0

I am implementing MSAL.NET on my asp.net core api.

Below is my example code. It works perfectly fine when I run it on my local machine. The login from MSAL popups.

var app = PublicClientApplicationBuilder.Create(clientId)
  .WithDefaultRedirectUri()
  .WithTenantId(tenantId)
  .Build();

var result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();

When I deploy it on Azure Virtual Machine. The Login from MSAL doesn't popup and it will always in pending state. I check the event logs and it gives me this error logs below:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3480A401-BDE9-4407-BC02-798A866A****}
 and APPID
{30AD8C8E-AE85-42FA-B9E8-7E99E3DF****}
 to the user IIS APPPOOL\DefaultAppPool SID (S-1-5-82-3713467212-4047885013-3661040889-683609825-2140) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

enter image description here

Any idea what should I do?

Anthony Earl R. Cuartero
  • 155
  • 4
  • 16

1 Answers1

0

try with this solution

1) Open the registry editor as an administrator and navigate to HKEY_CLASSES_ROOT\CLSID Or APP ID. There is the APPID as a value. Remember the application name, you can see in the Data column, the corresponding Name column shows (Default).

2) On the left pane: Right-click on the APPID key and select Permissions:

enter image description here

3) on Permissions window, click Advanced. click Change and type your administrator account. Then click OK.

enter image description here

4) double-click to open Administrators entry. Select the Full Control checkbox in order to give full permissions to Administrators and press OK .

enter image description here

5) Then Modify the permission on the COM Server application .Open the component service and Simultaneously open the dcomcnfg

6) Expand Component Services -> Computers -> My Computer -> DCOM Config.From View menu choose Detail.

7) Right-click on the APPID name (e.g. in "PerAppRuntimeBroker" in this example) and select Properties.

enter image description here

8) select the Security tab, click Edit on Launch & Activation Permissions

enter image description here

9) Click the name that applies to you and click the appropriate permission.

For more details refer this documents:

  1. https://www.wintips.org/fix-application-specific-permission-settings-do-not-grant-local-activation-permission-for-com-server-application/#image

  2. The application-specific permission settings do not grant Local Activation permission

ShrutiJoshi-MT
  • 1,622
  • 1
  • 4
  • 9