Skip to content

Duplicated logs of MsalUiRequiredException #3528

Description

@Kumima

Code

authenticationResult = await GetAuthenticationResultForWebAppWithAccountFromCacheAsync(
application,
user,
scopes,
tenantId,
mergedOptions,
userFlow,
tokenAcquisitionOptions)
.ConfigureAwait(false);
LogAuthResult(authenticationResult);
return authenticationResult;
}
catch (MsalServiceException exMsal) when (IsInvalidClientCertificateOrSignedAssertionError(exMsal))
{
NotifyCertificateSelection(mergedOptions, application, CerticateObserverAction.Deselected, exMsal);
DefaultCertificateLoader.ResetCertificates(mergedOptions.ClientCredentials);
_applicationsByAuthorityClientId[GetApplicationKey(mergedOptions)] = null;
// Retry
_retryClientCertificate = true;
return await GetAuthenticationResultForUserAsync(
scopes,
authenticationScheme: authenticationScheme,
tenantId: tenantId,
userFlow: userFlow,
user: user,
tokenAcquisitionOptions: tokenAcquisitionOptions).ConfigureAwait(false);
}
catch (MsalUiRequiredException ex)
{
// GetAccessTokenForUserAsync is an abstraction that can be called from a web app or a web API
Logger.TokenAcquisitionError(_logger, ex.Message, ex);
// Case of the web app: we let the MsalUiRequiredException be caught by the
// AuthorizeForScopesAttribute exception filter so that the user can consent, do 2FA, etc ...
throw new MicrosoftIdentityWebChallengeUserException(ex, scopes.ToArray(), userFlow);
}
finally
{
_retryClientCertificate = false;
}

Issue

When meeting MsalUiRequiredException, there will be two logs:

fail: Microsoft.Identity.Web.TokenAcquisition[0]
      False MSAL 4.77.1.0 MSAL.NetCore .NET 10.0.0-rc.1.25451.107 Microsoft Windows 10.0.26220 [2025-10-07 15:40:51Z] Exception type: Microsoft.Identity.Client.MsalUiRequiredException
      , ErrorCode: user_null
      HTTP StatusCode 0
      CorrelationId 00000000-0000-0000-0000-000000000000
      To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
         at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
      
info: Microsoft.Identity.Web.TokenAcquisition[300]
      [MsIdWeb] An error occured during token acquisition: No account or login hint was passed to the AcquireTokenSilent call. 
      MSAL.NetCore.4.77.1.0.MsalUiRequiredException:
      	ErrorCode: user_null
      Microsoft.Identity.Client.MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call. 
         at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenSilentParameters silentParameters, CancellationToken cancellationToken)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForWebAppWithAccountFromCacheAsync(IConfidentialClientApplication application, ClaimsPrincipal claimsPrincipal, IEnumerable`1 scopes, String tenantId, MergedOptions mergedOptions, String userFlow, TokenAcquisitionOptions tokenAcquisitionOptions)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable`1 scopes, String authenticationScheme, String tenantId, String userFlow, ClaimsPrincipal user, TokenAcquisitionOptions tokenAcquisitionOptions)
	StatusCode: 0 
	ResponseBody:  
	Headers: 

I think the error level on is from MSAL.NET. But the exception has been caught and wrapped. Is there a way to eliminate error level log for this situation? Or it will bring lots of unwanted error level logs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions