Minor updates and fixes for AppAuthentication library

README.md

@@ -17,7 +17,7 @@ For a full list of packages available for download in this repository, please se
 ### Prerequisites:
   Install VS 2017 (Professional or higher) + VS2017 Update 1
   (https://www.visualstudio.com/).
-  To know more about VS 2017 and it's project system (https://docs.microsoft.com/en-us/visualstudio/#pivot=workloads&panel=windows)
+  To know more about VS 2017 and its project system (https://docs.microsoft.com/en-us/visualstudio/#pivot=workloads&panel=windows)
 
 ### Directory Restructure
 Directory structure has been simplified and consolidated in fewer directories

src/SdkCommon/AppAuthentication/Azure.Services.AppAuthentication/AzureServiceTokenProvider.cs

@@ -25,7 +25,7 @@ public class AzureServiceTokenProvider
         // List of potential token providers. 
         private readonly List<NonInteractiveAzureServiceTokenProviderBase> _potentialAccessTokenProviders;
 
-        // Ensures only one threads gets the token from the actual source. It is then cached, so other threads can get it from the cache. 
+        // Ensures only one thread gets the token from the actual source. It is then cached, so other threads can get it from the cache. 
         private static readonly SemaphoreSlim Semaphore = new SemaphoreSlim(1, 1);
 
         /// <summary>
@@ -190,7 +190,7 @@ private async Task<string> GetAccessTokenAsyncImpl(string authority, string reso
             }
             finally
             {
-                // Whichever way the try block exists, the semaphone must be released. 
+                // Whichever way the try block exits, the semaphore must be released. 
                 Semaphore.Release();
             }
 

src/SdkCommon/AppAuthentication/Azure.Services.AppAuthentication/AzureServiceTokenProviderException.cs

@@ -8,6 +8,9 @@ namespace Microsoft.Azure.Services.AppAuthentication
     /// <summary>
     /// Instance of this exception is thrown if access token cannot be acquired. 
     /// </summary>
+#if FullNetFx
+    [Serializable]
+#endif
     public class AzureServiceTokenProviderException : Exception
     {
         internal const string MsiEndpointNotListening = "Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.";
@@ -37,7 +40,7 @@ public class AzureServiceTokenProviderException : Exception
         /// <param name="authority">Authority for which token was expected.</param>
         /// <param name="message">Reason why token could not be acquired.</param>
         internal AzureServiceTokenProviderException(string connectionString, string resource, string authority, string message) : 
-            base($"Parameters: Connectionstring: {connectionString ?? "[No connection string specified]"}, " +
+            base($"Parameters: Connection String: {connectionString ?? "[No connection string specified]"}, " +
                  $"Resource: {resource}, Authority: {authority ?? "[No authority specified]"}. Exception Message: {message}")
         {
         }

src/SdkCommon/AppAuthentication/Azure.Services.AppAuthentication/AzureServiceTokenProviderFactory.cs

@@ -42,9 +42,9 @@ internal static NonInteractiveAzureServiceTokenProviderBase Create(string connec
 
             string runAs = connectionSettings[RunAs];
 
-            // If RunAs=Developer
             if (string.Equals(runAs, Developer, StringComparison.OrdinalIgnoreCase))
             {
+                // If RunAs=Developer
                 ValidateAttribute(connectionSettings, DeveloperTool, connectionString);
 
                 // And Dev Tool equals AzureCLI or VisualStudio
@@ -71,7 +71,7 @@ internal static NonInteractiveAzureServiceTokenProviderBase Create(string connec
             }
             else if (string.Equals(runAs, App, StringComparison.OrdinalIgnoreCase))
             {
-                // If AuthenticateAs=App
+                // If RunAs=App
                 // If AppId key is present, use certificate or Client Secret based token provider
                 if (connectionSettings.ContainsKey(AppId))
                 {

src/SdkCommon/AppAuthentication/Azure.Services.AppAuthentication/Microsoft.Azure.Services.AppAuthentication.csproj

@@ -2,14 +2,15 @@
     <PropertyGroup>
         <PackageId>Microsoft.Azure.Services.AppAuthentication</PackageId>
         <Description>Enables a service to authenticate to Azure services using the developer's Azure Active Directory/ Microsoft account during development, and authenticate as itself (using OAuth 2.0 Client Credentials flow) when deployed to Azure.</Description>
-        <Version>1.0.1</Version>
+        <Version>1.0.3</Version>
         <AssemblyName>Microsoft.Azure.Services.AppAuthentication</AssemblyName>
         <PackageTags>Azure Authentication AppAuthentication</PackageTags>
 	<PackageReleaseNotes>
 		<![CDATA[
 			Documentation can be found at https://go.microsoft.com/fwlink/p/?linkid=862452.
 
-			Bug fix: Microsoft.Azure.Services.AppAuthentication.targets was missing.
+			MsiAccessTokenProvider updated to use IDMS endpoint for authentication
+			Bug fix: Serializable tag was missing on AzureServicesTokenProviderException
 		]]>
 	</PackageReleaseNotes>
     </PropertyGroup>

src/SdkCommon/AppAuthentication/Azure.Services.AppAuthentication/Properties/AssemblyInfo.cs

@@ -4,8 +4,8 @@
 [assembly: AssemblyTitle("Microsoft.Azure.Services.AppAuthentication")]
 [assembly: AssemblyDescription("Enables a service to authenticate to Azure services using the developer's Azure Active Directory/ Microsoft account during development, and authenticate as itself (using OAuth 2.0 Client Credentials flow) when deployed to Azure.")]
 
-[assembly: AssemblyVersion("1.0.1.0")]
-[assembly: AssemblyFileVersion("1.0.1.0")]
+[assembly: AssemblyVersion("1.0.3.0")]
+[assembly: AssemblyFileVersion("1.0.3.0")]
 [assembly: AssemblyCompany("Microsoft Corporation")]
 [assembly: AssemblyProduct("Microsoft Azure")]
 [assembly: AssemblyCopyright("Copyright (c) Microsoft Corporation. All rights reserved.")]

src/SdkCommon/AppAuthentication/Azure.Services.AppAuthentication/TokenProviders/MsiAccessTokenProvider.cs

@@ -19,8 +19,8 @@ internal class MsiAccessTokenProvider : NonInteractiveAzureServiceTokenProviderB
         // HttpClient is intended to be instantiated once and re-used throughout the life of an application. 
         private static readonly HttpClient DefaultHttpClient = new HttpClient();
 
-        // Default Azure VM MSI endpoint
-        private const string AzureVmMsiEndpoint = "http://localhost:50342/oauth2/token";
+        // Azure Instance Metadata Service (IDMS) endpoint
+        private const string AzureVmIdmsEndpoint = "http://169.254.169.254/metadata/identity/oauth2/token";
 
         internal MsiAccessTokenProvider()
         {
@@ -41,12 +41,10 @@ public override async Task<string> GetTokenAsync(string resource, string authori
                 string msiSecret = Environment.GetEnvironmentVariable("MSI_SECRET");
                 var isAppServicesMsiAvailable = !string.IsNullOrWhiteSpace(msiEndpoint) && !string.IsNullOrWhiteSpace(msiSecret);
 
-                string authorityParameter = string.IsNullOrEmpty(authority) ? string.Empty : $"&authority={authority}";
-
                 // Craft request as per the MSI protocol
                 var requestUrl = isAppServicesMsiAvailable
                     ? $"{msiEndpoint}?resource={resource}&api-version=2017-09-01"
-                    : $"{AzureVmMsiEndpoint}?resource={resource}{authorityParameter}";
+                    : $"{AzureVmIdmsEndpoint}?resource={resource}&api-version=2018-02-01";
 
                 // Use the httpClient specified in the constructor. If it was not specified in the constructor, use the default httpclient. 
                 HttpClient httpClient = _httpClient ?? DefaultHttpClient;
@@ -61,7 +59,7 @@ public override async Task<string> GetTokenAsync(string resource, string authori
                 {
                     request.Headers.Add("Metadata", "true");
                 }
-                
+
                 HttpResponseMessage response = await httpClient.SendAsync(request).ConfigureAwait(false);
 
                 // If the response is successful, it should have JSON response with an access_token field