Class ConfidentialClientApplicationOptions

Namespace

Microsoft.Identity.Client

Assembly

Microsoft.Identity.Client.dll

Configuration options for a confidential client application (web app / web API / daemon app). See https://aka.ms/msal-net/application-configuration

public class ConfidentialClientApplicationOptions : ApplicationOptions

Inheritance

object

BaseApplicationOptions

ApplicationOptions

ConfidentialClientApplicationOptions

Inherited Members

ApplicationOptions.ClientId

ApplicationOptions.TenantId

ApplicationOptions.AadAuthorityAudience

ApplicationOptions.Instance

ApplicationOptions.AzureCloudInstance

ApplicationOptions.RedirectUri

ApplicationOptions.ClientName

ApplicationOptions.ClientVersion

ApplicationOptions.ClientCapabilities

ApplicationOptions.LegacyCacheCompatibilityEnabled

ApplicationOptions.KerberosServicePrincipalName

ApplicationOptions.TicketContainer

BaseApplicationOptions.LogLevel

BaseApplicationOptions.EnablePiiLogging

BaseApplicationOptions.IsDefaultPlatformLoggingEnabled

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

ConfidentialClientApplicationOptions()

public ConfidentialClientApplicationOptions()

Properties

AzureRegion

Instructs MSAL.NET to use an Azure regional token service. This setting should be set to either the string with the region (preferred) or to "TryAutoDetect" and MSAL.NET will attempt to auto-detect the region.

public string AzureRegion { get; set; }

Property Value

string

Remarks

Region names as per Region class documentation. Not all auth flows can use the regional token service. Service To Service (client credential flow) tokens can be obtained from the regional service. Requires configuration at the tenant level. Auto-detection works on a limited number of Azure artifacts (VMs, Azure functions). If auto-detection fails, the non-regional endpoint will be used. If an invalid region name is provided, the non-regional endpoint MIGHT be used or the token request MIGHT fail. See https://aka.ms/msal-net-region-discovery for more details.

ClientSecret

Client secret for the confidential client application. This secret (application password) is provided by the application registration portal, or provided to Azure AD during the application registration with PowerShell AzureAD, PowerShell AzureRM, or Azure CLI.

public string ClientSecret { get; set; }

Property Value

string

EnableCacheSynchronization

When set to true, MSAL will lock cache access at the ConfidentialClientApplication level, i.e. the block of code between BeforeAccessAsync and AfterAccessAsync callbacks will be synchronized. Apps can set this flag to false to enable an optimistic cache locking strategy, which may result in better performance at the cost of cache consistency. Setting this flag to false is only recommended for apps which create a new ConfidentialClientApplication per request.

public bool EnableCacheSynchronization { get; set; }

Property Value

bool

Remarks

This flag is true by default. The default behavior is recommended.