From 8909744fc7e9eb54619fe911a7eb09d9fa941f0e Mon Sep 17 00:00:00 2001 From: Michal Hanzlik Date: Fri, 28 Jul 2023 13:44:55 +0200 Subject: [PATCH] #6673 - Fix of SNI auth not working in Cert based authentication After upgrade from ADAL to MSAL auth library, sendX5C flag was not set and it breaks SN+I authentication with AAD app registrations. --- .../Authentication/CertificateAppCredentials.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libraries/Microsoft.Bot.Connector/Authentication/CertificateAppCredentials.cs b/libraries/Microsoft.Bot.Connector/Authentication/CertificateAppCredentials.cs index a74e16330f..e46938e10d 100644 --- a/libraries/Microsoft.Bot.Connector/Authentication/CertificateAppCredentials.cs +++ b/libraries/Microsoft.Bot.Connector/Authentication/CertificateAppCredentials.cs @@ -139,7 +139,7 @@ protected override Lazy BuildIAuthenticator() return new Lazy( () => { - var clientApplication = CreateClientApplication(clientCertificate, MicrosoftAppId, CustomHttpClient); + var clientApplication = CreateClientApplication(clientCertificate, MicrosoftAppId, sendX5c, CustomHttpClient); return new MsalAppCredentials( clientApplication, MicrosoftAppId, @@ -151,11 +151,11 @@ protected override Lazy BuildIAuthenticator() LazyThreadSafetyMode.ExecutionAndPublication); } - private Identity.Client.IConfidentialClientApplication CreateClientApplication(X509Certificate2 clientCertificate, string appId, HttpClient customHttpClient = null) + private Identity.Client.IConfidentialClientApplication CreateClientApplication(X509Certificate2 clientCertificate, string appId, bool sendX5c, HttpClient customHttpClient = null) { var clientBuilder = Identity.Client.ConfidentialClientApplicationBuilder.Create(appId) .WithAuthority(new Uri(OAuthEndpoint), ValidateAuthority) - .WithCertificate(clientCertificate); + .WithCertificate(clientCertificate, sendX5c); if (customHttpClient != null) {