diff --git a/CHANGELOG.md b/CHANGELOG.md index 3942435e50..36d00e9f4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -202,7 +202,7 @@ Resolved an issue where MSAL attempts to acquire a token via certificate authent - Added new APIs to acquire authentication data from WWW-Authenticate and Authentication-Info request headers. This will provide additional support for Proof-of-Possession. See [3026](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3026) ### Experimental Features -- [Managed identities for Azure resources](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) provide Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code. MSAL now supports acquiring token for managed identities for Azure App Services and Azure Virtual Machines. Use `WithManagedIdentity()` method on the `AcquireTokenForClient` API to get an MSI token. This is an experimental feature and may change in the future versions of MSAL. See [3754](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3754) and [3829](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3829) +- [Managed identities for Azure resources](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) provide Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code. MSAL now supports acquiring token for managed identities for Azure App Services and Azure Virtual Machines. Use `WithManagedIdentity()` method on the `AcquireTokenForClient` API to get an MSI token. This is an experimental feature and may change in the future versions of MSAL. See [3754](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3754) and [3829](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3829) ### Supportability - Enabled more logging for new WAM broker. See [3575](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3575) @@ -724,7 +724,7 @@ Logs are now consistent when you use several .NET authentication libraries from ### Fundamentals: **Added additional code analyzers**. See issue [#2419](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2419) for details. -**Improved documentation to support Android 11**. See [Xamarin Android 11](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-xamarin-android-considerations#android-11-support) docs. +**Improved documentation to support Android 11**. See [Xamarin Android 11](https://learn.microsoft.com/entra/identity-platform/msal-net-xamarin-android-considerations#android-11-support) docs. 4.27.0 ========== @@ -1189,7 +1189,7 @@ Bug Fixes: 3.0.6-preview ============= New Features: -- **MSAL.NET now creates an HttpClient that uses the AndroidClientHandler** for Android 4.1 and higher. See [documentation for more information](https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=windows). [MSAL issue #1076](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1076) +- **MSAL.NET now creates an HttpClient that uses the AndroidClientHandler** for Android 4.1 and higher. See [documentation for more information](https://learn.microsoft.com/xamarin/android/app-fundamentals/http-stack?tabs=windows). [MSAL issue #1076](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1076) Bug Fixes: - **When doing the ADAL.NET fallback from MSAL.NET, MSAL.NET was doing the lookup based on the account.HomeAccountId or requestParameters.LoginHint**. In ADAL.NET an account will never have a HomeAccountId (by design), so lookup needs to happen by Account.UserName instead. [MSAL.NET issue #1100](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1100) diff --git a/README.md b/README.md index 1cd27b17ab..0af6b96ede 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,6 @@ See the [our telemetry documentation](https://learn.microsoft.com/entra/msal/dot ## Trademarks -This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies. +This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/legal/intellectualproperty/trademarks/usage/general). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies. Copyright © Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License"). diff --git a/SECURITY.md b/SECURITY.md index 1805721ca5..558efbf095 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). -If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. +If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://www.microsoft.com/msrc/definition-of-a-security-vulnerability), please report it to us as described below. ## Reporting Security Issues @@ -12,7 +12,7 @@ If you believe you have found a security vulnerability in any Microsoft-owned re Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). -If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc). +If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc). You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). @@ -36,6 +36,6 @@ We prefer all communications to be in English. ## Policy -Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/msrc/cvd). diff --git a/build/MSAL.CodeCoverage.runsettings b/build/MSAL.CodeCoverage.runsettings index 4f55831042..09b0c9bd7f 100644 --- a/build/MSAL.CodeCoverage.runsettings +++ b/build/MSAL.CodeCoverage.runsettings @@ -1,7 +1,7 @@ + See https://learn.microsoft.com/previous-versions/visualstudio/visual-studio-2015/test/customizing-code-coverage-analysis?view=vs-2015 for more info. --> @@ -34,4 +34,3 @@ Included items must then not match any entries in the exclude list to remain inc - \ No newline at end of file diff --git a/build/installEdgeDriver.ps1 b/build/installEdgeDriver.ps1 index 6d108824ee..3230c6efc0 100644 --- a/build/installEdgeDriver.ps1 +++ b/build/installEdgeDriver.ps1 @@ -7,7 +7,7 @@ if ([string]::IsNullOrEmpty($edgeVersion)) { echo "##vso[task.complete result=Failed;]Failed" } -$url = "https://msedgedriver.azureedge.net/$edgeVersion/edgedriver_win64.zip" #Edge Driver from https://developer.microsoft.com/en-us/microsoft-edge/tools/webdriver/ +$url = "https://msedgedriver.azureedge.net/$edgeVersion/edgedriver_win64.zip" #Edge Driver from https://developer.microsoft.com/microsoft-edge/tools/webdriver/ $fileName = "edgedriver_win64.zip" $source = "C:\Downloads\$fileName" $destination = "C:\Program Files\dotnet\" diff --git a/build/win-installer-helper.psm1 b/build/win-installer-helper.psm1 index ea55ad2444..3b39da29bb 100644 --- a/build/win-installer-helper.psm1 +++ b/build/win-installer-helper.psm1 @@ -2057,7 +2057,7 @@ function Get-PackageFullName Gets the latest installed version of the .NET Framework. .DESCRIPTION Retrieves information from the registry based on the documentation at this link: - https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b. + https://learn.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b. Returns the entire child object from the registry. .OUTPUTS The child registry entry for the .NET framework installation. diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/EmbeddedWebViewOptions.cs b/src/client/Microsoft.Identity.Client/ApiConfig/EmbeddedWebViewOptions.cs index 2be441967c..fed2f6eb1c 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/EmbeddedWebViewOptions.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/EmbeddedWebViewOptions.cs @@ -41,7 +41,7 @@ internal static EmbeddedWebViewOptions GetDefaultOptions() /// /// It is possible for applications to bundle a fixed version of the runtime, and ship it side-by-side. /// For this you need to tell MSAL (so it can tell WebView2) where to find the runtime bits by setting this property. If you don't set it, MSAL will attempt to use a system-wide "evergreen" installation of the runtime." - /// For more details see: https://docs.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2environment.createasync?view=webview2-dotnet-1.0.705.50 + /// For more details see CoreWebView2Environment.CreateAsync Method. /// [EditorBrowsable(EditorBrowsableState.Never)] [Obsolete("In case when WebView2 is not available, MSAL.NET will fallback to legacy WebView.", true)] diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/WindowsBrokerOptions.cs b/src/client/Microsoft.Identity.Client/ApiConfig/WindowsBrokerOptions.cs index 23ed1dda96..151877c22e 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/WindowsBrokerOptions.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/WindowsBrokerOptions.cs @@ -52,7 +52,7 @@ internal static WindowsBrokerOptions CreateDefault() /// Display a custom text in the broker UI controls which support it. /// /// - /// Currently only the WAM account picker allows for this customization, see WAM documentation. + /// Currently only the WAM account picker allows for this customization, see WAM documentation. /// public string HeaderText { get; set; } diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationOptions.cs b/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationOptions.cs index 4b148ee2a1..2b23515de6 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationOptions.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationOptions.cs @@ -22,7 +22,7 @@ public class ConfidentialClientApplicationOptions : ApplicationOptions /// "TryAutoDetect" and MSAL.NET will attempt to auto-detect the region. /// /// - /// Region names as per https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.resourcemanager.fluent.core.region?view=azure-dotnet. + /// Region names as per Region class documentation. /// Not all auth flows can use the regional token service. /// Service To Service (client credential flow) tokens can be obtained from the regional service. /// Requires configuration at the tenant level. diff --git a/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs b/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs index a58fd5ba1f..467e584396 100644 --- a/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs +++ b/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs @@ -31,8 +31,8 @@ public interface IPoPCryptoProvider /// /// Algorithm used to sign proof of possession request. - /// See https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys#signverify for ECD - /// See https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys#signverify-1 for RSA + /// See EC algorithms for ECD. + /// See RSA algorithms for RSA. /// string CryptographicAlgorithm { get; } diff --git a/src/client/Microsoft.Identity.Client/Extensibility/ICustomWebUI.cs b/src/client/Microsoft.Identity.Client/Extensibility/ICustomWebUI.cs index 4349542669..4bf2ee6667 100644 --- a/src/client/Microsoft.Identity.Client/Extensibility/ICustomWebUI.cs +++ b/src/client/Microsoft.Identity.Client/Extensibility/ICustomWebUI.cs @@ -25,7 +25,7 @@ public interface ICustomWebUi /// will redirect to it. /// /// The cancellation token to which you should respond to. - /// See https://docs.microsoft.com/en-us/dotnet/standard/parallel-programming/task-cancellation for details. + /// See Task cancellation for details. /// /// The URI returned back from the STS authorization endpoint. This URI contains a code=CODE /// parameters that MSAL.NET will extract and redeem. diff --git a/src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs b/src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs index 547ad3be9c..13e80285e9 100644 --- a/src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs +++ b/src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs @@ -31,7 +31,7 @@ public RegionInfo(string region, RegionAutodetectionSource regionSource, string public readonly string RegionDetails; } - // For information of the current api-version refer: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service#versioning + // For information of the current api-version refer: https://learn.microsoft.com/azure/virtual-machines/instance-metadata-service?tabs=windows#versioning private const string ImdsEndpoint = "http://169.254.169.254/metadata/instance/compute/location"; private const string DefaultApiVersion = "2020-06-01"; diff --git a/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicket.cs b/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicket.cs index f58e4271c5..4fa47c578c 100644 --- a/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicket.cs +++ b/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicket.cs @@ -75,7 +75,10 @@ public KerberosSupplementalTicket(string errorMessage) this.ErrorMessage = errorMessage; } - /// + /// + /// Creates a string representation of the data captured in the Kerberos supplemental ticket. + /// + /// A string containing the realm, service principal name, client name, and key type. public override string ToString() { return $"[ Realm: {Realm}, sp: {ServicePrincipalName}, cn: {ClientName}, KeyType: {KeyType} ]"; diff --git a/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicketManager.cs b/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicketManager.cs index ce7d20e5bd..917083b7c6 100644 --- a/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicketManager.cs +++ b/src/client/Microsoft.Identity.Client/Kerberos/KerberosSupplementalTicketManager.cs @@ -76,8 +76,9 @@ public static KerberosSupplementalTicket FromIdToken(string idToken) /// Save current Kerberos Ticket to current user's Ticket Cache. /// /// Kerberos ticket object to save. - /// Can throws when given ticket parameter is not a valid Kerberos Supplemental Ticket. - /// Can throws if error occurs while saving ticket information into Ticket Cache. + /// Throws when given ticket parameter is not a valid Kerberos supplemental ticket. + + /// Throws if error occurs while saving ticket information into Ticket Cache. /// public static void SaveToWindowsTicketCache(KerberosSupplementalTicket ticket) { @@ -90,8 +91,9 @@ public static void SaveToWindowsTicketCache(KerberosSupplementalTicket ticket) /// Kerberos ticket object to save. /// The Logon Id of the user owning the ticket cache. /// The default of 0 represents the currently logged on user. - /// Can throw when given ticket parameter is not a valid Kerberos Supplemental Ticket. - /// Can throw if error occurs while saving ticket information into Ticket Cache. + /// Throws when given ticket parameter is not a valid Kerberos supplemental ticket. + + /// Throws if error occurs while saving ticket information into Ticket Cache. /// public static void SaveToWindowsTicketCache(KerberosSupplementalTicket ticket, long logonId) { @@ -124,7 +126,7 @@ public static void SaveToWindowsTicketCache(KerberosSupplementalTicket ticket, l /// Service principal name to find associated Kerberos Ticket. /// Byte stream of searched Kerberos Ticket information if exists. Null, otherwise. /// - /// Can throws if error occurs while searching ticket information from Ticket Cache. + /// Throws if error occurs while searching ticket information from Ticket Cache. /// public static byte[] GetKerberosTicketFromWindowsTicketCache(string servicePrincipalName) { @@ -140,7 +142,7 @@ public static byte[] GetKerberosTicketFromWindowsTicketCache(string servicePrinc /// The default of 0 represents the currently logged on user. /// Byte stream of searched Kerberos Ticket information if exists. Null, otherwise. /// - /// Can throws if error occurs while searching ticket information from Ticket Cache. + /// Throws if error occurs while searching ticket information from Ticket Cache. /// public static byte[] GetKerberosTicketFromWindowsTicketCache(string servicePrincipalName, long logonId) { diff --git a/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj b/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj index 6c3e9bf3ca..b2cb2e84d6 100644 --- a/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj +++ b/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj @@ -169,7 +169,7 @@ true 7.0 diff --git a/src/client/Microsoft.Identity.Client/MigrationAid/TokenCache.MigrationAid.cs b/src/client/Microsoft.Identity.Client/MigrationAid/TokenCache.MigrationAid.cs index a0aae3ca6a..756112ed9e 100644 --- a/src/client/Microsoft.Identity.Client/MigrationAid/TokenCache.MigrationAid.cs +++ b/src/client/Microsoft.Identity.Client/MigrationAid/TokenCache.MigrationAid.cs @@ -239,7 +239,7 @@ public void Deserialize(byte[] msalV2State) /// /// Arguments related to the cache item impacted [EditorBrowsable(EditorBrowsableState.Never)] - [Obsolete("Use Microsoft.Identity.Client.TokenCacheCallback instead. See https://aka.msa/msal-net-3x-cache-breaking-change", true)] + [Obsolete("Use Microsoft.Identity.Client.TokenCacheCallback instead. See https://aka.ms/msal-net-3x-cache-breaking-change", true)] public delegate void TokenCacheNotification(TokenCacheNotificationArgs args); /// diff --git a/src/client/Microsoft.Identity.Client/MsalError.cs b/src/client/Microsoft.Identity.Client/MsalError.cs index 7e704beef8..571c1248cf 100644 --- a/src/client/Microsoft.Identity.Client/MsalError.cs +++ b/src/client/Microsoft.Identity.Client/MsalError.cs @@ -14,8 +14,8 @@ public static class MsalError /// /// Standard OAuth2 protocol error code. It indicates that the application needs to expose the UI to the user /// so that the user does an interactive action in order to get a new token. - /// Mitigation: If your application is a call AcquireTokenInteractive - /// perform an interactive authentication. If your application is a chances are that the Claims member + /// Mitigation: If your application is a call AcquireTokenInteractive + /// perform an interactive authentication. If your application is a chances are that the Claims member /// of the exception is not empty. See for the right mitigation /// public const string InvalidGrantError = "invalid_grant"; @@ -23,9 +23,9 @@ public static class MsalError /// /// Standard OAuth2 protocol error code. It indicates that the application needs to expose the UI to the user /// so the user can do an interactive log-in to get a token with updated claims. - /// Mitigation: If your application is a call AcquireTokenInteractive - /// perform an interactive authentication. If your application is a chances are that the Claims member - /// of the exception is not empty. See for the right mitigation + /// Mitigation: If your application is a call AcquireTokenInteractive + /// perform an interactive authentication. If your application is a chances are that the Claims member + /// of the exception is not empty. See for the right mitigation /// public const string InteractionRequired = "interaction_required"; @@ -128,7 +128,7 @@ public static class MsalError /// /// loginHint should be a UPN - /// What happens? An override of a token acquisition operation was called in which + /// What happens? An override of a token acquisition operation was called in which /// takes a loginHint as a parameters, but this login hint was not using the UserPrincipalName (UPN) format, e.g. john.doe@contoso.com /// expected by the service /// Remediation Make sure in your code that you enforce loginHint to be a UPN @@ -1028,8 +1028,8 @@ public static class MsalError /// /// What happens?The embedded browser cannot be started because a runtime component is missing. - /// Mitigation"The embedded browser needs WebView2 runtime to be installed. An end user of the app can download and install the WebView2 runtime from https://go.microsoft.com/fwlink/p/?LinkId=2124703 and restart the app. - /// or the app developer can install the WebView2 runtime https://docs.microsoft.com/en-us/microsoft-edge/webview2/concepts/distribution + /// MitigationThe embedded browser needs WebView2 runtime to be installed. An end user of the app can download and install the WebView2 runtime from https://go.microsoft.com/fwlink/p/?LinkId=2124703 and restart the app. + /// The app developer can get the distributable version of the WebView2 runtime. /// public const string WebView2NotInstalled = "webview2_runtime_not_installed"; diff --git a/src/client/Microsoft.Identity.Client/MsalServiceException.cs b/src/client/Microsoft.Identity.Client/MsalServiceException.cs index c63b295644..e3bdb484dc 100644 --- a/src/client/Microsoft.Identity.Client/MsalServiceException.cs +++ b/src/client/Microsoft.Identity.Client/MsalServiceException.cs @@ -149,8 +149,7 @@ public MsalServiceException( #region Public Properties /// /// Gets the status code returned from HTTP layer. This status code is either the HttpStatusCode in the inner - /// response or the NavigateError Event Status Code in a browser based flow (See - /// http://msdn.microsoft.com/en-us/library/bb268233(v=vs.85).aspx). + /// response or the NavigateError Event Status Code in a browser based flow (see NavigateError Event Status Codes). /// You can use this code for purposes such as implementing retry logic or error investigation. /// public int StatusCode @@ -232,7 +231,7 @@ protected virtual void UpdateIsRetryable() StatusCode == 429 || // too many requests StatusCode == (int)HttpStatusCode.RequestTimeout || string.Equals(ErrorCode, MsalError.RequestTimeout, StringComparison.OrdinalIgnoreCase) || - string.Equals(ErrorCode, "temporarily_unavailable", StringComparison.OrdinalIgnoreCase); // as per https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes#handling-error-codes-in-your-application + string.Equals(ErrorCode, "temporarily_unavailable", StringComparison.OrdinalIgnoreCase); // as per https://learn.microsoft.com/entra/identity-platform/reference-error-codes#handling-error-codes-in-your-application } /// diff --git a/src/client/Microsoft.Identity.Client/OAuth2/MsalTokenResponse.cs b/src/client/Microsoft.Identity.Client/OAuth2/MsalTokenResponse.cs index 59a12fe10e..93f548cc95 100644 --- a/src/client/Microsoft.Identity.Client/OAuth2/MsalTokenResponse.cs +++ b/src/client/Microsoft.Identity.Client/OAuth2/MsalTokenResponse.cs @@ -68,7 +68,7 @@ public MsalTokenResponse() // disable this functionality (better fix would be to move to System.Text.Json) #if !__MOBILE__ // All properties not explicitly defined are added to this dictionary - // See JSON overflow https://learn.microsoft.com/en-us/dotnet/standard/serialization/system-text-json/handle-overflow?pivots=dotnet-7-0 + // See JSON overflow https://learn.microsoft.com/dotnet/standard/serialization/system-text-json/handle-overflow?pivots=dotnet-7-0 #if SUPPORTS_SYSTEM_TEXT_JSON [JsonExtensionData] public Dictionary ExtensionData { get; set; } diff --git a/src/client/Microsoft.Identity.Client/Platforms/Android/AndroidHttpClientFactory.cs b/src/client/Microsoft.Identity.Client/Platforms/Android/AndroidHttpClientFactory.cs index 145d7db21b..24dc11a355 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Android/AndroidHttpClientFactory.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Android/AndroidHttpClientFactory.cs @@ -16,7 +16,7 @@ public HttpClient GetHttpClient() // https://forums.xamarin.com/discussion/144802/do-you-use-singleton-httpclient-or-dispose-create-new-instance-every-time var httpClient = new HttpClient( - // As per Xamarin guidance https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=windows + // As per Xamarin guidance https://learn.microsoft.com/xamarin/android/app-fundamentals/http-stack?tabs=windows #if NET6_0 new Xamarin.Android.Net.AndroidMessageHandler()); #else diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/AcceptContextFlag.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/AcceptContextFlag.cs index 468e46224e..e36a1e6a12 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/AcceptContextFlag.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/AcceptContextFlag.cs @@ -8,7 +8,7 @@ namespace Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos /// /// Flags that specify the attributes required by the AcceptSecurityContext (CredSSP) function /// for a server to establish the context. - /// https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext + /// https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext /// [Flags] internal enum AcceptContextFlag diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/ContextStatus.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/ContextStatus.cs index 593d00733a..7ab10d0897 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/ContextStatus.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/ContextStatus.cs @@ -6,7 +6,7 @@ namespace Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos /// /// Result of AcceptSecurityContext (CredSSP) function call which lets the server component of a transport application /// establish a security context between the server and a remote client. - /// https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext + /// https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext /// internal enum ContextStatus { diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/InitContextFlag.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/InitContextFlag.cs index 6c13ed572c..b078244183 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/InitContextFlag.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/InitContextFlag.cs @@ -7,7 +7,7 @@ namespace Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos { /// /// Bit flags that indicate requests for the context for InitializeSecurityContext API call. - /// https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta + /// https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta /// [Flags] internal enum InitContextFlag diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/SecStatus.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/SecStatus.cs index 36b6d2a37f..bc3a1b646a 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/SecStatus.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/SecStatus.cs @@ -5,7 +5,7 @@ namespace Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos { /// /// Status code returned from SSPI functions. - /// https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta + /// https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta /// internal enum SecStatus : uint { diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/TicketCacheReader.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/TicketCacheReader.cs index 0454995d81..99a867851d 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/TicketCacheReader.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Kerberos/TicketCacheReader.cs @@ -23,9 +23,9 @@ public class TicketCacheReader : IDisposable /// Creates a object to read a Kerberos Ticket from Ticket Cache. /// /// Service principal name of ticket to read out from Ticket Cache. - /// The Logon Id of the user owning the ticket cache. - /// The default of 0 represents the currently logged on user. - /// The name of the LSA authentication package that will be interacted with. + /// The Logon ID of the user owning the ticket cache. + /// The default of 0 represents the currently logged in user. + /// The name of the Local Security Authority (LSA) authentication package that will be interacted with. public TicketCacheReader(string spn, long logonId = 0, string package = "Kerberos") { @@ -36,9 +36,9 @@ public TicketCacheReader(string spn, long logonId = 0, string package = "Kerbero /// /// Read out a Kerberos Ticket. /// - /// Byte stream of Kerberos Ticket if exists. Null otherwise. + /// Byte stream of Kerberos Ticket, if exists. Null otherwise. /// - /// Can throws if any error occurs while interfacing with Ticket Cache. + /// Throws if any error occurs while interfacing with Ticket Cache. /// public byte[] RequestToken() { @@ -52,7 +52,9 @@ public byte[] RequestToken() return clientRequest; } - /// + /// + /// Clean up all data members used for interaction with Ticket Cache. + /// protected virtual void Dispose(bool disposing) { if (!_disposedValue) diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/StaTaskScheduler.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/StaTaskScheduler.cs index 86b9378193..89152dd91e 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/StaTaskScheduler.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/StaTaskScheduler.cs @@ -11,7 +11,7 @@ namespace Microsoft.Identity.Client.Platforms.Features.DesktopOs { // This IDisposable class doe not need to implement Dispose method in standard way, because it is sealed. - // If it ever needs to become inheritable, it should follow the standard pattern as described in http://msdn.microsoft.com/en-us/library/fs2xkftw(v=vs.110).aspx. + // If it ever needs to become inheritable, it should follow the standard pattern as described in https://learn.microsoft.com/dotnet/standard/garbage-collection/implementing-dispose. /// Provides a scheduler that uses STA threads. #if NET6_WIN [System.Runtime.Versioning.SupportedOSPlatform("windows")] diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Win32VersionApi.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Win32VersionApi.cs index 032a5aad33..d6f40e1359 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Win32VersionApi.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/DesktopOS/Win32VersionApi.cs @@ -46,24 +46,24 @@ internal static class Win32VersionApi /// framework-based Modern Authentication by default. Starting with build 16.0.7967, Microsoft 365 apps use /// Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 /// (Windows 10, version 1703, build 15063.138). - /// https://docs.microsoft.com/en-us/office365/troubleshoot/administration/disabling-adal-wam-not-recommended + /// https://learn.microsoft.com/microsoft-365/troubleshoot/administration/disabling-adal-wam-not-recommended /// private const int WamSupportedWindows10BuildNumber = 15063; /// /// Windows Server 2019 (version 1809, Build Number 17763) /// Editions : Datacenter, Essentials, Standard - /// https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info + /// https://learn.microsoft.com/windows-server/get-started/windows-server-release-info /// For MultiSession Window 10 Build Number is same as Windows 2019 Server Build Number /// MultiSession Windows 10 is supported from Windows 10 multi-session, version 1903 - /// https://docs.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop-multi-session + /// https://learn.microsoft.com/mem/intune/fundamentals/azure-virtual-desktop-multi-session /// private const int Windows2019BuildNumber = 17763; /// /// RtlGetVersion is the kernel-mode equivalent of the user-mode GetVersionEx function in the Windows SDK /// The RtlGetVersion routine returns version information about the currently running operating system. - /// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlgetversion + /// https://learn.microsoft.com/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlgetversion /// When using RtlGetVersion to determine whether a particular version of the operating system is running, /// a caller should check for version numbers that are greater than or equal to the required version number. /// This ensures that a version test succeeds for later versions of Windows. @@ -167,7 +167,7 @@ public static bool IsWamSupportedOs() case VER_NT_WORKSTATION: switch (OsVersionInfo.dwMajorVersion) { - //https://docs.microsoft.com/en-us/windows/win32/sysinfo/operating-system-version + //https://learn.microsoft.com/windows/win32/sysinfo/operating-system-version //For Client (Windows 10 and 11) and for Server (Windows 2016 and above) Major version is 10.* //Windows 10 Build Number 15063 is the minimum version where WAM is supported case 10: @@ -181,12 +181,12 @@ public static bool IsWamSupportedOs() } //For server operating systems that are not domain controllers and for Windows 10 and Windows 11 multi-session, use ProductType="3". - //https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo + //https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717288(v=ws.11) case VER_NT_SERVER: case VER_NT_DOMAIN_CONTROLLER: switch (OsVersionInfo.dwMajorVersion) { - //https://docs.microsoft.com/en-us/windows/win32/sysinfo/operating-system-version + //https://learn.microsoft.com/windows/win32/sysinfo/operating-system-version //For Client (Windows 10 and 11) and for Server (Windows 2016 and above) Major version is 10.* //Windows Server 2019 minimum build number is 17763 case 10: diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/CustomWebBrowser.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/CustomWebBrowser.cs index 8b5570d7a4..c3435f2991 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/CustomWebBrowser.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/CustomWebBrowser.cs @@ -197,7 +197,7 @@ public int ShowContextMenu(int dwID, NativeWrapper.POINT pt, object pcmdtReserve { switch (dwID) { - // http://msdn.microsoft.com/en-us/library/aa753264(v=vs.85).aspx + // https://learn.microsoft.com/previous-versions/windows/internet-explorer/ie-developer/platform-apis/aa753264(v=vs.85) case 0x2: // this is edit CONTEXT_MENU_CONTROL case 0x4: // selected text CONTEXT_MENU_TEXTSELECT case 0x9: // CONTEXT_MENU_VSCROLL diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/WindowsFormsWebAuthenticationDialogBase.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/WindowsFormsWebAuthenticationDialogBase.cs index 424611ff31..54d5fb9255 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/WindowsFormsWebAuthenticationDialogBase.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/Features/WinFormsLegacyWebUi/WindowsFormsWebAuthenticationDialogBase.cs @@ -47,7 +47,6 @@ public abstract class WindowsFormsWebAuthenticationDialogBase : Form /// protected WindowsFormsWebAuthenticationDialogBase(object ownerWindow) { - // From MSDN (http://msdn.microsoft.com/en-us/library/ie/dn720860(v=vs.85).aspx): // The net session count tracks the number of instances of the web browser control. // When a web browser control is created, the net session count is incremented. When the control // is destroyed, the net session count is decremented. When the net session count reaches zero, diff --git a/src/client/Microsoft.Identity.Client/Platforms/net6/MsalJsonSerializerContext.cs b/src/client/Microsoft.Identity.Client/Platforms/net6/MsalJsonSerializerContext.cs index dff9c20d40..2dc4fa1fb2 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/net6/MsalJsonSerializerContext.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/net6/MsalJsonSerializerContext.cs @@ -21,8 +21,8 @@ namespace Microsoft.Identity.Client.Platforms.net6 { /// /// This class specifies metadata for System.Text.Json source generation. - /// See https://docs.microsoft.com/en-us/dotnet/standard/serialization/system-text-json-source-generation-modes?pivots=dotnet-6-0 - /// and How to use source generation in System.Text.Json for official docs. + /// See Source-generation modes in System.Text.Json. + /// and How to use source generation in System.Text.Json for official docs. /// [JsonSerializable(typeof(KerberosSupplementalTicket))] [JsonSerializable(typeof(InstanceDiscoveryResponse))] diff --git a/src/client/Microsoft.Identity.Client/Platforms/netdesktop/NetDesktopPlatformProxy.cs b/src/client/Microsoft.Identity.Client/Platforms/netdesktop/NetDesktopPlatformProxy.cs index cefd301c59..618b025569 100644 --- a/src/client/Microsoft.Identity.Client/Platforms/netdesktop/NetDesktopPlatformProxy.cs +++ b/src/client/Microsoft.Identity.Client/Platforms/netdesktop/NetDesktopPlatformProxy.cs @@ -170,7 +170,7 @@ protected override string InternalGetProductName() protected override string InternalGetRuntimeVersion() { - // https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#query-the-registry-using-code + // https://learn.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#query-the-registry-using-code try { string subkey = @"SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\"; diff --git a/src/client/Microsoft.Identity.Client/TokenCache.cs b/src/client/Microsoft.Identity.Client/TokenCache.cs index 0a54b82f4b..38a8fb4f2a 100644 --- a/src/client/Microsoft.Identity.Client/TokenCache.cs +++ b/src/client/Microsoft.Identity.Client/TokenCache.cs @@ -110,7 +110,9 @@ internal TokenCache( LegacyCachePersistence = legacyCachePersistenceForTest; } - /// + /// + /// Sets the security group to be used with the iOS Keychain. This function should not be used by external customers. It will be removed in a future version of MSAL. + /// public void SetIosKeychainSecurityGroup(string securityGroup) { #if iOS diff --git a/src/client/Microsoft.Identity.Client/TokenCacheNotificationArgs.cs b/src/client/Microsoft.Identity.Client/TokenCacheNotificationArgs.cs index a5f084ab0c..dc784558b5 100644 --- a/src/client/Microsoft.Identity.Client/TokenCacheNotificationArgs.cs +++ b/src/client/Microsoft.Identity.Client/TokenCacheNotificationArgs.cs @@ -12,7 +12,7 @@ namespace Microsoft.Identity.Client { /// /// Contains parameters used by the MSAL call accessing the cache. - /// See also which contains methods + /// See also which contains methods /// to customize the cache serialization. /// For more details about the token cache see https://aka.ms/msal-net-web-token-cache /// diff --git a/src/client/Microsoft.Identity.Client/UiRequiredExceptionClassification.cs b/src/client/Microsoft.Identity.Client/UiRequiredExceptionClassification.cs index c09735d753..9c4750d552 100644 --- a/src/client/Microsoft.Identity.Client/UiRequiredExceptionClassification.cs +++ b/src/client/Microsoft.Identity.Client/UiRequiredExceptionClassification.cs @@ -5,60 +5,60 @@ namespace Microsoft.Identity.Client { /// /// Details about the cause of an , giving a hint about what the user can expect when - /// they go through interactive authentication. See https://aka.ms/msal-net-UiRequiredException for details. + /// they go through interactive authentication. See Understanding MsalUiRequiredException for details. /// public enum UiRequiredExceptionClassification { /// - /// No further details are provided. It is possible that the user will be able to resolve the issue by launching interactive authentication. - /// See https://aka.ms/msal-net-UiRequiredException for details + /// No details are provided. It is possible that the user will be able to resolve the issue by launching interactive authentication. + /// This is also the classification when no account or valid login hint is passed to . + /// See Understanding MsalUiRequiredException for details. /// - /// This is also the classification when no account or valid login hint is passed to AcquireTokenSilent None, /// - /// Issue cannot be resolved at this time. Launching interactive authentication flow will show a message explaining the condition. - /// See https://aka.ms/msal-net-UiRequiredException for details + /// Issue cannot be resolved. Launching interactive authentication flow will show a message explaining the condition. + /// See Understanding MsalUiRequiredException for details. /// MessageOnly, /// /// Issue can be resolved by user interaction during the interactive authentication flow. - /// See https://aka.ms/msal-net-UiRequiredException for details + /// See Understanding MsalUiRequiredException for details. /// BasicAction, /// - /// Issue can be resolved by additional remedial interaction with the system, outside of the interactive authentication flow. - /// Starting an interactive authentication flow will show the user what they need to do, but it is possible that the user is unable to complete the action. - /// See https://aka.ms/msal-net-UiRequiredException for details + /// Issue can be resolved by additional remedial interaction within the system, outside of the interactive authentication flow. + /// Starting an interactive authentication flow will show the user what they need to do but it is possible that the user will be unable to complete the action. + /// See Understanding MsalUiRequiredException for details. /// AdditionalAction, /// - /// User consent is missing, or has been revoked. Issue can be resolved by user consenting during the interactive authentication flow. - /// See https://aka.ms/msal-net-UiRequiredException for details + /// User consent is missing or has been revoked. Issue can be resolved by user consenting during the interactive authentication flow. + /// See Understanding MsalUiRequiredException for details. /// ConsentRequired, /// /// User's password has expired. Issue can be resolved by user during the interactive authentication flow. - /// See https://aka.ms/msal-net-UiRequiredException for details. + /// See Understanding MsalUiRequiredException for details. /// UserPasswordExpired, /// - /// was used with Prompt.Never value, - /// however this could not be honored by the server. Please use a different prompt behavior, such as - /// See https://aka.ms/msal-net-UiRequiredException for details. + /// was used with a Prompt.Never value, + /// however this could not be honored by the server. Please use a different prompt behavior, such as . + /// See Understanding MsalUiRequiredException for details. /// PromptNeverFailed, /// - /// An AcquireTokenSilent call failed. This is usually part of the pattern - /// of calling AcquireTokenSilent for getting a token from the cache, followed by an a different - /// AcquireToken call for getting a token from AAD. See the error message for details. - /// See https://aka.ms/msal-net-UiRequiredException for details. + /// An call failed. This is usually part of the pattern + /// of calling for getting a token from the cache, followed by an a different + /// AcquireToken call for getting a token from Microsoft Entra ID. See the error message for details. + /// See Understanding MsalUiRequiredException for details. /// AcquireTokenSilentFailed } diff --git a/src/client/Microsoft.Identity.Client/WwwAuthenticateParameters.cs b/src/client/Microsoft.Identity.Client/WwwAuthenticateParameters.cs index 02a4f01ed0..888a4f6fc0 100644 --- a/src/client/Microsoft.Identity.Client/WwwAuthenticateParameters.cs +++ b/src/client/Microsoft.Identity.Client/WwwAuthenticateParameters.cs @@ -84,7 +84,7 @@ public class WwwAuthenticateParameters public string Nonce { get; private set; } /// - /// Return the of key . + /// Return the RawParameters of key . /// /// Name of the raw parameter to retrieve. /// The raw parameter if it exists, diff --git a/src/client/Microsoft.Identity.Client/json/Utilities/ReflectionUtils.cs b/src/client/Microsoft.Identity.Client/json/Utilities/ReflectionUtils.cs index 4dcb863775..de1e8deb0d 100644 --- a/src/client/Microsoft.Identity.Client/json/Utilities/ReflectionUtils.cs +++ b/src/client/Microsoft.Identity.Client/json/Utilities/ReflectionUtils.cs @@ -643,7 +643,6 @@ public static List GetFieldsAndProperties(Type type, BindingFlags bi targetMembers.AddRange(GetProperties(type, bindingAttr)); // for some reason .NET returns multiple members when overriding a generic member on a base class - // http://social.msdn.microsoft.com/Forums/en-US/b5abbfee-e292-4a64-8907-4e3f0fb90cd9/reflection-overriden-abstract-generic-properties?forum=netfxbcl // filter members to only return the override on the topmost class // update: I think this is fixed in .NET 3.5 SP1 - leave this in for now... List distinctMembers = new List(targetMembers.Count); diff --git a/tests/CacheCompat/CommonCache.Test.Common/ProcessUtils.cs b/tests/CacheCompat/CommonCache.Test.Common/ProcessUtils.cs index 1ed12b6ca1..42fcddfc14 100644 --- a/tests/CacheCompat/CommonCache.Test.Common/ProcessUtils.cs +++ b/tests/CacheCompat/CommonCache.Test.Common/ProcessUtils.cs @@ -612,7 +612,7 @@ public void Run() } // Note that earlier, we called Process.WaitForExit(1000). - // https://msdn.microsoft.com/en-us/library/fb4aw7b8(v=vs.110).aspx + // https://learn.microsoft.com/dotnet/api/system.diagnostics.process.waitforexit?view=net-8.0#System_Diagnostics_Process_WaitForExit // According to msdn documentation, that overload has a caveat: // When standard output has been redirected to asynchronous event handlers, // it is possible that output processing will not have completed when this method returns. diff --git a/tests/CacheCompat/CommonCache.Test.MsalJava/Install Java.txt b/tests/CacheCompat/CommonCache.Test.MsalJava/Install Java.txt index 7fae199914..c1694607a0 100644 --- a/tests/CacheCompat/CommonCache.Test.MsalJava/Install Java.txt +++ b/tests/CacheCompat/CommonCache.Test.MsalJava/Install Java.txt @@ -1,4 +1,4 @@ -1. Install Java, e.g. install the latest JDK recommended by Microsoft https://docs.microsoft.com/en-us/java/azure/jdk/java-jdk-install?view=azure-java-stable +1. Install Java, e.g. install the latest JDK recommended by Microsoft https://learn.microsoft.com/azure/developer/java/fundamentals/java-jdk-install?view=azure-java-stable 2. Make sure java is added to path, e.g. "java -version" should print the version 3. Install Maven https://maven.apache.org/download.cgi (unzip it to some location and add it to the path) 4. Make sure Maven is installed by calling mvn.cmd diff --git a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/RuntimeBrokerTests.cs b/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/RuntimeBrokerTests.cs index f708f7f02b..3524ad866b 100644 --- a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/RuntimeBrokerTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/RuntimeBrokerTests.cs @@ -415,7 +415,7 @@ public async Task WamUsernamePasswordPopTokenEnforcedWithCaOnValidResourceAsync( // Acquire token using username password with POP on a valid resource // CA policy enforces token issuance to popUser only for SPO - // https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-token-protection + // https://learn.microsoft.com/azure/active-directory/conditional-access/concept-token-protection var result = await pca.AcquireTokenByUsernamePassword(scopes, popUser, labResponse.User.GetOrFetchPassword()) .WithProofOfPossession("some_nonce", System.Net.Http.HttpMethod.Get, new Uri(pca.Authority)) .ExecuteAsync() @@ -450,7 +450,7 @@ public async Task WamUsernamePasswordPopTokenEnforcedWithCaOnInValidResourceAsyn // Acquire token using username password with POP on a resource not in the CA policy // CA policy enforces token issuance to popUser only for SPO this call will fail with UI Required Exception - // https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-token-protection + // https://learn.microsoft.com/azure/active-directory/conditional-access/concept-token-protection var result = await pca.AcquireTokenByUsernamePassword(scopes, popUser, labResponse.User.GetOrFetchPassword()) .WithProofOfPossession("some_nonce", System.Net.Http.HttpMethod.Get, new Uri(pca.Authority)) .ExecuteAsync() diff --git a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/WwwAuthenticateParametersIntegrationTests.cs b/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/WwwAuthenticateParametersIntegrationTests.cs index 860331c4c0..07502d9a91 100644 --- a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/WwwAuthenticateParametersIntegrationTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/WwwAuthenticateParametersIntegrationTests.cs @@ -51,7 +51,7 @@ public async Task CreateWwwAuthenticateResponseFromGraphUrlAsync() } /// - /// Makes unauthorized call to Azure Resource Manager REST API https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/get. + /// Makes unauthorized call to Azure Resource Manager REST API https://learn.microsoft.com/rest/api/resources/subscriptions/get?view=rest-resources-2022-12-01&tabs=HTTP. /// Expects response 401 Unauthorized. Analyzes the WWW-Authenticate header values. /// /// ARM endpoint, e.g. Production or Dogfood diff --git a/tests/Microsoft.Identity.Test.Performance/Microsoft.Identity.Test.Performance.csproj b/tests/Microsoft.Identity.Test.Performance/Microsoft.Identity.Test.Performance.csproj index 77e2739b31..51397a8dfa 100644 --- a/tests/Microsoft.Identity.Test.Performance/Microsoft.Identity.Test.Performance.csproj +++ b/tests/Microsoft.Identity.Test.Performance/Microsoft.Identity.Test.Performance.csproj @@ -5,7 +5,7 @@ net6.0 Debug;Release - + false diff --git a/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromAzureArc.psd1 b/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromAzureArc.psd1 index fbb2ff4544..fe55295656 100644 --- a/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromAzureArc.psd1 +++ b/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromAzureArc.psd1 @@ -16,7 +16,7 @@ workflow GetMSITokenFromAzureArc { ) # Converter: Wrapping initial script in an InlineScript activity, and passing any parameters for use within the InlineScript - # Converter: If you want this InlineScript to execute on another host rather than the Automation worker, simply add some combination of -PSComputerName, -PSCredential, -PSConnectionURI, or other workflow common parameters (http://technet.microsoft.com/en-us/library/jj129719.aspx) as parameters of the InlineScript + # Converter: If you want this InlineScript to execute on another host rather than the Automation worker, simply add some combination of -PSComputerName, -PSCredential, -PSConnectionURI, or other workflow common parameters (https://learn.microsoft.com/powershell/module/psworkflow/about/about_workflowcommonparameters?view=powershell-5.1) as parameters of the InlineScript inlineScript { $WebhookData = $using:WebhookData $msi_uri = $using:msi_uri @@ -70,4 +70,4 @@ workflow GetMSITokenFromAzureArc { } -} \ No newline at end of file +} diff --git a/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromVM.psd1 b/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromVM.psd1 index 021e3a3d4f..03c98e6479 100644 --- a/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromVM.psd1 +++ b/tests/devapps/Managed Identity apps/MSIHelperService/AzureRunbook/GetMSITokenFromVM.psd1 @@ -16,7 +16,7 @@ workflow GetMSITokenFromVM { ) # Converter: Wrapping initial script in an InlineScript activity, and passing any parameters for use within the InlineScript - # Converter: If you want this InlineScript to execute on another host rather than the Automation worker, simply add some combination of -PSComputerName, -PSCredential, -PSConnectionURI, or other workflow common parameters (http://technet.microsoft.com/en-us/library/jj129719.aspx) as parameters of the InlineScript + # Converter: If you want this InlineScript to execute on another host rather than the Automation worker, simply add some combination of -PSComputerName, -PSCredential, -PSConnectionURI, or other workflow common parameters (https://learn.microsoft.com/powershell/module/psworkflow/about/about_workflowcommonparameters?view=powershell-5.1) as parameters of the InlineScript inlineScript { $WebhookData = $using:WebhookData $msi_uri = $using:msi_uri @@ -50,4 +50,4 @@ workflow GetMSITokenFromVM { } } -} \ No newline at end of file +} diff --git a/tests/devapps/Managed Identity apps/MSIHelperService/readme.md b/tests/devapps/Managed Identity apps/MSIHelperService/readme.md index 06877cf9c2..d524f41f65 100644 --- a/tests/devapps/Managed Identity apps/MSIHelperService/readme.md +++ b/tests/devapps/Managed Identity apps/MSIHelperService/readme.md @@ -46,7 +46,7 @@ There are two types of managed identities, and both are supported by this servic - By design, only that Azure resource can use this identity to request tokens from Azure AD. - Using the MSI Helper service you will be able to test this type -- **User-assigned**. You may also create a managed identity as a standalone Azure resource. You can [create a user-assigned managed identity](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal) and assign it to one or more Azure Resources. When you enable a user-assigned managed identity: +- **User-assigned**. You may also create a managed identity as a standalone Azure resource. You can [create a user-assigned managed identity](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal) and assign it to one or more Azure Resources. When you enable a user-assigned managed identity: - A service principal of a special type is created in Azure AD for the identity. The service principal is managed separately from the resources that use it. - User-assigned identities can be used by multiple resources. - MSI Helper service uses a single user identity shared across all azure resources @@ -55,7 +55,7 @@ Identity Labs has setup a [single shared User Assigned Identity](https://github. ## What Azure services support the feature? -Managed identities for Azure resources can be used to authenticate to services that support Azure AD authentication. For a list of supported Azure services, see [services that support managed identities for Azure resources](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities). +Managed identities for Azure resources can be used to authenticate to services that support Azure AD authentication. For a list of supported Azure services, see [services that support managed identities for Azure resources](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities). ## What managed identity sources does MSAL .Net support? @@ -194,7 +194,7 @@ Build the current project (The MSI Helper Service - MSIHelperService.csproj) and > **_NOTE:_** Once you have swapped the slot make sure to point the base url to the production slot again in your code and test it again with the production endpoint from the MSAL integration testing -> **_NOTE:_** The service uses [Azure Web App's Environment variables](https://learn.microsoft.com/en-us/azure/app-service/reference-app-settings?tabs=kudu%2Cdotnet) to store Application ID's and Secrets needed to connect to other Azure Resources and the Operations Management suite to execute runbooks. You will see more about runbooks and how they are used under the Virtual Machine and Azure ARC sections +> **_NOTE:_** The service uses [Azure Web App's Environment variables](https://learn.microsoft.com/azure/app-service/reference-app-settings?tabs=kudu%2Cdotnet) to store Application ID's and Secrets needed to connect to other Azure Resources and the Operations Management suite to execute runbooks. You will see more about runbooks and how they are used under the Virtual Machine and Azure ARC sections ## How to build and deploy the Function App @@ -241,7 +241,7 @@ Identity Labs has an extensive OMS solution. The MSI Helper Service takes advant OMSADMIN
-The OMS Admin Account executes pre-created Azure Runbooks. You can learn more about Runbooks [here](https://learn.microsoft.com/en-us/azure/automation/manage-runbooks) +The OMS Admin Account executes pre-created Azure Runbooks. You can learn more about Runbooks [here](https://learn.microsoft.com/azure/automation/manage-runbooks) There are two runbooks created to be used with the Helper Service. One to execute code in a Virtual Machine and the other for Azure ARC. @@ -280,7 +280,7 @@ This result is read by the MSI Helper Service and given back to the app that is Azure ARC setup uses the same logic as described above for the Virtual Machine. For, Azure ARC we need an on-premise machine. Currently there is a physical machine in Studio A that is corp connected. -The Azure ARC Machine runbook simply executes the following lines of code in a the physically CORP connected machine (VM Name: Gladwin-Backup). This Machine has been setup with the [Azure ARC Agent](https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-overview) which will help in getting a System Assigned Managed Identity Token on the On-Premise server. Learn more about Azure Arc [here](https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication) +The Azure ARC Machine runbook simply executes the following lines of code in a the physically CORP connected machine (VM Name: Gladwin-Backup). This Machine has been setup with the [Azure ARC Agent](https://learn.microsoft.com/azure/azure-arc/servers/agent-overview) which will help in getting a System Assigned Managed Identity Token on the On-Premise server. Learn more about Azure Arc [here](https://learn.microsoft.com/azure/azure-arc/servers/managed-identity-authentication) ```powershell try diff --git a/tests/devapps/NetCoreTestApp/Program.cs b/tests/devapps/NetCoreTestApp/Program.cs index 84b4d078cb..5244324ead 100644 --- a/tests/devapps/NetCoreTestApp/Program.cs +++ b/tests/devapps/NetCoreTestApp/Program.cs @@ -75,6 +75,7 @@ private static string GetAuthority() private static IPublicClientApplication CreatePca(bool withWamBroker = false) { + // var pcaBuilder = PublicClientApplicationBuilder .Create(s_clientIdForPublicApp) .WithAuthority(GetAuthority()) @@ -108,6 +109,7 @@ private static IPublicClientApplication CreatePca(bool withWamBroker = false) File.WriteAllBytes(CacheFilePath, notificationArgs.TokenCache.SerializeMsalV3()); } }); + // return pca; } diff --git a/tests/devapps/WAM/WAMClassLibrary/Class1.cs b/tests/devapps/WAM/WAMClassLibrary/Class1.cs index 44c57e60a6..9273c0a180 100644 --- a/tests/devapps/WAM/WAMClassLibrary/Class1.cs +++ b/tests/devapps/WAM/WAMClassLibrary/Class1.cs @@ -33,7 +33,7 @@ public static async Task InvokeBrokerAsync() .WithParentActivityOrWindow(consoleWindowHandleProvider) .Build(); - // Add a token cache, see https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization?tabs=desktop + // Add a token cache, see https://learn.microsoft.com/entra/msal/dotnet/how-to/token-cache-serialization?tabs=desktop // 2. GetAccounts var accounts = await pca.GetAccountsAsync().ConfigureAwait(false); diff --git a/tests/devapps/WebApi/Misc/DistributedCacheWithDelay.cs b/tests/devapps/WebApi/Misc/DistributedCacheWithDelay.cs index b58c254f33..4ffad565b7 100644 --- a/tests/devapps/WebApi/Misc/DistributedCacheWithDelay.cs +++ b/tests/devapps/WebApi/Misc/DistributedCacheWithDelay.cs @@ -199,7 +199,7 @@ protected override async Task WriteCacheBytesAsync(string cacheKey, byte[] bytes { await Task.Delay(_cacheAccessPenaltyMs).ConfigureAwait(false); - // As per https://docs.microsoft.com/en-us/dotnet/api/system.collections.concurrent.concurrentdictionary-2?redirectedfrom=MSDN&view=net-5.0#remarks + // As per https://learn.microsoft.com/dotnet/api/system.collections.concurrent.concurrentdictionary-2?view=net-5.0#remarks // the indexer is ok to store a key/value pair unconditionally _data[cacheKey] = bytes; } diff --git a/tests/devapps/WebApi/Misc/InMemoryPartitionedCacheSerializer.cs b/tests/devapps/WebApi/Misc/InMemoryPartitionedCacheSerializer.cs index 1cf596fcef..b28e681ee2 100644 --- a/tests/devapps/WebApi/Misc/InMemoryPartitionedCacheSerializer.cs +++ b/tests/devapps/WebApi/Misc/InMemoryPartitionedCacheSerializer.cs @@ -46,10 +46,8 @@ protected override void RemoveKey(string cacheKey) protected override void WriteCacheBytes(string cacheKey, byte[] bytes) { - // As per https://docs.microsoft.com/en-us/dotnet/api/system.collections.concurrent.concurrentdictionary-2?redirectedfrom=MSDN&view=net-5.0#remarks + // As per https://learn.microsoft.com/dotnet/api/system.collections.concurrent.concurrentdictionary-2?view=net-5.0#remarks // the indexer is ok to store a key/value pair unconditionally - - _logger.LogInformation($"[InMemoryPartitionedTokenCache] WriteCacheBytes with cacheKey {cacheKey}. Cache partitions: {CachePartition.Count}"); // note: Count is expensive CachePartition[cacheKey] = bytes;