AzureAD · trwalke · Apr 17, 2024 · Mar 27, 2024 · Mar 28, 2024 · Mar 28, 2024
@@ -38,6 +38,13 @@ steps:
     BuildPlatform: '$(BuildPlatform)'
     BuildConfiguration: '$(BuildConfiguration)'
     MsIdentityWebSemVer: $(MsIdentityWebSemVer)
+
+# Run all tests
+- template: template-run-unit-tests.yaml
+  parameters:
+    BuildPlatform: '$(BuildPlatform)'
+    BuildConfiguration: '$(BuildConfiguration)'
+    MsIdentityWebSemVer: $(MsIdentityWebSemVer)
 
 # Run Post-build code analysis (e.g. Roslyn)
 - template: template-postbuild-code-analysis.yaml

@@ -10,13 +10,14 @@ steps:
 - script: |
     dotnet workload restore tests\DevApps\blazorwasm-b2c\blazorwasm2-b2c.csproj
   displayName: 'Install wasm-tools'
-  
+
 - task: DotNetCoreCLI@2
-  displayName: 'Build solution Microsoft.Identity.Web.sln and run tests'
+  displayName: 'Build solution Microsoft.Identity.Web.sln'
   inputs:
-    command: test
+    command: 'custom'
+    custom: 'build'
     projects: 'Microsoft.Identity.Web.sln'
-    arguments: '--collect "Code coverage" --settings "build\CodeCoverage.runsettings" --configuration ${{ parameters.BuildConfiguration }} -p:RunCodeAnalysis=true -p:MsIdentityWebSemVer=${{ parameters.MsIdentityWebSemVer }} -p:SourceLinkCreate=true'
+    arguments: '-p:configuration=${{ parameters.BuildConfiguration }} -p:RunCodeAnalysis=true -p:MsIdentityWebSemVer=${{ parameters.MsIdentityWebSemVer }} -p:SourceLinkCreate=true'
 
 # This task is needed so that the 1CS Rolsyn analyzers task works.
 # The previous task does the restore

@@ -3,18 +3,66 @@
 
 steps:
 
-- task: DotNetCoreCLI@2
+- task: VSTest@2
+  displayName: 'Run unit tests'
   inputs:
-    command: 'test'
-    projects: |
-        Tests/**/*.csproj
-        !Tests/DevApps/**/*.csproj 
-    arguments: '--collect "Code coverage" --settings "build\CodeCoverage.runsettings"'
-    continueOnError: 'true'
+    testSelector: 'testAssemblies'
+    testAssemblyVer2: 'tests\Microsoft.Identity.Web.Test\bin\**\Microsoft.Identity.Web.Test.dll'
+    searchFolder: '$(System.DefaultWorkingDirectory)'
+    runInParallel: true
+    codeCoverageEnabled: true
+    failOnMinTestsNotRun: true
+    minimumExpectedTests: '1'
+
+- task: VSTest@2
+  displayName: 'Run integration tests'
+  inputs:
+    testSelector: 'testAssemblies'
+    testAssemblyVer2: 'tests\Microsoft.Identity.Web.Test.Integration\bin\**\Microsoft.Identity.Web.Test.Integration.dll'
+    searchFolder: '$(System.DefaultWorkingDirectory)'
+    rerunFailedTests: true
+    rerunMaxAttempts: '3'
+    runInParallel: false
+    codeCoverageEnabled: true
+    failOnMinTestsNotRun: false
+    minimumExpectedTests: '1'
+
+- task: VSTest@2
+  displayName: 'Run E2E tests'
+  inputs:
+    testSelector: 'testAssemblies'
+    testAssemblyVer2: |
+        tests\E2E Tests\WebAppUiTests\bin\**\WebAppUiTests.dll
+        tests\E2E Tests\TokenAcquirerTests\bin\**\TokenAcquirerTests.dll
+        tests\E2E Tests\NET 7 tests\IntegrationTests\bin\**\IntegrationTests.dll
+    searchFolder: '$(System.DefaultWorkingDirectory)'
+    rerunFailedTests: true
+    rerunMaxAttempts: '3'
+    runInParallel: false
+    codeCoverageEnabled: true
+    failOnMinTestsNotRun: false
+    minimumExpectedTests: '1'
 
 - task: PublishBuildArtifacts@1
   displayName: 'Publish traces after test'
   inputs:
     PathtoPublish: '$(Build.SourcesDirectory)/tests/E2E Tests/PlaywrightTraces/'
     ArtifactName: 'traces-after-tests-$(Build.BuildNumber)'
+  condition: failed()
+
+# Copy all packages out to staging
+- task: CopyFiles@2
+  displayName: 'Copy screenshots to staging directory'
+  inputs:
+    SourceFolder: '$(Build.SourcesDirectory)/tests/E2E Tests/'
+    Contents: '**/*screenshotFail.png'
+    TargetFolder: '$(Build.ArtifactStagingDirectory)\screenshots'
+    flattenFolders: true
+  condition: failed()
+
+- task: PublishBuildArtifacts@1
+  displayName: 'Publish Screenshot after test'
+  inputs:
+    PathtoPublish: '$(Build.ArtifactStagingDirectory)\screenshots'
+    ArtifactName: 'ScreenshotFail'
   condition: failed()
diff --git a/tests/DevApps/WebAppCallsMicrosoftGraph/Startup.cs b/tests/DevApps/WebAppCallsMicrosoftGraph/Startup.cs
@@ -3,6 +3,9 @@
 
 // #define USE_SIGNED_ASSERTION
 using System;
+#if NET8_0
+using Microsoft.AspNetCore.Authentication.Certificate;
+#endif
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
@@ -37,6 +40,10 @@ public void ConfigureServices(IServiceCollection services)
 #endif
 
             int count = 0;
+#if NET8_0
+            services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
+                    .AddCertificate();
+#endif
             services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                     .AddMicrosoftIdentityWebApp(options =>
                     {

diff --git a/tests/DevApps/WebAppCallsMicrosoftGraph/WebAppCallsMicrosoftGraph.csproj b/tests/DevApps/WebAppCallsMicrosoftGraph/WebAppCallsMicrosoftGraph.csproj
@@ -8,4 +8,9 @@
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web.UI\Microsoft.Identity.Web.UI.csproj" />
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
   </ItemGroup>
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate">
+      <Version>8.0.4</Version>
+    </PackageReference>
+  </ItemGroup>
 </Project>
@@ -22,10 +22,10 @@
                 "KeyVaultUrl": "https://webappsapistests.vault.azure.net",
                 "KeyVaultCertificateName": "Self-Signed-5-5-22"
             }
-            // {
-            //    "SourceType": "ClientSecret",
-            //    "ClientSecret": ""
-            // }
+             //{
+             //   "SourceType": "ClientSecret",
+             //   "ClientSecret": ""
+             //}
         ]
 
         // Id.Web v1.0 way of declaring client credentials

@@ -10,14 +10,14 @@
   },
   "profiles": {
     "https": {
-      "commandName": "Project",
-      "dotnetRunMessages": true,
-      "launchBrowser": true,
-      "launchUrl": "swagger",
-      "applicationUrl": "https://localhost:7082;http://localhost:5299",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
+        "commandName": "Project",
+        "dotnetRunMessages": true,
+        "launchBrowser": true,
+        "launchUrl": "swagger",
+        "applicationUrl": "https://localhost:7082;http://localhost:5299;",
+        "environmentVariables": {
+            "ASPNETCORE_ENVIRONMENT": "Development"
+        }
     },
     "IIS Express": {
       "commandName": "IISExpress",

@@ -1,8 +1,8 @@
 {
   "AzureAd": {
-    "ClientId": "63e6d091-0e6d-4c8b-be67-d405e02ae3d8",
+    "ClientId": "634de702-3173-4a71-b336-a4fab786a479",
     "Scopes": "access_as_user",
-    "Authority": "https://TrialTenantJmprieur.ciamlogin.com/"
+    "Authority": "https://MSIDLABCIAM6.ciamlogin.com"
   },
   "Logging": {
     "LogLevel": {

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net7.0</TargetFrameworks>
+    <TargetFrameworks>net8.0</TargetFrameworks>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>aspnet-myWebApi-17be892d-3bb3-4282-92e2-301b02c86ed6</UserSecretsId>

@@ -2,15 +2,13 @@
 // Licensed under the MIT License.
 
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Identity.Web;
 using Microsoft.Identity.Web.UI;
 
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
-var initialScopes = builder.Configuration["DownstreamApi:Scopes"]?.Split(' ');
+var initialScopes = builder.Configuration.GetSection("DownstreamApi:Scopes").Get<string[]>();
 
 builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
     .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))

@@ -1,16 +1,30 @@
 {
-  "AzureAd": {
-    "ClientId": "4c8068d9-c00f-4908-afd7-44e4b263f66c",
-    "ClientSecret": "See user secrets",
-    "ClientCertificates": [],
-    "CallbackPath": "/signin-oidc",
-    "Authority": "https://TrialTenantJmprieur.ciamlogin.com/",
-    "Prompt": "login"
-  },
-  "DownstreamApi": {
-    "BaseUrl": "https://localhost:7082/weatherforecast",
-    "Scopes": [ "api://63e6d091-0e6d-4c8b-be67-d405e02ae3d8/.default" ]
-  },
+    "AzureAd": {
+        "ClientId": "b244c86f-ed88-45bf-abda-6b37aa482c79",
+        "ClientCertificates": [],
+        "CallbackPath": "/signin-oidc",
+        "Authority": "https://MSIDLABCIAM6.ciamlogin.com",
+        "Prompt": "login",
+        "ClientCredentials": [
+            //{
+            //    "SourceType": "SignedAssertionFromManagedIdentity",
+            //    "ManagedIdentityClientId": ""
+            //},
+            {
+                "SourceType": "KeyVault",
+                "KeyVaultUrl": "https://webappsapistests.vault.azure.net",
+                "KeyVaultCertificateName": "Self-Signed-5-5-22"
+            }
+            //{
+            //   "SourceType": "ClientSecret",
+            //   "ClientSecret": ""
+            //}
+        ]
+    },
+    "DownstreamApi": {
+        "BaseUrl": "http://localhost:5299/WeatherForecast",
+        "Scopes": [ "api://634de702-3173-4a71-b336-a4fab786a479/.default" ]
+    },
   "Logging": {
     "LogLevel": {
         "Default": "Information",

@@ -5,6 +5,7 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>aspnet-myWebApp-23b8728b-775f-4796-8b63-e85cbaccc27c</UserSecretsId>
+    <UseWIP>true</UseWIP>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(UseWIP)' == 'false' ">

@@ -31,6 +31,13 @@ public class TokenAcquirer
                 "Self-Signed-5-5-22")
         };
 
+        private static readonly CredentialDescription[] s_ciamClientCredentials = new[]
+{
+            CertificateDescription.FromKeyVault(
+                "https://buildautomation.vault.azure.net",
+                "AzureADIdentityDivisionTestAgentCert")
+        };
+
         public TokenAcquirer()
         {
             TokenAcquirerFactory.ResetDefaultInstance(); // Test only
@@ -92,6 +99,23 @@ public async Task AcquireToken_WithMicrosoftIdentityApplicationOptions_ClientCre
             await CreateGraphClientAndAssert(tokenAcquirerFactory, services);
         }
 
+        [IgnoreOnAzureDevopsFact(Skip = "https://github.com/AzureAD/microsoft-identity-web/issues/2732")]
+        //[Fact]
+        public async Task AcquireToken_WithMicrosoftIdentityApplicationOptions_ClientCredentialsCiamAsync()
+        {
+            TokenAcquirerFactory tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
+            IServiceCollection services = tokenAcquirerFactory.Services;
+
+            services.Configure<MicrosoftIdentityApplicationOptions>(s_optionName, option =>
+            {
+                option.Authority = "https://MSIDLABCIAM6.ciamlogin.com";
+                option.ClientId = "b244c86f-ed88-45bf-abda-6b37aa482c79";
+                option.ClientCredentials = s_clientCredentials;
+            });
+
+            await CreateGraphClientAndAssert(tokenAcquirerFactory, services);
+        }
+
         [IgnoreOnAzureDevopsFact]
         // [Fact]
         public async Task AcquireToken_WithFactoryAndMicrosoftIdentityApplicationOptions_ClientCredentialsAsync()