ConfidentialClientApplicationBuilder Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
public class ConfidentialClientApplicationBuilder : Microsoft.Identity.Client.AbstractApplicationBuilder<Microsoft.Identity.Client.ConfidentialClientApplicationBuilder>type ConfidentialClientApplicationBuilder = class
inherit AbstractApplicationBuilder<ConfidentialClientApplicationBuilder>Public Class ConfidentialClientApplicationBuilder
Inherits AbstractApplicationBuilder(Of ConfidentialClientApplicationBuilder)- Inheritance
-
ConfidentialClientApplicationBuilder
Methods
| Build() |
Builds an instance of IConfidentialClientApplication from the parameters set in the ConfidentialClientApplicationBuilder. |
| Create(String) |
Creates a ConfidentialClientApplicationBuilder from a clientID. See https://aka.ms/msal-net-application-configuration |
| CreateWithApplicationOptions(ConfidentialClientApplicationOptions) |
Constructor of a ConfidentialClientApplicationBuilder from application configuration options. See https://aka.ms/msal-net-application-configuration |
| WithAdfsAuthority(String, Boolean) |
Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(AadAuthorityAudience, Boolean) |
Adds a known Azure AD authority to the application to sign-in users specifying the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean) |
Adds a known Azure AD authority to the application to sign-in users specifying the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(AzureCloudInstance, Guid, Boolean) |
Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) described by its cloud instance and its tenant ID. See https://aka.ms/msal-net-application-configuration. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(AzureCloudInstance, String, Boolean) |
Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) described by its cloud instance and its domain name or tenant ID. See https://aka.ms/msal-net-application-configuration. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(String, Boolean) |
Adds a known Azure AD authority to the application to sign-in users specifying the full authority URI. See Application configuration options. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(String, Guid, Boolean) |
Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) specified by its tenant ID. See Application configuration options. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(String, String, Boolean) |
Adds a known Azure AD authority to the application to sign-in users from a single organization (single-tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration. (Inherited from AbstractApplicationBuilder<T>) |
| WithAuthority(Uri, Boolean) |
Adds a known authority to the application. See Application configuration options. This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority, nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in sovereign clouds, prefer using other overrides such as WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean) (Inherited from AbstractApplicationBuilder<T>) |
| WithAzureRegion(String) |
Instructs MSAL to use an Azure regional token service. This feature is currently available to first-party applications only. |
| WithB2CAuthority(String) |
Adds a known authority corresponding to an Azure AD B2C policy. See https://aka.ms/msal-net-b2c-specificities (Inherited from AbstractApplicationBuilder<T>) |
| WithCacheOptions(CacheOptions) |
Options for MSAL token caches. MSAL maintains a token cache internally in memory. By default, this cache object is part of each instance of PublicClientApplication or ConfidentialClientApplication. This method allows customization of the in-memory token cache of MSAL. MSAL's memory cache is different than token cache serialization. Cache serialization pulls the tokens from a cache (e.g. Redis, Cosmos, or a file on disk), where they are stored in JSON format, into MSAL's internal memory cache. Memory cache operations do not involve JSON operations. External cache serialization remains the recommended way to handle desktop apps, web site and web APIs, as it provides persistence. These options do not currently control external cache serialization. Detailed guidance for each application type and platform: https://aka.ms/msal-net-token-cache-serialization (Inherited from AbstractApplicationBuilder<T>) |
| WithCacheSynchronization(Boolean) |
When set to |
| WithCertificate(X509Certificate2) |
Sets the certificate associated with the application. |
| WithCertificate(X509Certificate2, Boolean) |
Sets the certificate associated with the application. Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni |
| WithClientAssertion(Func<AssertionRequestOptions,Task<String>>) |
Configures an async delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion |
| WithClientAssertion(Func<CancellationToken,Task<String>>) |
Configures an async delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion |
| WithClientAssertion(Func<String>) |
Configures a delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion |
| WithClientAssertion(String) |
Sets the application client assertion. See https://aka.ms/msal-net-client-assertion. This will create an assertion that will be held within the client application's memory for the duration of the client. You can use WithClientAssertion(Func<String>) to set a delegate that will be executed for each authentication request. This will allow you to update the client assertion used by the client application once the assertion expires. |
| WithClientCapabilities(IEnumerable<String>) |
Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction. Allows configuration of one or more client capabilities, e.g. "llt" (Inherited from AbstractApplicationBuilder<T>) |
| WithClientClaims(X509Certificate2, IDictionary<String,String>, Boolean) |
Sets the certificate associated with the application along with the specific claims to sign.
By default, this will merge the |
| WithClientClaims(X509Certificate2, IDictionary<String,String>, Boolean, Boolean) |
Sets the certificate associated with the application along with the specific claims to sign.
By default, this will merge the |
| WithClientId(String) |
Sets the Client ID of the application (Inherited from AbstractApplicationBuilder<T>) |
| WithClientName(String) |
Sets the name of the calling application for telemetry purposes. (Inherited from AbstractApplicationBuilder<T>) |
| WithClientSecret(String) |
Sets the application secret |
| WithClientVersion(String) |
Sets the version of the calling application for telemetry purposes. (Inherited from AbstractApplicationBuilder<T>) |
| WithDebugLoggingCallback(LogLevel, Boolean, Boolean) |
Sets the Debug logging callback to a default debug method which displays the level of the message and the message itself. For details see https://aka.ms/msal-net-logging (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithExperimentalFeatures(Boolean) |
Allows usage of experimental features and APIs. If this flag is not set, experimental features will throw an exception. For details see https://aka.ms/msal-net-experimental-features (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithExtraQueryParameters(IDictionary<String,String>) |
Sets Extra Query Parameters for the query string in the HTTP authentication request (Inherited from AbstractApplicationBuilder<T>) |
| WithExtraQueryParameters(String) |
Sets Extra Query Parameters for the query string in the HTTP authentication request (Inherited from AbstractApplicationBuilder<T>) |
| WithGenericAuthority(String) |
Obsolete.
Adds a known authority corresponding to a generic OpenIdConnect Identity Provider. MSAL will append ".well-known/openid-configuration" to the authority and retrieve the OIDC metadata from there, to figure out the endpoints. See https://openid.net/specs/openid-connect-core-1_0.html#Terminology |
| WithHttpClientFactory(IMsalHttpClientFactory) |
Uses a specific IMsalHttpClientFactory to communicate with the IdP. This enables advanced scenarios such as setting a proxy, or setting the Agent. (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithHttpClientFactory(IMsalHttpClientFactory, Boolean) |
Uses a specific IMsalHttpClientFactory to communicate with the IdP. This enables advanced scenarios such as setting a proxy, or setting the Agent. (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithInstanceDicoveryMetadata(String) |
Obsolete.
Allows developers to configure their own valid authorities. A json string similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
|
| WithInstanceDicoveryMetadata(Uri) |
Obsolete.
Lets an organization setup their own service to handle instance discovery, which enables better caching for microservice/service environments. A Uri that returns a response similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
|
| WithInstanceDiscovery(Boolean) |
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to false will completely disable instance discovery and authority validation. This will not affect the behavior of application configured with regional endpoints however. (Inherited from AbstractApplicationBuilder<T>) |
| WithInstanceDiscoveryMetadata(String) |
Allows developers to configure their own valid authorities. A json string similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
|
| WithInstanceDiscoveryMetadata(Uri) |
Lets an organization setup their own service to handle instance discovery, which enables better caching for microservice/service environments. A Uri that returns a response similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
|
| WithLegacyCacheCompatibility(Boolean) |
Enables legacy ADAL cache serialization and deserialization. (Inherited from AbstractApplicationBuilder<T>) |
| WithLogging(IIdentityLogger, Boolean) |
Sets the Identity Logger. For details see https://aka.ms/msal-net-logging (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithLogging(LogCallback, Nullable<LogLevel>, Nullable<Boolean>, Nullable<Boolean>) |
Sets the logging callback. For details see https://aka.ms/msal-net-logging (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithOidcAuthority(String) |
Adds a known authority corresponding to a generic OpenIdConnect Identity Provider. MSAL will append ".well-known/openid-configuration" to the authority and retrieve the OIDC metadata from there, to figure out the endpoints. See https://openid.net/specs/openid-connect-core-1_0.html#Terminology |
| WithOptions(ApplicationOptions) |
Sets application options, which can, for instance have been read from configuration files. See https://aka.ms/msal-net-application-configuration. (Inherited from AbstractApplicationBuilder<T>) |
| WithOptions(BaseApplicationOptions) |
Sets application options, which can, for instance have been read from configuration files. See https://aka.ms/msal-net-application-configuration. (Inherited from BaseAbstractApplicationBuilder<T>) |
| WithRedirectUri(String) |
Sets the redirect URI of the application. The URI must also be registered in the application portal. See https://aka.ms/msal-net-application-configuration (Inherited from AbstractApplicationBuilder<T>) |
| WithTelemetry(ITelemetryConfig) |
Obsolete.
Generate telemetry aggregation events. (Inherited from AbstractApplicationBuilder<T>) |
| WithTelemetryClient(ITelemetryClient[]) |
Sets telemetry client for the application. |
| WithTenantId(String) |
Sets the tenant ID of the organization from which the application will let
users sign-in. This is classically a GUID or a domain name. See https://aka.ms/msal-net-application-configuration.
Although it is also possible to set |
Extension Methods
| WithAppTokenProvider(ConfidentialClientApplicationBuilder, Func<AppTokenProviderParameters,Task<AppTokenProviderResult>>) |
Allows setting a callback which returns an access token, based on the passed-in parameters. MSAL will pass in its authentication parameters to the callback and it is expected that the callback will construct a AppTokenProviderResult and return it to MSAL. MSAL will cache the token response the same way it does for other authentication results. |
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for