-
Notifications
You must be signed in to change notification settings - Fork 343
HttpClient
We understand that there are cases where you want fine grained control on the Http proxy for instance, which we had not been able to provide you at all (on .NET core), or in a limited way (.NET framework). Also, ASP.NET Core has some very efficient ways of pooling the HttpClient
instance, and MSAL.NET clearly did not benefit from it (for details see Use HttpClientFactory to implement resilient HTTP requests)
IMsalHttpClientFactory httpClientFactory = new MyHttpClientFactory();
var pca = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithHttpClientFactory(httpClientFactory)
.Build();
When you call .AcquireTokenInteractive
, MSAL pops up a browser and instructs it to navigate to the authorization uri. MSAL does not call the /authorize endpoint on its own, so any HttpClient configuration you've made is not taken into account. However, for all the other required calls, MSAL uses HttpClient.
MSAL will **not **call Dispose() on the HttpClient. The thinking behind this based on https://stackoverflow.com/questions/15705092/do-httpclient-and-httpclienthandler-have-to-be-disposed
It is recommended to adapt ASP.NET Core's IHttpClientFactory to improve scalability in Web App / Web Api scenarios.
Problem: I need to use a proxy different from the IE proxy
Solution: On .NET classic, by default, MSAL uses the System.Windows.Forms.WebBrowser
control show UI. You can control the proxy for it by following the technique at: https://blogs.msdn.microsoft.com/jpsanders/2011/04/26/how-to-set-the-proxy-for-the-webbrowser-control-in-net/
This cannot be achived on .NET Core, where only the system browser is available. MSAL has no control over the system browser.
Problem: My browser can connect to the proxy, but I get 407 errors from MSAL
Solution: 407 shows a proxy authentication issue. .NET framework uses the proxy settings from IE, which by default does not include the "useDefaultCredential" setting. Some users have reported fixing this issue by adding the following to their .config file:
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true" />
</system.net>
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Maui Docs
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- High Availability
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code