Home > Blockchain >  Logging into Office365 using Microsoft.Identity.Client suddenly fails needing TLS 1.2
Logging into Office365 using Microsoft.Identity.Client suddenly fails needing TLS 1.2

Time:12-13

I have a desktop app that connects to Office365 to manage calendar entries. I updated it a year ago to use Microsoft Identity Client and that worked fine. Suddenly it has stopped working, I presume as a result of the phasing out of TLS 1.0 & 1.1. Here is the relevant code:

var pca = PublicClientApplicationBuilder
                            .Create(ConfigurationManager.AppSettings["appId"])
                            .WithTenantId(ConfigurationManager.AppSettings["tenantId"])
                            .Build();
            
                var ewsScopes = new string[] { "EWS.AccessAsUser.All" };
                 
                // Make the interactive token request - this will display the Office 365 login dialog
                var authResult = await pca.AcquireTokenInteractive(ewsScopes).ExecuteAsync();

The last line displays the Office365 login as expected but when I click to confirm the account to be used the code comes back with the following error:

You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD.

I have updated to the latest relevant software as follows: Updated Microsoft.Identity.Client to 4.48.1.0 Updated .NET Framework to 4.7.2 Updated Windows 10 Version 22H2 for 64 bit machines

I am still getting the same error. What am I missing?

CodePudding user response:

What you can try is set what TLS version(s) to use via the ServicePointManager. Using the following code you can force particular protocols:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;

You would set this prior to making your request(s).

The default value (starting at .Net 4.7 I believe) is to use the operating systems default value.

This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator. For information about which SSL/TLS protocols are enabled by default on each version of the Windows operating system

So you need to be careful when hardcoding the protocol type.

It could be worth checking the default TLS version in the registry of the server you have your application deployed to (just to see if older versions of TLS are set as default). If that's the case it might be because of some older software running on the server that isn't compatible with newer protocol versions.

  • Related