Fix for #4860 - ignore tenant id for authorities that do not support … (

#5027) Fix for #4860 - ignore tenant id for authorities that do not support tenants
AzureAD · Dec 28, 2024 · 05455a5 · 05455a5
1 parent 2ad7d8d
commit 05455a5
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 6 deletions.
diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs
@@ -296,8 +296,13 @@ public T WithTenantIdFromAuthority(Uri authorityUri)
             }
 
             var authorityInfo = AuthorityInfo.FromAuthorityUri(authorityUri.ToString(), false);
-            var authority = Authority.CreateAuthority(authorityInfo);
-            return WithTenantId(authority.TenantId);
+            if (authorityInfo.CanBeTenanted)
+            {
+                var authority = Authority.CreateAuthority(authorityInfo);
+                return WithTenantId(authority.TenantId);
+            }
+
+            return this as T;
         }
 
         /// <summary>

diff --git a/...dentity.Test.Integration.netcore/HeadlessTests/UsernamePasswordIntegrationTests.NetFwk.cs b/...dentity.Test.Integration.netcore/HeadlessTests/UsernamePasswordIntegrationTests.NetFwk.cs
@@ -110,12 +110,14 @@ public async Task AcquireTokenFromAdfsUsernamePasswordAsync()
             LabResponse labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019, true).ConfigureAwait(false);
 
             var user = labResponse.User;
-
+            Uri authorityUri = new Uri(Adfs2019LabConstants.Authority);
+
             var msalPublicClient = PublicClientApplicationBuilder
                 .Create(Adfs2019LabConstants.PublicClientId)
-                .WithAdfsAuthority(Adfs2019LabConstants.Authority)
+                .WithAuthority(authorityUri)
                 .WithTestLogging()
                 .Build();
+
             AuthenticationResult authResult = await msalPublicClient
                 .AcquireTokenByUsernamePassword(s_scopes, user.Upn, user.GetOrFetchPassword())
                 .ExecuteAsync()

diff --git a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/AdfsAcceptanceTests.cs b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/AdfsAcceptanceTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.Identity.Client;
@@ -12,6 +13,8 @@ namespace Microsoft.Identity.Test.Unit.PublicApiTests
     [TestClass]
     public class AdfsAcceptanceTests : TestBase
     {
+        private const string AdfsScope = "https://arm.asz/.default";
+
         // Possible authorities copied from: https://msazure.visualstudio.com/One/_search?action=contents&text=CanAcquireToken_UsingRefreshToken&type=code&lp=code-Project&filters=ProjectFilters%7BOne%7DRepositoryFilters%7BAzureStack-Services-Graph%7D&pageSize=25&result=DefaultCollection/One/AzureStack-Services-Graph/GBmain//src/Identity.Web.Tests/MsalTests.cs
         [DataTestMethod]
         [DataRow("https://localhost:3001/adfs")]
@@ -31,6 +34,37 @@ public async Task AdfsAuthorityVariants_WithAuthority_Async(string authority)
             await RunAuthCodeFlowAsync(authority, useWithAdfsAuthority: false).ConfigureAwait(false);
         }
 
+        [TestMethod]
+        public async Task AcquireTokenByUsernamePasswordAsync()
+        {
+            Uri authorityUri = new Uri("https://localhost:3001/adfs");
+            using (var httpManager = new MockHttpManager())
+            {
+                var builder = PublicClientApplicationBuilder
+                    .Create(TestConstants.ClientId)
+                    .WithAuthority(authorityUri)
+                    .WithHttpManager(httpManager)
+                    .WithInstanceDiscovery(false)
+                    .WithRedirectUri(TestConstants.RedirectUri);
+
+                var app = builder.Build();
+
+                AddAdfsWithTenantIdMockHandler(httpManager);
+
+                var result = await app.AcquireTokenByUsernamePassword(
+                    TestConstants.s_scope,
+                    TestConstants.Username,
+                    TestConstants.DefaultPassword)
+                    .WithTenantIdFromAuthority(authorityUri)
+                    .ExecuteAsync()
+                    .ConfigureAwait(false);
+
+                var account = await app.GetAccountAsync(result.Account.HomeAccountId.Identifier).ConfigureAwait(false);
+
+                AssertAdfsResult(result, account);
+            }
+        }
+
         private static async Task RunAuthCodeFlowAsync(string authority, bool useWithAdfsAuthority)
         {
             using (var httpManager = new MockHttpManager())
@@ -52,15 +86,15 @@ private static async Task RunAuthCodeFlowAsync(string authority, bool useWithAdf
 
                 AddAdfsWithTenantIdMockHandler(httpManager);
 
-                var result = await app.AcquireTokenByAuthorizationCode(new[] { "https://arm.asz/.default" }, "authcode")
+                var result = await app.AcquireTokenByAuthorizationCode(new[] { AdfsScope }, "authcode")
                     .ExecuteAsync()
                     .ConfigureAwait(false);
 
                 var account = await app.GetAccountAsync(result.Account.HomeAccountId.Identifier).ConfigureAwait(false);
 
                 AssertAdfsResult(result, account);
 
-                var result2 = await app.AcquireTokenSilent(new[] { "https://arm.asz/.default" }, account)
+                var result2 = await app.AcquireTokenSilent(new[] { AdfsScope }, account)
                     .ExecuteAsync()
                     .ConfigureAwait(false);