[Bug] "TokenBroker" service keeps WinUI 3 app's process running after window is closed #4967
Description
Library version used
4.64.0
.NET version
.NET 8
Scenario
PublicClient - desktop app
Is this a new or an existing app?
The app is in production, I haven't upgraded MSAL, but started seeing this issue
Issue description and reproduction steps
We have a WinUI 3 + .NET 8 based app which uses MSAL .Net for authentication. We came to notice that after an interactive login (account picker window shown) the app process will not exit after it is closed. With the "Analyze wait chain" option in Task Manager, it shows an svchost process is holding the app process, and this svchost process points to the "TokenBroker" service, which belongs to "Web Account Manager".
I've managed to reproduce it with the minimum code below. This issue seems to only reproduce when both of the following 2 conditions are met:
- There is a WebView2 control with a Source property (no matter set via XAML or code-behind).
- The WAM's interactive login window (account picker) is shown.
<Window
x:Class="App2.MainWindow"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:local="using:App2"
xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
mc:Ignorable="d">
<Grid>
<Grid.RowDefinitions>
<RowDefinition Height="80" />
<RowDefinition />
</Grid.RowDefinitions>
<StackPanel Grid.Row="0" HorizontalAlignment="Center" VerticalAlignment="Center" Orientation="Horizontal">
<Button Click="SignInButton_Click" Content="Sign in" />
</StackPanel>
<Grid Grid.Row="1" HorizontalAlignment="Stretch" VerticalAlignment="Stretch">
<WebView2 x:Name="MyWebView" Source="https://bing.com" />
</Grid>
</Grid>
</Window>
private void SignInButton_Click(object sender, RoutedEventArgs e)
{
if (client == null)
{
client = PublicClientApplicationBuilder.Create(clientId: AppId)
.WithAuthority(authorityUri: "https://login.microsoftonline.com/common")
.WithBroker(brokerOptions: new BrokerOptions(BrokerOptions.OperatingSystems.Windows))
.Build();
}
IntPtr handle = WinRT.Interop.WindowNative.GetWindowHandle(this);
DispatcherQueue.TryEnqueue(async () =>
{
try
{
AcquireTokenInteractiveParameterBuilder tokenBuilder = client.AcquireTokenInteractive(["https://graph.microsoft.com/.default"])
.WithParentActivityOrWindow(handle)
.WithUseEmbeddedWebView(false);
AuthenticationResult result = await tokenBuilder.ExecuteAsync().ConfigureAwait(false);
Debug.WriteLine("Signed in.");
}
catch (MsalException ex) when (ex.ErrorCode == "authentication_canceled")
{
Debug.WriteLine($"Sign in canceled.");
}
catch (Exception ex)
{
Debug.WriteLine($"Sign in failed: {ex.Message}.");
throw;
}
});
}
The code is also posted in this repo: aries-zhang/WinUI3-MSAL-Demo. Please follow these steps to reproduce:
- Clone the code.
- Build and run the app.
- The app should show bing.com and a "Sign in" button in the top (now if you close the app, the process shuts down normally).
- Click "Sign in", when account picker pops up, close the account picker window to cancel login (or sign in with an account. It does not matter as long as the sign in window is shown).
- Close the app.
- Open Task Manager, search App2.exe in the "Details" tab, the process is still running.
- Right click App2.exe, select "analyze wait chain", it shows the svchost process.
- Search with the svchost process's id, right click, select "go to services", it shows the "TokenBroker" service.
This issue is really strange since it does not repro when there is not a WebView2 control in the app or the WebView2 control does not have a "Source" property set. I've also noticed with the same code it does not repro on Windows 10 (22H2).
It does not repro with silent login. It seems to have something to do with WAM + WebView2.
Also tried the older versions of MSAL .Net up to 4.52.0 and it still repros.
Relevant code snippets
See the code snippets in issue description.Expected behavior
Expecting the app process should exit normally when closed.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response