'Azure AD authentication with Username and Password and also have MFA
I implemented Azure AD Authentication using MSAL (RPOC) and .net 4.6.1 . I am able to authenticate the user if the user's MFA isn't enabled. If it is enabled then I receive an Error
**Microsoft.Identity.Client.MsalUiRequiredException: 'AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.**
This is the code I am using.
public async Task<string> ValidateUserAsync()
{
string authority = string.Format("https://login.microsoftonline.com/{0}", tenant);
string[] scopes = new string[] { "User.Read" };
IPublicClientApplication app;
app = PublicClientApplicationBuilder.Create(clientId)
.WithAuthority(authority)
.Build();
var securePassword = new SecureString();
foreach (char c in password.ToCharArray())
securePassword.AppendChar(c);
var result = await app.AcquireTokenByUsernamePassword(scopes, username, securePassword).ExecuteAsync();
return result.IdToken;
}
How do I implement MFA? Like receive sms of code and pass the same to this? I will be having my own UI to accept the code
Solution 1:[1]
You cannot. In order for user to do MFA, they must do it on the Microsoft login page. This is one of the limitations of the ROPC authentication flow. I recommend you use a different flow and do not collect the user password.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | juunas |