Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TokenCacheHelperEx.cs Error #157

Closed
SkipToTheEndpoint opened this issue Sep 1, 2023 · 3 comments
Closed

TokenCacheHelperEx.cs Error #157

SkipToTheEndpoint opened this issue Sep 1, 2023 · 3 comments

Comments

@SkipToTheEndpoint
Copy link

SkipToTheEndpoint commented Sep 1, 2023
edited
Loading

Hey Mikael.

I'm having the same problem as issue #21

Add-Type : (0) : Source file 'c:\Git\IntuneManagement-3.9.1\CS\TokenCacheHelperEx.cs' could not be opened ('Unspecified error ')
At C:\Git\IntuneManagement-3.9.1\Extensions\MSALAuthentication.psm1:551 char:9
+         Add-Type -Path ($global:AppRootFolder + "\CS\TokenCacheHelper ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (Microsoft.Power...peCompilerError:AddTypeCompilerError) [Add-Type], Exception
    + FullyQualifiedErrorId : SOURCE_CODE_ERROR,Microsoft.PowerShell.Commands.AddTypeCommand

Failed to compile TokenCacheHelperEx. The access token will not be cached. Check write access to the CS folder and ASR policies Exception: Cannot add type. Compilation errors occurred.

I've tried everything I can think of to resolve it, even going as far as pushing an ASR policy with everything turned off, as well as setting ASR exclusions for the path. It's also not permissions as I have Full Control over the file:
image

Looking at the TokenCacheHelperEx.cs file I see it's supposed to create %LOCALAPPDATA%\GraphPowerShellManager\MSALToken.bin and it's not.

Am I missing something?

Thanks
@Micke-K
Copy link
Owner

Micke-K commented Sep 1, 2023

Hello!

Is PowerShell in Constrained Language mode? Add-Type is not allowed if that is enabled.

Cheers!

@SkipToTheEndpoint
Copy link
Author

No, PS is in Full Language mode, however that did trigger me to look at other things because I saw something about Device Guard User Mode Code Integrity. The CodeIntegrity event log caught it:
image

I am trying this on devices without AppLocker or WDAC, however the following policies are being applied from Intune:
image

Hmm, not sure where to take this one as you can't create exclusions for things. I wonder if this could end up causing issues if MS continue to take a "secure by default" approach with Windows, such as Smart App Control even on consumer devices...

@Micke-K
Copy link
Owner

Micke-K commented Oct 21, 2023

Closing this issue.

I will look into a way to replace the code compiling. There are currently 2 thigs this is used for; cache logins and proxy. So I need a new solution for those. First one, and what caused your issue, might be solved by a new version of MSAL.DLL.

Feel free to reopen this issue or create a new one if you have any other problems with this.

Cheers!

@Micke-K Micke-K closed this as completed Oct 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Micke-K @SkipToTheEndpoint