Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
public class ConfidentialClientApplicationBuilder : AbstractApplicationBuilder<ConfidentialClientApplicationBuilder>
Creates a ConfidentialClientApplicationBuilder from a clientID.
See https://aka.ms/msal-net-application-configuration
public static ConfidentialClientApplicationBuilder CreateWithApplicationOptions(ConfidentialClientApplicationOptions options)
Constructor of a ConfidentialClientApplicationBuilder from application configuration options.
See https://aka.ms/msal-net-application-configuration
Builds an instance of IConfidentialClientApplication
from the parameters set in the ConfidentialClientApplicationBuilder.
Instructs MSAL to use an Azure regional token service. This feature is currently available to
first-party applications only.
public ConfidentialClientApplicationBuilder WithCacheSynchronization(bool enableCacheSynchronization)
When set to true, MSAL will lock cache access at the ConfidentialClientApplication level, i.e.
the block of code between BeforeAccessAsync and AfterAccessAsync callbacks will be synchronized.
Apps can set this flag to false to enable an optimistic cache locking strategy, which may result in better performance
at the cost of cache consistency.
Setting this flag to false is only recommended for apps which create a new ConfidentialClientApplication per request.
Sets the certificate associated with the application.
public ConfidentialClientApplicationBuilder WithCertificate(X509Certificate2 certificate, bool sendX5C)
Sets the certificate associated with the application.
Applicable to first-party applications only, this method also allows to specify
if the x5c claim should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
public ConfidentialClientApplicationBuilder WithCertificate(X509Certificate2 certificate, CertificateOptions certificateOptions)
Sets the certificate associated with the application.
Applicable to first-party applications only, this method also allows to specify
if the x5c claim should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
Sets the application client assertion. See https://aka.ms/msal-net-client-assertion.
This will create an assertion that will be held within the client application's memory for the duration of the client.
You can use WithClientAssertion to set a delegate that will be executed for each authentication request.
This will allow you to update the client assertion used by the client application once the assertion expires.
public ConfidentialClientApplicationBuilder WithClientAssertion(Func<string> clientAssertionDelegate)
Configures a delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion
public ConfidentialClientApplicationBuilder WithClientAssertion(Func<CancellationToken, Task<string>> clientAssertionAsyncDelegate)
Configures an async delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion
public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRequestOptions, Task<string>> clientAssertionAsyncDelegate)
Configures an async delegate that creates a client assertion. The delegate is invoked only when a token cannot be retrieved from the cache.
See https://aka.ms/msal-net-client-assertion
public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRequestOptions, CancellationToken, Task<ClientSignedAssertion>> clientSignedAssertionProvider)
Configures the client application to use a client assertion for authentication.
public ConfidentialClientApplicationBuilder WithClientClaims(X509Certificate2 certificate, IDictionary<string, string> claimsToSign, bool mergeWithDefaultClaims)
Sets the certificate associated with the application along with the specific claims to sign.
By default, this will merge the claimsToSign with the default required set of claims needed for authentication.
If mergeWithDefaultClaims is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion
public ConfidentialClientApplicationBuilder WithClientClaims(X509Certificate2 certificate, IDictionary<string, string> claimsToSign, bool mergeWithDefaultClaims = true, bool sendX5C = false)
Sets the certificate associated with the application along with the specific claims to sign.
By default, this will merge the claimsToSign with the default required set of claims needed for authentication.
If mergeWithDefaultClaims is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion
Sets the application secret
Call WithOidcAuthority instead.
Adds a known authority corresponding to a generic OpenIdConnect Identity Provider.
MSAL will append ".well-known/openid-configuration" to the authority and retrieve the OIDC
metadata from there, to figure out the endpoints.
See https://openid.net/specs/openid-connect-core-1_0.html#Terminology
public ConfidentialClientApplicationBuilder WithTelemetryClient(ITelemetryClient[] telemetryClients)
This method is obsolete. See https://aka.ms/msal-net-telemetry