-
Notifications
You must be signed in to change notification settings - Fork 369
Regional
This is an option for Microsoft 1p apps only, needing to use certificate based auth.
3p apps can benefit from regional authentication by using Managed Identity.
If MSAL_FORCE_REGION is set to e.g. "westus1", MSAL will use that region. Unless MSAL was already configured programmatically, i.e. WithAzureRegion API takes precedence.
Important
Azure SDK enables regional auth through its own env variable - AZURE_REGIONAL_AUTHORITY_NAME. Internally, Azure SDK uses MSAL with the API WithAzureRegion, so this takes precedence over MSAL_FORCE_REGION
If you use WithAzureRegion("DisableMsalForceRegion") programatically, then MSAL will ignore MSAL_FORCE_REGION
If MSAL_DISABLE_REGION is set to any value, then MSAL will ignore ESTS-R and hit the global ESTS. This disables the API WithAzureRegion
References:
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Maui Docs
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- High Availability
- Regional
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code