Example #1
0
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its cloud instance and its domain
 /// name or tenant ID. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
 /// worldwide cloud, Azure German Cloud, US government ...)</param>
 /// <param name="tenant">Domain name associated with the Azure AD tenant from which
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// to sign-in users. This can also be a guid</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(
     AzureCloudInstance azureCloudInstance,
     string tenant,
     bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
 /// <c>https://login.microsoftonline.com)</c></param>
 /// <param name="tenant">domain name associated with the tenant from which to sign-in users</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <remarks>
 /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
 /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
 /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
 /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
 /// </remarks>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(
     string cloudInstanceUri,
     string tenant,
     bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenant, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its cloud instance and its domain
 /// name or tenant ID. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
 /// worldwide cloud, Azure German Cloud, US government ...).</param>
 /// <param name="tenant">Tenant Id of the tenant from which to sign-in users. This can also be a GUID.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(
     AzureCloudInstance azureCloudInstance,
     string tenant,
     bool validateAuthority = true)
 {
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority);
     return((T)this);
 }
            internal static Authority CreateAuthorityWithEnvironment(AuthorityInfo authorityInfo, string environment)
            {
                var uriBuilder = new UriBuilder(authorityInfo.CanonicalAuthority)
                {
                    Host = environment
                };

                return(Authority.CreateAuthority(uriBuilder.Uri.AbsoluteUri, authorityInfo.ValidateAuthority));
            }
 public AuthorityInfo(AuthorityInfo other) :
     this(
         other.Host,
         other.CanonicalAuthority,
         other.AuthorityType,
         other.UserRealmUriPrefix,
         other.ValidateAuthority)
 {
 }
 /// <summary>
 /// Specific authority for which the token is requested. Passing a different value than configured
 /// at the application constructor narrows down the selection to a specific tenant.
 /// This does not change the configured value in the application. This is specific
 /// to applications managing several accounts (like a mail client with several mailboxes).
 /// See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="authorityUri">Uri for the authority. In the case when the authority URI is
 /// a known Azure AD URI, this setting needs to be consistent with what is declared in
 /// the application registration portal.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(string authorityUri, bool validateAuthority = true)
 {
     if (string.IsNullOrWhiteSpace(authorityUri))
     {
         throw new ArgumentNullException(nameof(authorityUri));
     }
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAuthorityUri(authorityUri, validateAuthority);
     return((T)this);
 }
Example #7
0
 public AuthorityInfo(AuthorityInfo other) :
     this(
         other.Host,
         other.CanonicalAuthority,
         other.AuthorityType,
         other.UserRealmUriPrefix,
         other.ValidateAuthority,
         other.AutoDetectRegion,
         other.RegionToUse)
 {
 }
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users specifying
        /// the full authority Uri. See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="authorityUri">URL of the security token service (STS) from which MSAL.NET will acquire the tokens.
        ///  Usual authorities endpoints for the Azure public Cloud are:
        ///  <list type="bullet">
        ///  <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant
        ///  or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
        ///  <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item>
        ///  <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
        ///  <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item>
        ///  </list>
        ///  Note that this setting needs to be consistent with what is declared in the application registration portal</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods</returns>
        public T WithAuthority(string authorityUri, bool validateAuthority = true)
        {
            if (string.IsNullOrWhiteSpace(authorityUri))
            {
                throw new ArgumentNullException(authorityUri);
            }

            Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityUri, validateAuthority);

            return((T)this);
        }
Example #9
0
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users specifying
        /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="authorityAudience">Sign-in audience (one AAD organization,
        /// any work and school accounts, or any work and school accounts and Microsoft personal
        /// accounts.</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
        {
            CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
            if (validateAuthority)
            {
                CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
            }

            CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
            return((T)this);
        }
        /// <summary>
        /// Adds a known authority to the application from its Uri. See https://aka.ms/msal-net-application-configuration.
        /// This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority,
        /// nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in national and sovereign clouds, prefer
        /// using other overrides such as <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
        /// </summary>
        /// <param name="authorityUri">Uri of the authority</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods</returns>
        public T WithAuthority(Uri authorityUri, bool validateAuthority = true)
        {
            if (authorityUri == null)
            {
                throw new ArgumentNullException(nameof(authorityUri));
            }

            Config.AuthorityInfo = AuthorityInfo.FromAuthorityUri(authorityUri.ToString(), validateAuthority);

            return((T)this);
        }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
 /// <c>https://login.microsoftonline.com)</c>.</param>
 /// <param name="tenant">Tenant Id associated with the tenant from which to sign-in users.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <remarks>
 /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
 /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
 /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
 /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
 /// </remarks>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(
     string cloudInstanceUri,
     string tenant,
     bool validateAuthority = true)
 {
     if (string.IsNullOrWhiteSpace(cloudInstanceUri))
     {
         throw new ArgumentNullException(nameof(cloudInstanceUri));
     }
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenant, validateAuthority);
     return((T)this);
 }
 private static void ValidateTypeMismatch(AuthorityInfo configAuthorityInfo, AuthorityInfo requestAuthorityInfo)
 {
     if (!configAuthorityInfo.IsDefaultAuthority &&
         requestAuthorityInfo != null &&
         configAuthorityInfo.AuthorityType != requestAuthorityInfo.AuthorityType)
     {
         throw new MsalClientException(
                   MsalError.AuthorityTypeMismatch,
                   MsalErrorMessage.AuthorityTypeMismatch(
                       configAuthorityInfo.AuthorityType,
                       requestAuthorityInfo.AuthorityType));
     }
 }
            internal static Authority CreateAuthorityWithTenant(AuthorityInfo authorityInfo, string tenantId)
            {
                Authority initialAuthority = authorityInfo.CreateAuthority();

                if (string.IsNullOrEmpty(tenantId))
                {
                    return(initialAuthority);
                }

                string tenantedAuthority = initialAuthority.GetTenantedAuthority(tenantId);

                return(Authority.CreateAuthority(tenantedAuthority, authorityInfo.ValidateAuthority));
            }
Example #14
0
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users from a single
        /// organization (single tenant application) described by its cloud instance and its tenant ID.
        /// See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
        /// worldwide cloud, Azure German Cloud, US government ...).</param>
        /// <param name="tenantId">Tenant Id of the tenant from which to sign-in users.</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        public T WithAuthority(
            AzureCloudInstance azureCloudInstance,
            Guid tenantId,
            bool validateAuthority = true)
        {
            CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
            if (validateAuthority)
            {
                CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
            }

            CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenantId, validateAuthority);
            return((T)this);
        }
Example #15
0
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users from a single
        /// organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="cloudInstanceUri">Azure Cloud instance.</param>
        /// <param name="tenantId">GUID of the tenant from which to sign-in users.</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        public T WithAuthority(
            string cloudInstanceUri,
            Guid tenantId,
            bool validateAuthority = true)
        {
            CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
            if (validateAuthority)
            {
                CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
            }

            if (string.IsNullOrWhiteSpace(cloudInstanceUri))
            {
                throw new ArgumentNullException(nameof(cloudInstanceUri));
            }
            CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenantId, validateAuthority);
            return((T)this);
        }
            public static IAuthorityValidator CreateAuthorityValidator(AuthorityInfo authorityInfo, RequestContext requestContext)
            {
                switch (authorityInfo.AuthorityType)
                {
                case AuthorityType.Adfs:
                    return(new AdfsAuthorityValidator(requestContext));

                case AuthorityType.Aad:
                    return(new AadAuthorityValidator(requestContext));

                case AuthorityType.B2C:
                case AuthorityType.Dsts:
                    return(new NullAuthorityValidator());

                default:
                    throw new InvalidOperationException("Invalid AuthorityType");
                }
            }
            private static async Task ValidateSameHostAsync(AuthorityInfo requestAuthorityInfo, RequestContext requestContext)
            {
                var configAuthorityInfo = requestContext.ServiceBundle.Config.Authority.AuthorityInfo;

                if (!requestContext.ServiceBundle.Config.MultiCloudSupportEnabled &&
                    requestAuthorityInfo != null &&
                    !string.Equals(requestAuthorityInfo.Host, configAuthorityInfo.Host, StringComparison.OrdinalIgnoreCase))
                {
                    if (requestAuthorityInfo.AuthorityType == AuthorityType.B2C)
                    {
                        throw new MsalClientException(MsalError.B2CAuthorityHostMismatch, MsalErrorMessage.B2CAuthorityHostMisMatch);
                    }

                    // This check should be done when validating the request parameters, however we've allowed
                    // this configuration to run for a while, so this is the better place for it.
                    bool usesRegional = !string.IsNullOrEmpty(requestContext.ServiceBundle.Config.AzureRegion);
                    if (usesRegional)
                    {
                        throw new MsalClientException(MsalError.RegionalAndAuthorityOverride, MsalErrorMessage.RegionalAndAuthorityOverride);
                    }

                    var authorityAliased = await IsAuthorityAliasedAsync(requestContext, requestAuthorityInfo).ConfigureAwait(false);

                    if (authorityAliased)
                    {
                        return;
                    }

                    if (configAuthorityInfo.IsDefaultAuthority)
                    {
                        throw new MsalClientException(
                                  MsalError.AuthorityHostMismatch,
                                  $"You did not define an authority at the application level, so it defaults to the https://login.microsoftonline.com/common. " +
                                  $"\n\rHowever, the request is for a different cloud {requestAuthorityInfo.Host}. This is not supported - the app and the request must target the same cloud. " +
                                  $"\n\r\n\r Add .WithAuthority(\"https://{requestAuthorityInfo.Host}/common\") in the app builder. " +
                                  $"\n\rSee https://aka.ms/msal-net-authority-override for details");
                    }

                    throw new MsalClientException(
                              MsalError.AuthorityHostMismatch,
                              $"\n\r The application is configured for cloud {configAuthorityInfo.Host} and the request for a different cloud - {requestAuthorityInfo.Host}. This is not supported - the app and the request must target the same cloud. " +
                              $"\n\rSee https://aka.ms/msal-net-authority-override for details");
                }
            }
        private string GetDefaultAuthorityInstance()
        {
            // Check if there's enough information in the existing config to build up a default authority.
            if (!string.IsNullOrWhiteSpace(Config.Instance) && Config.AzureCloudInstance != AzureCloudInstance.None)
            {
                // Conflict, user has specified a string instance and the enum instance value.
                throw new InvalidOperationException(MsalErrorMessage.InstanceAndAzureCloudInstanceAreMutuallyExclusive);
            }

            if (!string.IsNullOrWhiteSpace(Config.Instance))
            {
                return(Config.Instance);
            }

            if (Config.AzureCloudInstance != AzureCloudInstance.None)
            {
                return(AuthorityInfo.GetCloudUrl(Config.AzureCloudInstance));
            }

            return(AuthorityInfo.GetCloudUrl(AzureCloudInstance.AzurePublic));
        }
        private string GetAuthorityAudience()
        {
            if (!string.IsNullOrWhiteSpace(Config.TenantId) &&
                Config.AadAuthorityAudience != AadAuthorityAudience.None &&
                Config.AadAuthorityAudience != AadAuthorityAudience.AzureAdMyOrg)
            {
                // Conflict, user has specified a string tenantId and the enum audience value for AAD, which is also the tenant.
                throw new InvalidOperationException(MsalErrorMessage.TenantIdAndAadAuthorityInstanceAreMutuallyExclusive);
            }

            if (Config.AadAuthorityAudience != AadAuthorityAudience.None)
            {
                return(AuthorityInfo.GetAadAuthorityAudienceValue(Config.AadAuthorityAudience, Config.TenantId));
            }

            if (!string.IsNullOrWhiteSpace(Config.TenantId))
            {
                return(Config.TenantId);
            }

            return(AuthorityInfo.GetAadAuthorityAudienceValue(AadAuthorityAudience.AzureAdAndPersonalMicrosoftAccount, string.Empty));
        }
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users from a single
        /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
        /// <c>https://login.microsoftonline.com)</c></param>
        /// <param name="tenant">domain name associated with the tenant from which to sign-in users</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <remarks>
        /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
        /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
        /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
        /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
        /// </remarks>
        /// <returns>The builder to chain the .With methods</returns>
        public T WithAuthority(
            string cloudInstanceUri,
            string tenant,
            bool validateAuthority = true)
        {
            if (string.IsNullOrWhiteSpace(cloudInstanceUri))
            {
                throw new ArgumentNullException(nameof(cloudInstanceUri));
            }
            if (string.IsNullOrWhiteSpace(tenant))
            {
                throw new ArgumentNullException(nameof(tenant));
            }

            var authorityInfo = AuthorityInfo.FromAadAuthority(
                new Uri(cloudInstanceUri),
                tenant,
                validateAuthority);

            Config.Authority = new AadAuthority(authorityInfo);

            return((T)this);
        }
        /// <summary>
        /// Overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment).
        ///
        /// If an authority was not specified at the application level, the default used is https://login.microsoftonline.com/common.
        /// </summary>
        /// <param name="tenantId">The tenant ID, which can be either in GUID format or a domain name. Also known as the Directory ID.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        /// <exception cref="ArgumentNullException">Thrown if tenantId is null or an empty string</exception>
        /// <exception cref="MsalClientException">Thrown if the application was configured with an authority that is not AAD specific (e.g. ADFS or B2C).</exception>
        /// <remarks>
        /// The tenant should be more restrictive than the one configured at the application level, e.g. don't use "common".
        /// Does not affect authority validation, which is specified at the application level.</remarks>
        public T WithTenantId(string tenantId)
        {
            if (string.IsNullOrEmpty(tenantId))
            {
                throw new ArgumentNullException(nameof(tenantId));
            }

            if (!ServiceBundle.Config.Authority.AuthorityInfo.IsTenantOverrideSupported)
            {
                throw new MsalClientException(
                          MsalError.TenantOverrideNonAad,
                          MsalErrorMessage.TenantOverrideNonAad);
            }

            AadAuthority aadAuthority      = (AadAuthority)ServiceBundle.Config.Authority;
            string       tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true);
            var          newAuthorityInfo  = AuthorityInfo.FromAadAuthority(
                tenantedAuthority,
                ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority);

            CommonParameters.AuthorityOverride = newAuthorityInfo;

            return((T)this);
        }
 /// <summary>
 /// Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs
 /// </summary>
 /// <param name="authorityUri">Authority URL for an ADFS server</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <remarks>MSAL.NET will only support ADFS 2019 or later.</remarks>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAdfsAuthority(string authorityUri, bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAdfsAuthority(authorityUri, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users specifying
 /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="authorityAudience">Sign-in audience (one AAD organization,
 /// any work and school accounts, or any work and school accounts and Microsoft personal
 /// accounts.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
 {
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users specifying
 /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="authorityAudience">Sign-in audience (one AAD organization,
 /// any work and school accounts, or any work and school accounts and Microsoft personal
 /// accounts</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known authority to the application from its Uri. See https://aka.ms/msal-net-application-configuration.
 /// This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority,
 /// nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in national and sovereign clouds, prefer
 /// using other overrides such as <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
 /// </summary>
 /// <param name="authorityUri">Uri of the authority</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(Uri authorityUri, bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAuthorityUri(authorityUri.ToString(), validateAuthority);
     return((T)this);
 }
            /// <summary>
            /// Figures out the authority based on the authority from the config and the authority from the request,
            /// and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent
            ///
            /// The algorithm is:
            ///
            /// 1. If there is no request authority (i.e. no authority override), use the config authority.
            ///     1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID
            /// 2. If there is a request authority, try to use it.
            ///     2.1. If the request authority is not "common", then use it
            ///     2.2  If the request authority is "common", ignore it, and use 1.1
            ///
            /// Special cases:
            ///
            /// - if the authority is not defined at the application level and the request level is not AAD, use the request authority
            /// - if the authority is defined at app level, and the request level authority of is of different type, throw an exception
            ///
            /// </summary>
            public static async Task <Authority> CreateAuthorityForRequestAsync(RequestContext requestContext,
                                                                                AuthorityInfo requestAuthorityInfo,
                                                                                IAccount account = null)
            {
                var configAuthorityInfo = requestContext.ServiceBundle.Config.Authority.AuthorityInfo;

                if (configAuthorityInfo == null)
                {
                    throw new ArgumentNullException(nameof(configAuthorityInfo));
                }

                ValidateTypeMismatch(configAuthorityInfo, requestAuthorityInfo);

                await ValidateSameHostAsync(requestAuthorityInfo, requestContext).ConfigureAwait(false);

                AuthorityInfo nonNullAuthInfo = requestAuthorityInfo ?? configAuthorityInfo;

                switch (configAuthorityInfo.AuthorityType)
                {
                // ADFS is tenant-less, no need to consider tenant
                case AuthorityType.Adfs:
                    return(new AdfsAuthority(nonNullAuthInfo));

                case AuthorityType.Dsts:
                    return(new DstsAuthority(nonNullAuthInfo));

                case AuthorityType.B2C:
                    return(new B2CAuthority(nonNullAuthInfo));

                case AuthorityType.Aad:

                    bool updateEnvironment = requestContext.ServiceBundle.Config.MultiCloudSupportEnabled && account != null;

                    if (requestAuthorityInfo == null)
                    {
                        return(updateEnvironment ?
                               CreateAuthorityWithTenant(CreateAuthorityWithEnvironment(configAuthorityInfo, account.Environment).AuthorityInfo, account?.HomeAccountId?.TenantId) :
                               CreateAuthorityWithTenant(configAuthorityInfo, account?.HomeAccountId?.TenantId));
                    }

                    // In case the authority is defined only at the request level
                    if (configAuthorityInfo.IsDefaultAuthority &&
                        requestAuthorityInfo.AuthorityType != AuthorityType.Aad)
                    {
                        return(requestAuthorityInfo.CreateAuthority());
                    }

                    var requestAuthority = updateEnvironment ?
                                           new AadAuthority(CreateAuthorityWithEnvironment(requestAuthorityInfo, account?.Environment).AuthorityInfo) :
                                           new AadAuthority(requestAuthorityInfo);
                    if (!requestAuthority.IsCommonOrganizationsOrConsumersTenant())
                    {
                        return(requestAuthority);
                    }

                    return(updateEnvironment ?
                           CreateAuthorityWithTenant(CreateAuthorityWithEnvironment(configAuthorityInfo, account.Environment).AuthorityInfo, account?.HomeAccountId?.TenantId) :
                           CreateAuthorityWithTenant(configAuthorityInfo, account?.HomeAccountId?.TenantId));

                default:
                    throw new MsalClientException(
                              MsalError.InvalidAuthorityType,
                              "Unsupported authority type");
                }
            }
 /// <summary>
 /// Adds a known authority corresponding to an Azure AD B2C policy.
 /// See https://aka.ms/msal-net-b2c-specificities
 /// </summary>
 /// <param name="authorityUri">Azure AD B2C authority, including the B2C policy (for instance
 /// <c>"https://fabrikamb2c.b2clogin.com/tfp/{Tenant}/{policy}</c></param>)
 /// <returns>The builder to chain the .With methods</returns>
 public T WithB2CAuthority(string authorityUri)
 {
     Config.AuthorityInfo = AuthorityInfo.FromB2CAuthority(authorityUri);
     return((T)this);
 }
            private static async Task <bool> IsAuthorityAliasedAsync(RequestContext requestContext, AuthorityInfo requestAuthorityInfo)
            {
                var instanceDiscoveryManager = requestContext.ServiceBundle.InstanceDiscoveryManager;
                var result = await instanceDiscoveryManager.GetMetadataEntryAsync(requestContext.ServiceBundle.Config.Authority.AuthorityInfo, requestContext).ConfigureAwait(false);

                return(result.Aliases.Any(alias => alias.Equals(requestAuthorityInfo.Host)));
            }