldávia. A comuna possui uma área de 59.10 km² e sua população era de 3303 habitantes segundo o censo de 2007. [ 1 ] Referências ↑ «População em 1 de janeiro de 2009». INSSE   Distrito de Vaslui da Romênia Municípios Vaslui | Bârlad | Huşi Cidades Murgeni | Negreşti Comunas Albeşti | Alexandru Vlahuţă | Arsura | Banca | Băcani | Băceşti | Bălteni | Berezeni | Blăgeşti | Bogdana | Bogdăneşti | Bogdăniţa | Boţeşti | Buneşti-Avereşti | Ciocani | Codăeşti | Coroieşti | Costeşti | Cozmeşti | Creţeşti | Dăneşti | Deleni | Deleşti | Dimitrie Cantemir | Dodeşti | Dragomireşti...
            Read more