ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-600 All Questions

View all questions & answers for the MS-600 exam
Go to Exam

Exam MS-600 topic 1 question 7 discussion

Actual exam question from Microsoft's MS-600
Question #: 7
Topic #: 1
[All MS-600 Questions]

You develop a web API named WebApi1.
When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException exception from Azure Active Directory (Azure AD).
You need to formulate the response that WebApi1 will return to the client application.
Which HTTP response should you send?

  • A. HTTP 307 Temporary Redirect
  • B. HTTP 400 Bad Request
  • C. HTTP 403 Forbidden
  • D. HTTP 412 Precondition Failed
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
The HyperText Transfer Protocol (HTTP) 412 Precondition Failed client error response code indicates that access to the target resource has been denied. This happens with conditional requests on methods other than GET or HEAD when the condition defined by the If-Unmodified-Since or If-None-Match headers is not fulfilled. In that case, the request, usually an upload or a modification of a resource, cannot be made and this error response is sent back.

MsalUiRequiredException -
The "Ui Required" is proposed as a specialization of MsalServiceException named MsalUiRequiredException. This means you have attempted to use a non- interactive method of acquiring a token (e.g. AcquireTokenSilent), but MSAL could not do it silently. this can be because:
✑ you need to sign-in
✑ you need to consent
✑ you need to go through a multi-factor authentication experience.
The remediation is to call AcquireTokenInteractive
try
{
app.AcquireTokenXXX(scopes, account)
.WithYYYY(...)
.ExecuteAsync()
}
catch(MsalUiRequiredException ex)
{
app.AcquireTokenInteractive(scopes)
.WithAccount(account)
.WithClaims(ex.Claims)
.ExcecuteAsync();
}
Incorrect Answers:
A: A 307 Temporary Redirect message is an HTTP response status code indicating that the requested resource has been temporarily moved to another URI , as indicated by the special Location header returned within the response
B: The 400 Bad Request Error is an HTTP response status code that indicates that the server was unable to process the request sent by the client due to invalid syntax.
C: The 403 Forbidden Error happens when the web page (or other resource) that you're trying to open in your web browser is a resource that you're not allowed to access.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/exceptions
by bilnurbk at May 20, 2021, 10:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DevEllie
11 months, 4 weeks ago
If a web API receives a MsalUiRequiredException exception from Azure Active Directory (Azure AD) while trying to validate a token received from a client application, the error code that is typically thrown is AADSTS65001. The AADSTS65001 error code indicates that the user needs to provide additional authentication to complete the request. This exception is commonly thrown when the token received by the web API is missing required claims, expired, or is not valid for the requested resource. When this exception occurs, it means that the token validation process failed due to the token being incomplete or invalid. The web API can respond to this exception by returning an appropriate HTTP status code, such as 401 Unauthorized or 403 Forbidden, to indicate that the user needs to provide valid authentication or additional authorization to access the requested resource. So, I will go for 403 as the answer
upvoted 1 times
...
lknr
1 year, 5 months ago
"A. HTTP 307 Temporary Redirect" is better option in my opinion as you need to redirect user to auth page in case of mentioned error
upvoted 1 times
...
mmdcert
2 years, 4 months ago
The correct answer should most probably be "HTTP 401 Unauthorized": "If MsalUIRequiredException is thrown, it is an indication that an interactive flow needs to happen for the user to resolve the issue. In public client apps such as desktop and mobile app, this is resolved by calling AcquireTokenInteractive which displays a browser. In confidential client apps, web apps should redirect the user to the authorization page, and web APIs should return an HTTP status code and header indicative of the authentication failure (401 Unauthorized and a WWW-Authenticate header)." https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-error-handling-dotnet#error-handling-in-msalnet If there were only these 4 answer provided, I would go for 400 Bad Request as a general client error: "The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing)." https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
upvoted 4 times
...
bilnurbk
3 years ago
Is it correct answer? has anyone found the documentation?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel