Providing your own HttpClient, supporting HTTP proxies, and customization of user agent headers

There are cases where developers want fine-grained control of the HttpClient instance, such as configuring a proxy or using ASP.NET Core's efficient ways of pooling the HttpClient. You can read more in the HttpClientFactory to implement resilient HTTP requests document. To customize HttpClient, developers will need to implement IMsalHttpClientFactory, which MSAL will then use to get a HttpClient for each HTTP request.

IMsalHttpClientFactory implementation guidelines

Example implementation

IMsalHttpClientFactory httpClientFactory = new MyHttpClientFactory();

var pca = ConfidentialClientApplication.Create("client_id") 

A simple implementation of IMsalHttpClientFactory

public class StaticClientWithProxyFactory : IMsalHttpClientFactory
    private static readonly HttpClient s_httpClient;

    static StaticClientWithProxyFactory()
        var webProxy = new WebProxy(
            new Uri("http://my.proxy"),
            BypassOnLocal: false);

        webProxy.Credentials = new NetworkCredential("user", "pass");

        var proxyHttpClientHandler = new HttpClientHandler
            Proxy = webProxy,
            UseProxy = true,

        s_httpClient = new HttpClient(proxyHttpClientHandler);

    public HttpClient GetHttpClient()
        return s_httpClient;

HttpClient and Xamarin iOS

When using Xamarin iOS, it is recommended to create an HttpClient that explicitly uses the NSURLSession-based handler for iOS 7 and newer. MSAL.NET automatically creates an HttpClient that uses NSURLSessionHandler for iOS 7 and newer. For more information, read the Xamarin iOS documentation for HttpClient.


Problem: On a desktop application, the authorization experience do not use the HttpClient I defined


On desktop and mobile apps, MSAL opens a browser and navigates to the authorization URL. It does not use HttpClient When using the embedded browser, you can control the proxy for it by following the technique at: This cannot be achived on .NET Core, where only the system browser is available. MSAL has no control over the system browser.

Problem: My browser can connect to the proxy, but I get HTTP 407 errors from MSAL

Solution: HTTP 407 shows a proxy authentication issue. .NET framework uses the proxy settings from IE, which by default does not include the "UseDefaultCredential" setting. Some users have reported fixing this issue by adding the following to their .config file:

        <defaultProxy enabled="true" useDefaultCredentials="true" />