Fix #2456 (#2489)

jmprieur · web-flow · commit 086bf8d8bc14 · 2023-09-30T18:51:04.000-07:00
* Fix build on .NET FW after #2480 * Fix the "The referenced project is targeted to a different framework family" warnings by changing the order of the frameworks (older to newer) as advised in https://www.primordialcode.com/blog/post/referenced-project-targeted-different-framework-family * Fixes #2456 * Addressing comments
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -20,8 +20,10 @@
   </PropertyGroup>
 
   <PropertyGroup>
-    <TargetFrameworks Condition="'$(TargetNet8)' == 'True'">net462; net472; netstandard2.0; netcoreapp3.1; net6.0; net7.0; net8.0;</TargetFrameworks>
-    <TargetFrameworks Condition="'$(TargetNet8)' != 'True'">net462; net472; netstandard2.0; netcoreapp3.1; net6.0; net7.0;</TargetFrameworks>
+    <!-- For files to appear in the Visual Studio Solution explorer given we have conditional inclusion in some projects (IdWeb for instance)
+         we need to have the higher framework, even if this produces a warning in the IDE -->
+    <TargetFrameworks Condition="'$(TargetNet8)' == 'True'">net7.0; net462; net472; netstandard2.0; netcoreapp3.1; net6.0; net8.0;</TargetFrameworks>
+    <TargetFrameworks Condition="'$(TargetNet8)' != 'True'">net7.0; net462; net472; netstandard2.0; netcoreapp3.1; net6.0;</TargetFrameworks>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>../../build/MSAL.snk</AssemblyOriginatorKeyFile>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -6,6 +6,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Security.Claims;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -79,7 +80,7 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
             WebAppCallsWebApiImplementation(
                 Services,
                 initialScopes,
-                ConfigureMicrosoftIdentityOptions,
+                null, /* to avoid calling the delegate twice */
                 OpenIdConnectScheme,
                 configureConfidentialClientApplicationOptions);
             return new MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(
@@ -93,14 +94,21 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
         internal static void WebAppCallsWebApiImplementation(
             IServiceCollection services,
             IEnumerable<string>? initialScopes,
-            Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
+            Action<MicrosoftIdentityOptions>? configureMicrosoftIdentityOptions,
             string openIdConnectScheme,
             Action<ConfidentialClientApplicationOptions>? configureConfidentialClientApplicationOptions)
         {
-            // Ensure that configuration options for MSAL.NET, HttpContext accessor and the Token acquisition service
-            // (encapsulating MSAL.NET) are available through dependency injection
-            services.Configure(openIdConnectScheme, configureMicrosoftIdentityOptions);
-
+            // When called from MISE, ensure that configuration options for MSAL.NET, HttpContext accessor
+            // and the Token acquisition service (encapsulating MSAL.NET) are available through dependency injection.
+            // When called from AddMicrosoftIdentityWebApp(delegate), should not be re-configured otherwise
+            // the delegate would be called twice.
+            if (configureMicrosoftIdentityOptions != null)
+            {
+                // Won't be null in the case where the caller is MISE (to ensure that the configuration for MSAL.NET
+                // is available through DI).
+                // Will be null when called from AddMicrosoftIdentityWebApp(delegate) to avoid calling the delegate twice.
+                services.Configure(openIdConnectScheme, configureMicrosoftIdentityOptions);
+            }
             if (configureConfidentialClientApplicationOptions != null)
             {
                 services.Configure(openIdConnectScheme, configureConfidentialClientApplicationOptions);
@@ -157,8 +165,7 @@ internal static void WebAppCallsWebApiImplementation(
                        };
 
                        // Handling the token validated to get the client_info for cases where tenantId is not present (example: B2C)
-                       var onTokenValidatedHandler = options.Events.OnTokenValidated;
-                       options.Events.OnTokenValidated = async context =>
+                       options.Events.OnTokenValidated += async context =>
                        {
                            string? clientInfo = context!.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);
 
@@ -172,8 +179,7 @@ internal static void WebAppCallsWebApiImplementation(
                                    context!.Principal!.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));
                                }
                            }
-
-                           await onTokenValidatedHandler(context).ConfigureAwait(false);
+                           await Task.CompletedTask;
                        };
 
                        // Handling the sign-out: removing the account from MSAL.NET cache
diff --git a/tests/DevApps/WebAppCallsMicrosoftGraph/Startup.cs b/tests/DevApps/WebAppCallsMicrosoftGraph/Startup.cs
@@ -2,9 +2,11 @@
 // Licensed under the MIT License.
 
 // #define USE_SIGNED_ASSERTION
+using System;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Connections;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Extensions.Configuration;
@@ -34,9 +36,24 @@ public void ConfigureServices(IServiceCollection services)
             string configSection = "AzureAd";
 #endif
 
-
+            int count = 0;
             services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
-                    .AddMicrosoftIdentityWebApp(Configuration.GetSection(configSection))
+                    .AddMicrosoftIdentityWebApp(options =>
+                    {
+                        // Verification of the fix for #2456
+                        if (count>0)
+                        {
+                            throw new ArgumentException("AddMicrosoftIdentityWebApp(delegate). the delegate" +
+                                "is called more than once");
+                        }
+                        else
+                        {
+                            count++;
+                        }
+
+                        Configuration.Bind(configSection, options);
+                    }
+                )
                         .EnableTokenAcquisitionToCallDownstreamApi()
                            .AddMicrosoftGraph(Configuration.GetSection("GraphBeta"))
                            .AddDownstreamApi("GraphBeta", Configuration.GetSection("GraphBeta"))
