public async Task RegionNotFoundAsync()
{
_httpManager.AddRegionDiscoveryMockHandlerNotFound();
var app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(new System.Uri(ClientApplicationBase.DefaultAuthority))
.WithRedirectUri(TestConstants.RedirectUri)
.WithHttpManager(_httpManager)
.WithClientSecret(TestConstants.ClientSecret)
.BuildConcrete();
try
{
AuthenticationResult result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithAzureRegion(true)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.Fail("Exception should be thrown");
}
catch (MsalClientException e)
{
Assert.IsNotNull(e);
Assert.AreEqual(MsalError.RegionDiscoveryFailed, e.ErrorCode);
Assert.AreEqual(MsalErrorMessage.RegionDiscoveryFailed, e.Message);
}
}
public async Task RegionFallbackToGlobalAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddRegionDiscoveryMockHandlerNotFound();
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandler(CreateTokenResponseHttpHandler(false));
IConfidentialClientApplication app = CreateCca(
httpManager,
ConfidentialClientApplication.AttemptRegionDiscovery);
try
{
AuthenticationResult result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
Assert.AreEqual(null, result.ApiEvent.RegionUsed);
Assert.AreEqual((int)RegionAutodetectionSource.FailedAutoDiscovery, result.ApiEvent.RegionAutodetectionSource);
Assert.AreEqual((int)RegionOutcome.FallbackToGlobal, result.ApiEvent.RegionOutcome);
}
catch (MsalServiceException)
{
Assert.Fail("Fallback to global failed.");
}
}
}
// regression: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2686
public async Task OtherCloudWithAuthorityValidationAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddRegionDiscoveryMockHandlerNotFound();
var discoveryHandler = MockHelpers.CreateInstanceDiscoveryMockHandler(
"https://login.microsoftonline.com/common/discovery/instance",
TestConstants.DiscoveryJsonResponse);
var tokenHttpCallHandler = new MockHttpMessageHandler()
{
ExpectedUrl = "https://eastus.login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b/oauth2/v2.0/token",
ExpectedMethod = HttpMethod.Post,
ResponseMessage = CreateResponse(true)
};
httpManager.AddMockHandler(discoveryHandler);
httpManager.AddMockHandler(tokenHttpCallHandler);
var app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority("https://login.windows-ppe.net/common", true)
.WithHttpManager(httpManager)
.WithAzureRegion("eastus")
.WithClientSecret(TestConstants.ClientSecret)
.Build();
AuthenticationResult result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithAuthority("https://login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
.ExecuteAsync()
.ConfigureAwait(false);
Assert.AreEqual("eastus", result.ApiEvent.RegionUsed);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(
"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https%3A%2F%2Flogin.windows-ppe.net%2F17b189bc-2b81-4ec5-aa51-3e628cbc931b%2Foauth2%2Fv2.0%2Fauthorize",
discoveryHandler.ActualRequestMessage.RequestUri.AbsoluteUri,
"Authority validation is made on https://login.microsoftonline.com/ and it validates the auth_endpoint of the non-regional authority");
result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithAuthority("https://login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
.ExecuteAsync()
.ConfigureAwait(false);
Assert.AreEqual("eastus", result.ApiEvent.RegionUsed);
Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
}
}
public async Task RegionNotFoundAndFallbackToGlobalIsFalseAsync()
{
_httpManager.AddRegionDiscoveryMockHandlerNotFound();
var app = CreateApp();
try
{
AuthenticationResult result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithPreferredAzureRegion(true, fallbackToGlobal: false)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.Fail("Exception should be thrown");
}
catch (MsalServiceException e)
{
Assert.IsNotNull(e);
Assert.AreEqual(MsalError.RegionDiscoveryFailed, e.ErrorCode);
Assert.AreEqual(MsalErrorMessage.RegionDiscoveryFailed, e.Message);
}
}
// regression: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2686
public async Task OtherCloudWithAuthorityValidationAsync()
{
const string imdsError = "IMDS call failed with exception";
const string autoDiscoveryError = "Auto-discovery failed in the past. Not trying again. IMDS call failed";
using (var httpManager = new MockHttpManager())
{
httpManager.AddRegionDiscoveryMockHandlerNotFound();
var discoveryHandler = MockHelpers.CreateInstanceDiscoveryMockHandler(
"https://login.microsoftonline.com/common/discovery/instance",
TestConstants.DiscoveryJsonResponse);
var tokenHttpCallHandler = new MockHttpMessageHandler()
{
ExpectedUrl = "https://eastus.login.windows-ppe.org/17b189bc-2b81-4ec5-aa51-3e628cbc931b/oauth2/v2.0/token",
ExpectedMethod = HttpMethod.Post,
ResponseMessage = CreateResponse(true)
};
httpManager.AddMockHandler(discoveryHandler);
httpManager.AddMockHandler(tokenHttpCallHandler);
var app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority("https://" + TestConstants.PpeOrgEnvironment + "/common", true) //login.windows-ppe.org is not known to MSAL
.WithHttpManager(httpManager)
.WithAzureRegion(EastUsRegion)
.WithClientSecret(TestConstants.ClientSecret)
.Build();
#pragma warning disable CS0618 // Type or member is obsolete
AuthenticationResult result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithAuthority("https://" + TestConstants.PpeOrgEnvironment + "/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
.ExecuteAsync()
.ConfigureAwait(false);
Assert.AreEqual(EastUsRegion, result.ApiEvent.RegionUsed);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(
"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https%3A%2F%2Flogin.windows-ppe.org%2F17b189bc-2b81-4ec5-aa51-3e628cbc931b%2Foauth2%2Fv2.0%2Fauthorize",
discoveryHandler.ActualRequestMessage.RequestUri.AbsoluteUri,
"Authority validation is made on https://login.microsoftonline.com/ and it validates the auth_endpoint of the non-regional authority");
Assert.AreEqual(EastUsRegion, result.AuthenticationResultMetadata.RegionDetails.RegionUsed);
Assert.AreEqual(RegionOutcome.UserProvidedAutodetectionFailed, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
Assert.IsTrue(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError.Contains(imdsError));
result = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithAuthority("https://" + TestConstants.PpeOrgEnvironment + "/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
.ExecuteAsync()
.ConfigureAwait(false);
#pragma warning restore CS0618 // Type or member is obsolete
Assert.AreEqual(EastUsRegion, result.ApiEvent.RegionUsed);
Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(EastUsRegion, result.AuthenticationResultMetadata.RegionDetails.RegionUsed);
Assert.AreEqual(RegionOutcome.UserProvidedAutodetectionFailed, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
Assert.IsTrue(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError.Contains(autoDiscoveryError));
}
}