/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) described by its cloud instance and its domain /// name or tenant ID. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure /// worldwide cloud, Azure German Cloud, US government ...)</param> /// <param name="tenant">Domain name associated with the Azure AD tenant from which /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// to sign-in users. This can also be a guid</param> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority( AzureCloudInstance azureCloudInstance, string tenant, bool validateAuthority = true) { Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance /// <c>https://login.microsoftonline.com)</c></param> /// <param name="tenant">domain name associated with the tenant from which to sign-in users</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <remarks> /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId), /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/> /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/> /// </remarks> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority( string cloudInstanceUri, string tenant, bool validateAuthority = true) { Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenant, validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) described by its cloud instance and its domain /// name or tenant ID. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure /// worldwide cloud, Azure German Cloud, US government ...).</param> /// <param name="tenant">Tenant Id of the tenant from which to sign-in users. This can also be a GUID.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority( AzureCloudInstance azureCloudInstance, string tenant, bool validateAuthority = true) { CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority); return((T)this); }
internal static Authority CreateAuthorityWithEnvironment(AuthorityInfo authorityInfo, string environment) { var uriBuilder = new UriBuilder(authorityInfo.CanonicalAuthority) { Host = environment }; return(Authority.CreateAuthority(uriBuilder.Uri.AbsoluteUri, authorityInfo.ValidateAuthority)); }
public AuthorityInfo(AuthorityInfo other) : this( other.Host, other.CanonicalAuthority, other.AuthorityType, other.UserRealmUriPrefix, other.ValidateAuthority) { }
/// <summary> /// Specific authority for which the token is requested. Passing a different value than configured /// at the application constructor narrows down the selection to a specific tenant. /// This does not change the configured value in the application. This is specific /// to applications managing several accounts (like a mail client with several mailboxes). /// See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="authorityUri">Uri for the authority. In the case when the authority URI is /// a known Azure AD URI, this setting needs to be consistent with what is declared in /// the application registration portal.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority(string authorityUri, bool validateAuthority = true) { if (string.IsNullOrWhiteSpace(authorityUri)) { throw new ArgumentNullException(nameof(authorityUri)); } CommonParameters.AuthorityOverride = AuthorityInfo.FromAuthorityUri(authorityUri, validateAuthority); return((T)this); }
public AuthorityInfo(AuthorityInfo other) : this( other.Host, other.CanonicalAuthority, other.AuthorityType, other.UserRealmUriPrefix, other.ValidateAuthority, other.AutoDetectRegion, other.RegionToUse) { }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users specifying /// the full authority Uri. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="authorityUri">URL of the security token service (STS) from which MSAL.NET will acquire the tokens. /// Usual authorities endpoints for the Azure public Cloud are: /// <list type="bullet"> /// <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant /// or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item> /// <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item> /// <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item> /// <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item> /// </list> /// Note that this setting needs to be consistent with what is declared in the application registration portal</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority(string authorityUri, bool validateAuthority = true) { if (string.IsNullOrWhiteSpace(authorityUri)) { throw new ArgumentNullException(authorityUri); } Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityUri, validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users specifying /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="authorityAudience">Sign-in audience (one AAD organization, /// any work and school accounts, or any work and school accounts and Microsoft personal /// accounts.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority); if (validateAuthority) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority); } CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority); return((T)this); }
/// <summary> /// Adds a known authority to the application from its Uri. See https://aka.ms/msal-net-application-configuration. /// This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority, /// nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in national and sovereign clouds, prefer /// using other overrides such as <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/> /// </summary> /// <param name="authorityUri">Uri of the authority</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority(Uri authorityUri, bool validateAuthority = true) { if (authorityUri == null) { throw new ArgumentNullException(nameof(authorityUri)); } Config.AuthorityInfo = AuthorityInfo.FromAuthorityUri(authorityUri.ToString(), validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance /// <c>https://login.microsoftonline.com)</c>.</param> /// <param name="tenant">Tenant Id associated with the tenant from which to sign-in users.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <remarks> /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId), /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/> /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/> /// </remarks> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority( string cloudInstanceUri, string tenant, bool validateAuthority = true) { if (string.IsNullOrWhiteSpace(cloudInstanceUri)) { throw new ArgumentNullException(nameof(cloudInstanceUri)); } CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenant, validateAuthority); return((T)this); }
private static void ValidateTypeMismatch(AuthorityInfo configAuthorityInfo, AuthorityInfo requestAuthorityInfo) { if (!configAuthorityInfo.IsDefaultAuthority && requestAuthorityInfo != null && configAuthorityInfo.AuthorityType != requestAuthorityInfo.AuthorityType) { throw new MsalClientException( MsalError.AuthorityTypeMismatch, MsalErrorMessage.AuthorityTypeMismatch( configAuthorityInfo.AuthorityType, requestAuthorityInfo.AuthorityType)); } }
internal static Authority CreateAuthorityWithTenant(AuthorityInfo authorityInfo, string tenantId) { Authority initialAuthority = authorityInfo.CreateAuthority(); if (string.IsNullOrEmpty(tenantId)) { return(initialAuthority); } string tenantedAuthority = initialAuthority.GetTenantedAuthority(tenantId); return(Authority.CreateAuthority(tenantedAuthority, authorityInfo.ValidateAuthority)); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) described by its cloud instance and its tenant ID. /// See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure /// worldwide cloud, Azure German Cloud, US government ...).</param> /// <param name="tenantId">Tenant Id of the tenant from which to sign-in users.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority( AzureCloudInstance azureCloudInstance, Guid tenantId, bool validateAuthority = true) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority); if (validateAuthority) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority); } CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenantId, validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="cloudInstanceUri">Azure Cloud instance.</param> /// <param name="tenantId">GUID of the tenant from which to sign-in users.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority( string cloudInstanceUri, Guid tenantId, bool validateAuthority = true) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority); if (validateAuthority) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority); } if (string.IsNullOrWhiteSpace(cloudInstanceUri)) { throw new ArgumentNullException(nameof(cloudInstanceUri)); } CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenantId, validateAuthority); return((T)this); }
public static IAuthorityValidator CreateAuthorityValidator(AuthorityInfo authorityInfo, RequestContext requestContext) { switch (authorityInfo.AuthorityType) { case AuthorityType.Adfs: return(new AdfsAuthorityValidator(requestContext)); case AuthorityType.Aad: return(new AadAuthorityValidator(requestContext)); case AuthorityType.B2C: case AuthorityType.Dsts: return(new NullAuthorityValidator()); default: throw new InvalidOperationException("Invalid AuthorityType"); } }
private static async Task ValidateSameHostAsync(AuthorityInfo requestAuthorityInfo, RequestContext requestContext) { var configAuthorityInfo = requestContext.ServiceBundle.Config.Authority.AuthorityInfo; if (!requestContext.ServiceBundle.Config.MultiCloudSupportEnabled && requestAuthorityInfo != null && !string.Equals(requestAuthorityInfo.Host, configAuthorityInfo.Host, StringComparison.OrdinalIgnoreCase)) { if (requestAuthorityInfo.AuthorityType == AuthorityType.B2C) { throw new MsalClientException(MsalError.B2CAuthorityHostMismatch, MsalErrorMessage.B2CAuthorityHostMisMatch); } // This check should be done when validating the request parameters, however we've allowed // this configuration to run for a while, so this is the better place for it. bool usesRegional = !string.IsNullOrEmpty(requestContext.ServiceBundle.Config.AzureRegion); if (usesRegional) { throw new MsalClientException(MsalError.RegionalAndAuthorityOverride, MsalErrorMessage.RegionalAndAuthorityOverride); } var authorityAliased = await IsAuthorityAliasedAsync(requestContext, requestAuthorityInfo).ConfigureAwait(false); if (authorityAliased) { return; } if (configAuthorityInfo.IsDefaultAuthority) { throw new MsalClientException( MsalError.AuthorityHostMismatch, $"You did not define an authority at the application level, so it defaults to the https://login.microsoftonline.com/common. " + $"\n\rHowever, the request is for a different cloud {requestAuthorityInfo.Host}. This is not supported - the app and the request must target the same cloud. " + $"\n\r\n\r Add .WithAuthority(\"https://{requestAuthorityInfo.Host}/common\") in the app builder. " + $"\n\rSee https://aka.ms/msal-net-authority-override for details"); } throw new MsalClientException( MsalError.AuthorityHostMismatch, $"\n\r The application is configured for cloud {configAuthorityInfo.Host} and the request for a different cloud - {requestAuthorityInfo.Host}. This is not supported - the app and the request must target the same cloud. " + $"\n\rSee https://aka.ms/msal-net-authority-override for details"); } }
private string GetDefaultAuthorityInstance() { // Check if there's enough information in the existing config to build up a default authority. if (!string.IsNullOrWhiteSpace(Config.Instance) && Config.AzureCloudInstance != AzureCloudInstance.None) { // Conflict, user has specified a string instance and the enum instance value. throw new InvalidOperationException(MsalErrorMessage.InstanceAndAzureCloudInstanceAreMutuallyExclusive); } if (!string.IsNullOrWhiteSpace(Config.Instance)) { return(Config.Instance); } if (Config.AzureCloudInstance != AzureCloudInstance.None) { return(AuthorityInfo.GetCloudUrl(Config.AzureCloudInstance)); } return(AuthorityInfo.GetCloudUrl(AzureCloudInstance.AzurePublic)); }
private string GetAuthorityAudience() { if (!string.IsNullOrWhiteSpace(Config.TenantId) && Config.AadAuthorityAudience != AadAuthorityAudience.None && Config.AadAuthorityAudience != AadAuthorityAudience.AzureAdMyOrg) { // Conflict, user has specified a string tenantId and the enum audience value for AAD, which is also the tenant. throw new InvalidOperationException(MsalErrorMessage.TenantIdAndAadAuthorityInstanceAreMutuallyExclusive); } if (Config.AadAuthorityAudience != AadAuthorityAudience.None) { return(AuthorityInfo.GetAadAuthorityAudienceValue(Config.AadAuthorityAudience, Config.TenantId)); } if (!string.IsNullOrWhiteSpace(Config.TenantId)) { return(Config.TenantId); } return(AuthorityInfo.GetAadAuthorityAudienceValue(AadAuthorityAudience.AzureAdAndPersonalMicrosoftAccount, string.Empty)); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users from a single /// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance /// <c>https://login.microsoftonline.com)</c></param> /// <param name="tenant">domain name associated with the tenant from which to sign-in users</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <remarks> /// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId), /// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case /// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/> /// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/> /// </remarks> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority( string cloudInstanceUri, string tenant, bool validateAuthority = true) { if (string.IsNullOrWhiteSpace(cloudInstanceUri)) { throw new ArgumentNullException(nameof(cloudInstanceUri)); } if (string.IsNullOrWhiteSpace(tenant)) { throw new ArgumentNullException(nameof(tenant)); } var authorityInfo = AuthorityInfo.FromAadAuthority( new Uri(cloudInstanceUri), tenant, validateAuthority); Config.Authority = new AadAuthority(authorityInfo); return((T)this); }
/// <summary> /// Overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment). /// /// If an authority was not specified at the application level, the default used is https://login.microsoftonline.com/common. /// </summary> /// <param name="tenantId">The tenant ID, which can be either in GUID format or a domain name. Also known as the Directory ID.</param> /// <returns>The builder to chain the .With methods.</returns> /// <exception cref="ArgumentNullException">Thrown if tenantId is null or an empty string</exception> /// <exception cref="MsalClientException">Thrown if the application was configured with an authority that is not AAD specific (e.g. ADFS or B2C).</exception> /// <remarks> /// The tenant should be more restrictive than the one configured at the application level, e.g. don't use "common". /// Does not affect authority validation, which is specified at the application level.</remarks> public T WithTenantId(string tenantId) { if (string.IsNullOrEmpty(tenantId)) { throw new ArgumentNullException(nameof(tenantId)); } if (!ServiceBundle.Config.Authority.AuthorityInfo.IsTenantOverrideSupported) { throw new MsalClientException( MsalError.TenantOverrideNonAad, MsalErrorMessage.TenantOverrideNonAad); } AadAuthority aadAuthority = (AadAuthority)ServiceBundle.Config.Authority; string tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true); var newAuthorityInfo = AuthorityInfo.FromAadAuthority( tenantedAuthority, ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority); CommonParameters.AuthorityOverride = newAuthorityInfo; return((T)this); }
/// <summary> /// Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs /// </summary> /// <param name="authorityUri">Authority URL for an ADFS server</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <remarks>MSAL.NET will only support ADFS 2019 or later.</remarks> /// <returns>The builder to chain the .With methods</returns> public T WithAdfsAuthority(string authorityUri, bool validateAuthority = true) { Config.AuthorityInfo = AuthorityInfo.FromAdfsAuthority(authorityUri, validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users specifying /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="authorityAudience">Sign-in audience (one AAD organization, /// any work and school accounts, or any work and school accounts and Microsoft personal /// accounts.</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods.</returns> public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true) { CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority); return((T)this); }
/// <summary> /// Adds a known Azure AD authority to the application to sign-in users specifying /// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration. /// </summary> /// <param name="authorityAudience">Sign-in audience (one AAD organization, /// any work and school accounts, or any work and school accounts and Microsoft personal /// accounts</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true) { Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority); return((T)this); }
/// <summary> /// Adds a known authority to the application from its Uri. See https://aka.ms/msal-net-application-configuration. /// This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority, /// nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in national and sovereign clouds, prefer /// using other overrides such as <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/> /// </summary> /// <param name="authorityUri">Uri of the authority</param> /// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param> /// <returns>The builder to chain the .With methods</returns> public T WithAuthority(Uri authorityUri, bool validateAuthority = true) { Config.AuthorityInfo = AuthorityInfo.FromAuthorityUri(authorityUri.ToString(), validateAuthority); return((T)this); }
/// <summary> /// Figures out the authority based on the authority from the config and the authority from the request, /// and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent /// /// The algorithm is: /// /// 1. If there is no request authority (i.e. no authority override), use the config authority. /// 1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID /// 2. If there is a request authority, try to use it. /// 2.1. If the request authority is not "common", then use it /// 2.2 If the request authority is "common", ignore it, and use 1.1 /// /// Special cases: /// /// - if the authority is not defined at the application level and the request level is not AAD, use the request authority /// - if the authority is defined at app level, and the request level authority of is of different type, throw an exception /// /// </summary> public static async Task <Authority> CreateAuthorityForRequestAsync(RequestContext requestContext, AuthorityInfo requestAuthorityInfo, IAccount account = null) { var configAuthorityInfo = requestContext.ServiceBundle.Config.Authority.AuthorityInfo; if (configAuthorityInfo == null) { throw new ArgumentNullException(nameof(configAuthorityInfo)); } ValidateTypeMismatch(configAuthorityInfo, requestAuthorityInfo); await ValidateSameHostAsync(requestAuthorityInfo, requestContext).ConfigureAwait(false); AuthorityInfo nonNullAuthInfo = requestAuthorityInfo ?? configAuthorityInfo; switch (configAuthorityInfo.AuthorityType) { // ADFS is tenant-less, no need to consider tenant case AuthorityType.Adfs: return(new AdfsAuthority(nonNullAuthInfo)); case AuthorityType.Dsts: return(new DstsAuthority(nonNullAuthInfo)); case AuthorityType.B2C: return(new B2CAuthority(nonNullAuthInfo)); case AuthorityType.Aad: bool updateEnvironment = requestContext.ServiceBundle.Config.MultiCloudSupportEnabled && account != null; if (requestAuthorityInfo == null) { return(updateEnvironment ? CreateAuthorityWithTenant(CreateAuthorityWithEnvironment(configAuthorityInfo, account.Environment).AuthorityInfo, account?.HomeAccountId?.TenantId) : CreateAuthorityWithTenant(configAuthorityInfo, account?.HomeAccountId?.TenantId)); } // In case the authority is defined only at the request level if (configAuthorityInfo.IsDefaultAuthority && requestAuthorityInfo.AuthorityType != AuthorityType.Aad) { return(requestAuthorityInfo.CreateAuthority()); } var requestAuthority = updateEnvironment ? new AadAuthority(CreateAuthorityWithEnvironment(requestAuthorityInfo, account?.Environment).AuthorityInfo) : new AadAuthority(requestAuthorityInfo); if (!requestAuthority.IsCommonOrganizationsOrConsumersTenant()) { return(requestAuthority); } return(updateEnvironment ? CreateAuthorityWithTenant(CreateAuthorityWithEnvironment(configAuthorityInfo, account.Environment).AuthorityInfo, account?.HomeAccountId?.TenantId) : CreateAuthorityWithTenant(configAuthorityInfo, account?.HomeAccountId?.TenantId)); default: throw new MsalClientException( MsalError.InvalidAuthorityType, "Unsupported authority type"); } }
/// <summary> /// Adds a known authority corresponding to an Azure AD B2C policy. /// See https://aka.ms/msal-net-b2c-specificities /// </summary> /// <param name="authorityUri">Azure AD B2C authority, including the B2C policy (for instance /// <c>"https://fabrikamb2c.b2clogin.com/tfp/{Tenant}/{policy}</c></param>) /// <returns>The builder to chain the .With methods</returns> public T WithB2CAuthority(string authorityUri) { Config.AuthorityInfo = AuthorityInfo.FromB2CAuthority(authorityUri); return((T)this); }
private static async Task <bool> IsAuthorityAliasedAsync(RequestContext requestContext, AuthorityInfo requestAuthorityInfo) { var instanceDiscoveryManager = requestContext.ServiceBundle.InstanceDiscoveryManager; var result = await instanceDiscoveryManager.GetMetadataEntryAsync(requestContext.ServiceBundle.Config.Authority.AuthorityInfo, requestContext).ConfigureAwait(false); return(result.Aliases.Any(alias => alias.Equals(requestAuthorityInfo.Host))); }