/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="cloudInstanceUri">Azure Cloud instance</param>
/// <param name="tenantId">Guid of the tenant from which to sign-in users</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods</returns>
public T WithAuthority(
string cloudInstanceUri,
Guid tenantId,
bool validateAuthority = true)
{
Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenantId, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) described by its cloud instance and its domain
/// name or tenant ID. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
/// worldwide cloud, Azure German Cloud, US government ...)</param>
/// <param name="tenant">Domain name associated with the Azure AD tenant from which
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// to sign-in users. This can also be a guid</param>
/// <returns>The builder to chain the .With methods</returns>
public T WithAuthority(
AzureCloudInstance azureCloudInstance,
string tenant,
bool validateAuthority = true)
{
Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) described by its cloud instance and its domain
/// name or tenant ID. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
/// worldwide cloud, Azure German Cloud, US government ...).</param>
/// <param name="tenant">Tenant Id of the tenant from which to sign-in users. This can also be a GUID.</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods.</returns>
public T WithAuthority(
AzureCloudInstance azureCloudInstance,
string tenant,
bool validateAuthority = true)
{
CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenant, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users specifying
/// the full authority Uri. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="authorityUri">URL of the security token service (STS) from which MSAL.NET will acquire the tokens.
/// Usual authorities endpoints for the Azure public Cloud are:
/// <list type="bullet">
/// <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant
/// or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
/// <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item>
/// <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
/// <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item>
/// </list>
/// Note that this setting needs to be consistent with what is declared in the application registration portal</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods</returns>
public T WithAuthority(string authorityUri, bool validateAuthority = true)
{
if (string.IsNullOrWhiteSpace(authorityUri))
{
throw new ArgumentNullException(authorityUri);
}
Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityUri, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users specifying
/// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="authorityAudience">Sign-in audience (one AAD organization,
/// any work and school accounts, or any work and school accounts and Microsoft personal
/// accounts.</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods.</returns>
public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
if (validateAuthority)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
}
CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
/// <c>https://login.microsoftonline.com)</c>.</param>
/// <param name="tenant">Tenant Id associated with the tenant from which to sign-in users.</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <remarks>
/// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
/// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
/// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
/// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
/// </remarks>
/// <returns>The builder to chain the .With methods.</returns>
public T WithAuthority(
string cloudInstanceUri,
string tenant,
bool validateAuthority = true)
{
if (string.IsNullOrWhiteSpace(cloudInstanceUri))
{
throw new ArgumentNullException(nameof(cloudInstanceUri));
}
CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenant, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) described by its cloud instance and its tenant ID.
/// See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
/// worldwide cloud, Azure German Cloud, US government ...).</param>
/// <param name="tenantId">Tenant Id of the tenant from which to sign-in users.</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods.</returns>
public T WithAuthority(
AzureCloudInstance azureCloudInstance,
Guid tenantId,
bool validateAuthority = true)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
if (validateAuthority)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
}
CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(azureCloudInstance, tenantId, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="cloudInstanceUri">Azure Cloud instance.</param>
/// <param name="tenantId">GUID of the tenant from which to sign-in users.</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods.</returns>
public T WithAuthority(
string cloudInstanceUri,
Guid tenantId,
bool validateAuthority = true)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAuthority);
if (validateAuthority)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithValidateAuthority);
}
if (string.IsNullOrWhiteSpace(cloudInstanceUri))
{
throw new ArgumentNullException(nameof(cloudInstanceUri));
}
CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(new Uri(cloudInstanceUri), tenantId, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users from a single
/// organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
/// <c>https://login.microsoftonline.com)</c></param>
/// <param name="tenant">domain name associated with the tenant from which to sign-in users</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <remarks>
/// <paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
/// or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
/// it's recommended to use another override (<see cref="WithAuthority(AzureCloudInstance, Guid, bool)"/>
/// and <see cref="WithAuthority(AzureCloudInstance, AadAuthorityAudience, bool)"/>
/// </remarks>
/// <returns>The builder to chain the .With methods</returns>
public T WithAuthority(
string cloudInstanceUri,
string tenant,
bool validateAuthority = true)
{
if (string.IsNullOrWhiteSpace(cloudInstanceUri))
{
throw new ArgumentNullException(nameof(cloudInstanceUri));
}
if (string.IsNullOrWhiteSpace(tenant))
{
throw new ArgumentNullException(nameof(tenant));
}
var authorityInfo = AuthorityInfo.FromAadAuthority(
new Uri(cloudInstanceUri),
tenant,
validateAuthority);
Config.Authority = new AadAuthority(authorityInfo);
return((T)this);
}
/// <summary>
/// Overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment).
///
/// If an authority was not specified at the application level, the default used is https://login.microsoftonline.com/common.
/// </summary>
/// <param name="tenantId">The tenant ID, which can be either in GUID format or a domain name. Also known as the Directory ID.</param>
/// <returns>The builder to chain the .With methods.</returns>
/// <exception cref="ArgumentNullException">Thrown if tenantId is null or an empty string</exception>
/// <exception cref="MsalClientException">Thrown if the application was configured with an authority that is not AAD specific (e.g. ADFS or B2C).</exception>
/// <remarks>
/// The tenant should be more restrictive than the one configured at the application level, e.g. don't use "common".
/// Does not affect authority validation, which is specified at the application level.</remarks>
public T WithTenantId(string tenantId)
{
if (string.IsNullOrEmpty(tenantId))
{
throw new ArgumentNullException(nameof(tenantId));
}
if (!ServiceBundle.Config.Authority.AuthorityInfo.IsTenantOverrideSupported)
{
throw new MsalClientException(
MsalError.TenantOverrideNonAad,
MsalErrorMessage.TenantOverrideNonAad);
}
AadAuthority aadAuthority = (AadAuthority)ServiceBundle.Config.Authority;
string tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true);
var newAuthorityInfo = AuthorityInfo.FromAadAuthority(
tenantedAuthority,
ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority);
CommonParameters.AuthorityOverride = newAuthorityInfo;
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users specifying
/// the full authority Uri. See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="authorityUri">URL of the security token service (STS) from which MSAL.NET will acquire the tokens.
/// Usual authorities endpoints for the Azure public Cloud are:
/// <list type="bullet">
/// <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant
/// or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
/// <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item>
/// <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
/// <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item>
/// </list>
/// Note that this setting needs to be consistent with what is declared in the application registration portal</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods</returns>
public T WithAuthority(string authorityUri, bool validateAuthority = true)
{
Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityUri, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users specifying
/// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="authorityAudience">Sign-in audience (one AAD organization,
/// any work and school accounts, or any work and school accounts and Microsoft personal
/// accounts</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods</returns>
public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
{
Config.AuthorityInfo = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
return((T)this);
}
/// <summary>
/// Adds a known Azure AD authority to the application to sign-in users specifying
/// the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
/// </summary>
/// <param name="authorityAudience">Sign-in audience (one AAD organization,
/// any work and school accounts, or any work and school accounts and Microsoft personal
/// accounts.</param>
/// <param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
/// <returns>The builder to chain the .With methods.</returns>
public T WithAuthority(AadAuthorityAudience authorityAudience, bool validateAuthority = true)
{
CommonParameters.AuthorityOverride = AuthorityInfo.FromAadAuthority(authorityAudience, validateAuthority);
return((T)this);
}