Share via


AbstractApplicationBuilder<T>.WithAuthority Method

Definition

Overloads

WithAuthority(AadAuthorityAudience, Boolean)

Adds a known Azure AD authority to the application to sign-in users specifying the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.

WithAuthority(String, Boolean)

Adds a known Azure AD authority to the application to sign-in users specifying the full authority URI. See Application configuration options.

WithAuthority(Uri, Boolean)

Adds a known authority to the application. See Application configuration options. This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority, nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in sovereign clouds, prefer using other overrides such as WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean)

WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean)

Adds a known Azure AD authority to the application to sign-in users specifying the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.

WithAuthority(AzureCloudInstance, Guid, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) described by its cloud instance and its tenant ID. See https://aka.ms/msal-net-application-configuration.

WithAuthority(AzureCloudInstance, String, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) described by its cloud instance and its domain name or tenant ID. See https://aka.ms/msal-net-application-configuration.

WithAuthority(String, Guid, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) specified by its tenant ID. See Application configuration options.

WithAuthority(String, String, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.

WithAuthority(AadAuthorityAudience, Boolean)

Adds a known Azure AD authority to the application to sign-in users specifying the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.

public T WithAuthority (Microsoft.Identity.Client.AadAuthorityAudience authorityAudience, bool validateAuthority = true);
member this.WithAuthority : Microsoft.Identity.Client.AadAuthorityAudience * bool -> 'T
Public Function WithAuthority (authorityAudience As AadAuthorityAudience, Optional validateAuthority As Boolean = true) As T

Parameters

authorityAudience
AadAuthorityAudience

Sign-in audience (one AAD organization, any work and school accounts, or any work and school accounts and Microsoft personal accounts

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods

Applies to

WithAuthority(String, Boolean)

Adds a known Azure AD authority to the application to sign-in users specifying the full authority URI. See Application configuration options.

public T WithAuthority (string authorityUri, bool validateAuthority = true);
member this.WithAuthority : string * bool -> 'T
Public Function WithAuthority (authorityUri As String, Optional validateAuthority As Boolean = true) As T

Parameters

authorityUri
String

URI of the authority from which MSAL.NET will acquire the tokens. Authority endpoints for the Azure public Cloud are:

  • https://login.microsoftonline.com/tenant/ where tenant is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only
  • https://login.microsoftonline.com/common/ to sign-in users with any work and school accounts or personal Microsoft accounts
  • https://login.microsoftonline.com/organizations/ to sign-in users with any work and school accounts
  • https://login.microsoftonline.com/consumers/ to sign-in users with only personal Microsoft accounts (live)
Note that this setting needs to be consistent with what is declared in the application registration portal

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods

Exceptions

Thrown if authorityUri is null or empty.

Thrown if authorityUri is not well-formatted (for example, has spaces).

Thrown in general exception scenarios (for example if the application was configured with multiple different authority hosts).

Applies to

WithAuthority(Uri, Boolean)

Adds a known authority to the application. See Application configuration options. This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority, nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in sovereign clouds, prefer using other overrides such as WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean)

public T WithAuthority (Uri authorityUri, bool validateAuthority = true);
member this.WithAuthority : Uri * bool -> 'T
Public Function WithAuthority (authorityUri As Uri, Optional validateAuthority As Boolean = true) As T

Parameters

authorityUri
Uri

URI of the authority

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods

Exceptions

Thrown if authorityUri is null.

Thrown if authorityUri is not well-formatted (for example, has spaces).

Thrown in general exception scenarios (for example if the application was configured with multiple different authority hosts).

Applies to

WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean)

Adds a known Azure AD authority to the application to sign-in users specifying the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.

public T WithAuthority (Microsoft.Identity.Client.AzureCloudInstance azureCloudInstance, Microsoft.Identity.Client.AadAuthorityAudience authorityAudience, bool validateAuthority = true);
member this.WithAuthority : Microsoft.Identity.Client.AzureCloudInstance * Microsoft.Identity.Client.AadAuthorityAudience * bool -> 'T
Public Function WithAuthority (azureCloudInstance As AzureCloudInstance, authorityAudience As AadAuthorityAudience, Optional validateAuthority As Boolean = true) As T

Parameters

azureCloudInstance
AzureCloudInstance

Instance of Azure Cloud (for instance Azure worldwide cloud, Azure German Cloud, US government ...)

authorityAudience
AadAuthorityAudience

Sign-in audience (one AAD organization, any work and school accounts, or any work and school accounts and Microsoft personal accounts

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods

Applies to

WithAuthority(AzureCloudInstance, Guid, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) described by its cloud instance and its tenant ID. See https://aka.ms/msal-net-application-configuration.

public T WithAuthority (Microsoft.Identity.Client.AzureCloudInstance azureCloudInstance, Guid tenantId, bool validateAuthority = true);
member this.WithAuthority : Microsoft.Identity.Client.AzureCloudInstance * Guid * bool -> 'T
Public Function WithAuthority (azureCloudInstance As AzureCloudInstance, tenantId As Guid, Optional validateAuthority As Boolean = true) As T

Parameters

azureCloudInstance
AzureCloudInstance

Instance of Azure cloud (for example, Azure public cloud, Azure China, or Azure Government).

tenantId
Guid

Tenant Id of the tenant from which to sign-in users

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods

Applies to

WithAuthority(AzureCloudInstance, String, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) described by its cloud instance and its domain name or tenant ID. See https://aka.ms/msal-net-application-configuration.

public T WithAuthority (Microsoft.Identity.Client.AzureCloudInstance azureCloudInstance, string tenant, bool validateAuthority = true);
member this.WithAuthority : Microsoft.Identity.Client.AzureCloudInstance * string * bool -> 'T
Public Function WithAuthority (azureCloudInstance As AzureCloudInstance, tenant As String, Optional validateAuthority As Boolean = true) As T

Parameters

azureCloudInstance
AzureCloudInstance

Instance of Azure cloud (for example, Azure public cloud, Azure China, or Azure Government).

tenant
String

Domain name associated with the Azure AD tenant from which to sign-in users. This can also be a GUID.

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods.

Exceptions

Thrown if tenant or tenant is null or empty.

Applies to

WithAuthority(String, Guid, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) specified by its tenant ID. See Application configuration options.

public T WithAuthority (string cloudInstanceUri, Guid tenantId, bool validateAuthority = true);
member this.WithAuthority : string * Guid * bool -> 'T
Public Function WithAuthority (cloudInstanceUri As String, tenantId As Guid, Optional validateAuthority As Boolean = true) As T

Parameters

cloudInstanceUri
String

Azure cloud instance.

tenantId
Guid

GUID of the tenant from which to sign-in users.

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods.

Exceptions

Thrown if cloudInstanceUri is null or empty.

Thrown if cloudInstanceUri is not well-formatted (for example, has spaces).

Thrown in more general exception scenarios (for example if the application was configured with multiple different authority hosts).

Applies to

WithAuthority(String, String, Boolean)

Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.

public T WithAuthority (string cloudInstanceUri, string tenant, bool validateAuthority = true);
member this.WithAuthority : string * string * bool -> 'T
Public Function WithAuthority (cloudInstanceUri As String, tenant As String, Optional validateAuthority As Boolean = true) As T

Parameters

cloudInstanceUri
String

Uri to the Azure cloud instance (for instance https://login.microsoftonline.com)

tenant
String

Domain name associated with the tenant from which to sign-in users

validateAuthority
Boolean

Whether the authority should be validated against the server metadata.

Returns

T

The builder to chain the .With methods

Exceptions

Thrown if cloudInstanceUri or tenant is null or empty.

Thrown if cloudInstanceUri or tenant is not well-formatted (for example, has spaces).

Thrown in more general exception scenarios (for example if the application was configured with multiple different authority hosts).

Remarks

tenant can also contain the string representation of a GUID (tenantId), or even common, organizations or consumers but in this case it's recommended to use another override (WithAuthority(AzureCloudInstance, Guid, Boolean) and WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean)

Applies to