'Azure AD Acquire Token silent From web job

I'm trying to authenticate with Azure AD from windows service, so i tried to get access token using MSAL.NET library with acquiretokenbyIntegratedWindowsauth and it's working good on prem. The intention is to migrate this windows service to azure web jobs, I challenging to get token that contains onPremisesSamAccountName claim silently from Azure AD without providing username and password.

Any help or workaround to get the token in this way.



Solution 1:[1]

Azure WebJobs won't allow usage of integrated Windows authentication. There are two ways to get a token with user info from a background service:

  1. Refresh token authentication (requires bootstrapping)
  2. ROPC flow (username-password)

The first option's advantage is that no username or password needs to be stored. But it requires that you have a bootstrapping process where the user signs in, a refresh token is acquired and stored somewhere where the background worker can get it. The WebJob could then use that to get a token whenever it needs one. The disadvantage of the first option is that it's more complex and the refresh token can expire, requiring bootstrapping it again.

The second option you might be aware of already as you mentioned not wanting to use username and password. The advantage is that this approach is simpler, but it comes with that downside of storing a password. Also the user account cannot have MFA turned on.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 juunas