/// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="cloudInstanceUri">Azure Cloud instance</param>
 /// <param name="tenantId">Guid of the tenant from which to sign-in users</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(
     string cloudInstanceUri,
     Guid tenantId,
     bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenantId, validateAuthority);
     return((T)this);
 }
Example #2
0
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its cloud instance and its domain
 /// name or tenant ID. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
 /// worldwide cloud, Azure German Cloud, US government ...)</param>
 /// <param name="tenant">Domain name associated with the Azure AD tenant from which
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// to sign-in users. This can also be a guid</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(
     AzureCloudInstance azureCloudInstance,
     string tenant,
     bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its cloud instance and its domain
 /// name or tenant ID. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
 /// worldwide cloud, Azure German Cloud, US government ...).</param>
 /// <param name="tenant">Tenant Id of the tenant from which to sign-in users. This can also be a GUID.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(
     AzureCloudInstance azureCloudInstance,
     string tenant,
     bool validateAuthority = true)
 {
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority);
     return((T)this);
 }
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users specifying
        /// the full authority Uri. See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="authorityUri">URL of the security token service (STS) from which MSAL.NET will acquire the tokens.
        ///  Usual authorities endpoints for the Azure public Cloud are:
        ///  <list type="bullet">
        ///  <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant
        ///  or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
        ///  <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item>
        ///  <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
        ///  <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item>
        ///  </list>
        ///  Note that this setting needs to be consistent with what is declared in the application registration portal</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods</returns>
        public T WithAuthority(string authorityUri, bool validateAuthority = true)
        {
            if (string.IsNullOrWhiteSpace(authorityUri))
            {
                throw new ArgumentNullException(authorityUri);
            }

            Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityUri, validateAuthority);

            return((T)this);
        }
Example #5
0
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users specifying
        /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="authorityAudience">Sign-in audience (one AAD organization,
        /// any work and school accounts, or any work and school accounts and Microsoft personal
        /// accounts.</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
        {
            CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
            if (validateAuthority)
            {
                CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
            }

            CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
            return((T)this);
        }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users from a single
 /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
 /// <c>https://login.microsoftonline.com)</c>.</param>
 /// <param name="tenant">Tenant Id associated with the tenant from which to sign-in users.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <remarks>
 /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
 /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
 /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
 /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
 /// </remarks>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(
     string cloudInstanceUri,
     string tenant,
     bool validateAuthority = true)
 {
     if (string.IsNullOrWhiteSpace(cloudInstanceUri))
     {
         throw new ArgumentNullException(nameof(cloudInstanceUri));
     }
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenant, validateAuthority);
     return((T)this);
 }
Example #7
0
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users from a single
        /// organization (single tenant application) described by its cloud instance and its tenant ID.
        /// See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
        /// worldwide cloud, Azure German Cloud, US government ...).</param>
        /// <param name="tenantId">Tenant Id of the tenant from which to sign-in users.</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        public T WithAuthority(
            AzureCloudInstance azureCloudInstance,
            Guid tenantId,
            bool validateAuthority = true)
        {
            CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
            if (validateAuthority)
            {
                CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
            }

            CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenantId, validateAuthority);
            return((T)this);
        }
Example #8
0
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users from a single
        /// organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="cloudInstanceUri">Azure Cloud instance.</param>
        /// <param name="tenantId">GUID of the tenant from which to sign-in users.</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        public T WithAuthority(
            string cloudInstanceUri,
            Guid tenantId,
            bool validateAuthority = true)
        {
            CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
            if (validateAuthority)
            {
                CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
            }

            if (string.IsNullOrWhiteSpace(cloudInstanceUri))
            {
                throw new ArgumentNullException(nameof(cloudInstanceUri));
            }
            CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenantId, validateAuthority);
            return((T)this);
        }
        /// <summary>
        /// Adds a known Azure AD authority to the application to sign-in users from a single
        /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
        /// </summary>
        /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
        /// <c>https://login.microsoftonline.com)</c></param>
        /// <param name="tenant">domain name associated with the tenant from which to sign-in users</param>
        /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
        /// <remarks>
        /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
        /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
        /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
        /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
        /// </remarks>
        /// <returns>The builder to chain the .With methods</returns>
        public T WithAuthority(
            string cloudInstanceUri,
            string tenant,
            bool validateAuthority = true)
        {
            if (string.IsNullOrWhiteSpace(cloudInstanceUri))
            {
                throw new ArgumentNullException(nameof(cloudInstanceUri));
            }
            if (string.IsNullOrWhiteSpace(tenant))
            {
                throw new ArgumentNullException(nameof(tenant));
            }

            var authorityInfo = AuthorityInfo.FromAadAuthority(
                new Uri(cloudInstanceUri),
                tenant,
                validateAuthority);

            Config.Authority = new AadAuthority(authorityInfo);

            return((T)this);
        }
        /// <summary>
        /// Overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment).
        ///
        /// If an authority was not specified at the application level, the default used is https://login.microsoftonline.com/common.
        /// </summary>
        /// <param name="tenantId">The tenant ID, which can be either in GUID format or a domain name. Also known as the Directory ID.</param>
        /// <returns>The builder to chain the .With methods.</returns>
        /// <exception cref="ArgumentNullException">Thrown if tenantId is null or an empty string</exception>
        /// <exception cref="MsalClientException">Thrown if the application was configured with an authority that is not AAD specific (e.g. ADFS or B2C).</exception>
        /// <remarks>
        /// The tenant should be more restrictive than the one configured at the application level, e.g. don't use "common".
        /// Does not affect authority validation, which is specified at the application level.</remarks>
        public T WithTenantId(string tenantId)
        {
            if (string.IsNullOrEmpty(tenantId))
            {
                throw new ArgumentNullException(nameof(tenantId));
            }

            if (!ServiceBundle.Config.Authority.AuthorityInfo.IsTenantOverrideSupported)
            {
                throw new MsalClientException(
                          MsalError.TenantOverrideNonAad,
                          MsalErrorMessage.TenantOverrideNonAad);
            }

            AadAuthority aadAuthority      = (AadAuthority)ServiceBundle.Config.Authority;
            string       tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true);
            var          newAuthorityInfo  = AuthorityInfo.FromAadAuthority(
                tenantedAuthority,
                ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority);

            CommonParameters.AuthorityOverride = newAuthorityInfo;

            return((T)this);
        }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users specifying
 /// the full authority Uri. See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="authorityUri">URL of the security token service (STS) from which MSAL.NET will acquire the tokens.
 ///  Usual authorities endpoints for the Azure public Cloud are:
 ///  <list type="bullet">
 ///  <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant
 ///  or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
 ///  <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item>
 ///  <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
 ///  <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item>
 ///  </list>
 ///  Note that this setting needs to be consistent with what is declared in the application registration portal</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(string authorityUri, bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityUri, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users specifying
 /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="authorityAudience">Sign-in audience (one AAD organization,
 /// any work and school accounts, or any work and school accounts and Microsoft personal
 /// accounts</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods</returns>
 public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
 {
     Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
     return((T)this);
 }
 /// <summary>
 /// Adds a known Azure AD authority to the application to sign-in users specifying
 /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
 /// </summary>
 /// <param name="authorityAudience">Sign-in audience (one AAD organization,
 /// any work and school accounts, or any work and school accounts and Microsoft personal
 /// accounts.</param>
 /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
 /// <returns>The builder to chain the .With methods.</returns>
 public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
 {
     CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
     return((T)this);
 }