-
Notifications
You must be signed in to change notification settings - Fork 378
Region Discovery Troubleshooting
Feature available from 4.21.1 as an experimental feature. To use this feature there is additional configuration required and is not available to use generally. There can be changes to this API in future as we are taking feedback and updating it based on that. To make sure you have the latest updates to this API use the latest MSAL version.
App developers using MSAL don’t need to be aware of the regional endpoints when running their app on Azure. The WithAzureRegion(bool autoDetectRegion) method provides a developer friendly approach to opt in to use reginal endpoints which will be auto detected by MSAL.
app = ConfidentialClientApplicationBuilder.Create(“client_id”)
.WithCertificate(certificate)
.WithExperimentalFeatures(true)
.WithAuthority(new Uri("https://login.microsoft.com/1234-5678”))
.Build();
var result = app.AcquireTokenForClient(scopes)
.WithPreferredAzureRegion(
useAzureRegion: true, // Set to true to opt in to auto region discovery
regionUsedIfAutoDetectFails: "", // Set the region where the service is deployed if known
fallbackToGlobal: true).ExecuteAsync(); // Set to true in case you want to use global endpoint in case region detection failsNote: To enable Auto detection of region WithExperimentalFeatures should be set to true. If it is not set, the following exception is thrown:
The API WithAzureRegion is marked as experimental and you should be mindful about using it in production. It may change without incrementing the major version of the library. Call .WithExperimentalFeatures() when creating the public / confidential client to bypass this. See https://aka.ms/msal-net-experimental-features for details.
In case you get the following exception:
MsalClientException: ErrorCode: region_discovery_failed
Microsoft.Identity.Client.MsalClientException: Region discovery for the instance failed. Region discovery can only be made if the service resides in Azure function or Azure VM and **fallbackToGlobal** is set to false. MSAL cannot detect the region in case the service is deployed on Azure cloud services. Make sure to either provide region if known using **regionUsedIfAutoDetectFails**.
The region can only be detected when the service is running either in Azure function where the region can be found in Environment variable. Or the service is running inside an Azure VM for which a call to Local IMDS is made to detect the region. The above exception comes when region could not be discovered from either way mentioned above.
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Maui Docs
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- High Availability
- Regional
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code