ApplicationConfiguration

Configuring an MSAL.NET application

MSAL.NET 3.x brings a new way to instantiate an application from code, and it enables you to directly take information from configuration files to instantiate an application.

Configuration of an ASP.NET Core Web App or Web API

Configuring the application straight from the configuration file

ASP.NET Core applications propose to describe the application configuration in appsettings.json files like the following:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[Enter the domain of your tenant, e.g. contoso.onmicrosoft.com]",
    "TenantId": "[Enter 'common', or 'organizations' or the Tenant Id (Obtained from the Azure portal. Select 'Endpoints' from the 'App registrations' blade and use the GUID in any of the URLs), e.g. da41245a5-11b3-996c-00a8-4d99re19f292]",
    "ClientId": "[Enter the Client Id (Application ID obtained from the Azure portal), e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]",
    "CallbackPath": "/signin-oidc",
    "SignedOutCallbackPath ": "/signout-callback-oidc",

    "ClientSecret": "[Copy the client secret added to the app from the Azure portal]"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

MSAL.NET, from 3.x, enables you to benefit from this configuration file and configure your Confidential client application with this config file:

The classes related to the app configuration are located in the Microsoft.Identity.Client.AppConfig namespace

using Microsoft.Identity.Client.AppConfig;

Then in the class where you want to benefit from the configuration, you need to declare a ConfidentialClientApplicationOptions and bind the configuration read from whatever source (including the appconfig.json file) to the instance of

private ConfidentialClientApplicationOptions _applicationOptions;

_applicationOptions = new ConfidentialClientApplicationOptions();
configuration.Bind("AzureAD", _applicationOptions);

This enables the content of the "AzureAD" section of the appsettings.json to be bound to the corresponding properties of the ConfidentialClientApplicationOptions

From there, you can build a ConfidentialClientApplication

IConfidentialClientApplication app;
app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(_applicationOptions)
        .Build();

Adding runtime configuration

Now, in a Confidential client application, you usually have a cache per user, therefore you will need to get the cache associated with the user, and inform the application builder that you want to use it. In the same way, you might have a dynamically computed redirectUri. In this case the code is the following:

IConfidentialClientApplication app;
var request = httpContext.Request;
var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, _azureAdOptions.CallbackPath ?? string.Empty);

TokenCache userTokenCache = _tokenCacheProvider.GetCache(httpContext, claimsPrincipal);
app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(_applicationOptions)
       .WithUserTokenCache(userTokenCache)
       .WithRedirectUri(currentUri)
       .Build();