[7.0] Enable WAM Broker support for Entra ID Auth modes (#4288)#4388
Merged
Conversation
cheenamalhotra
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Ports PR #4288 to the release/7.0 branch by enabling Windows Account Manager (WAM) broker support for Entra ID authentication in the Azure extensions package, plus related reliability hardening and a WinForms repro app for manual validation.
Changes:
- Add WAM broker opt-in via
ActiveDirectoryAuthenticationProviderOptions.UseWamBroker, new options-bag constructor, and parent-window plumbing for MSAL across platforms. - Harden SqlClient’s Azure-extension bootstrap/initialization and fed-auth retry behavior; add unit tests covering WAM/default-provider construction paths.
- Add a WinForms “AzureSqlConnector” sample app for manual WAM/interactive auth validation; bump MSAL packages and update docs/snippets.
Reviewed changes
Copilot reviewed 31 out of 34 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Microsoft.Data.SqlClient/tests/UnitTests/Microsoft/Data/SqlClient/SqlAuthenticationProviderManagerTests.cs | Adds regression + constructor-selection unit tests for Azure extension bootstrap logic. |
| src/Microsoft.Data.SqlClient/src/Resources/Strings.resx | Adds a new localized error string for WAM-broker config requiring newer Azure extensions. |
| src/Microsoft.Data.SqlClient/src/Resources/Strings.Designer.cs | Regenerates strongly-typed accessor for the new resource string. |
| src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlUtil.cs | Adds helper to throw the new WAM-broker upgrade-required exception. |
| src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs | Adds useWamBroker config parsing + new reflective construction logic for the Azure extension provider. |
| src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/Connection/SqlConnectionInternal.cs | Clears additional fed-auth cached state before AD-auth timeout retry. |
| src/Microsoft.Data.SqlClient.sln | Updates solution metadata and adds the AzureSqlConnector sample project. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/WamBrokerTests.cs | New tests covering WAM broker defaults/opt-in behavior and parent-window callback behavior. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/SqlAuthenticationProviderCollection.cs | New xUnit collection to serialize tests that mutate global provider registry. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/DefaultAuthProviderTests.cs | Serializes this test class with the new collection. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/Config.cs | Minor comment update re: deprecated password auth config. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/AADConnectionTest.cs | Removes deprecated AAD password-flow tests; retains other Entra ID scenarios. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/AADAuthenticationTests.cs | Serializes this test class with the new collection. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/src/Interop/Interop.GetConsoleWindow.cs | Adds Win32 interop for console window discovery (WAM/UI parenting support). |
| src/Microsoft.Data.SqlClient.Extensions/Azure/src/Interop/Interop.GetAncestor.cs | Adds Win32 interop for root-owner window lookup (WAM/UI parenting support). |
| src/Microsoft.Data.SqlClient.Extensions/Azure/src/Azure.csproj | Adds MSAL Broker package reference. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/src/ActiveDirectoryAuthenticationProviderOptions.cs | Introduces new options bag for configuring the AD auth provider, including WAM opt-in. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/src/ActiveDirectoryAuthenticationProvider.Windows.cs | Adds Windows-specific parent-window resolution + console-window fallback. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/src/ActiveDirectoryAuthenticationProvider.cs | Implements options-bag constructor, WAM broker wiring, redirect URI changes, and forwards parent-window callback to MSAL cross-platform. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/doc/ActiveDirectoryAuthenticationProviderOptions.xml | New XML docs for the options bag type and properties. |
| src/Microsoft.Data.SqlClient.Extensions/Azure/doc/ActiveDirectoryAuthenticationProvider.xml | Updates XML docs to describe the new options constructor + parent-window behavior. |
| src/Microsoft.Data.SqlClient.Extensions/Abstractions/src/SqlAuthenticationProvider.Internal.cs | Minor nullability/type annotation adjustment. |
| doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml | Updates snippet docs and adds license header. |
| doc/apps/AzureSqlConnector/README.md | Adds documentation for the new WinForms repro/sample app. |
| doc/apps/AzureSqlConnector/Program.cs | Adds WinForms sample app entry point + mode selector flow. |
| doc/apps/AzureSqlConnector/ModeSelectorForm.cs | Adds a chooser dialog for UI-thread vs worker-thread open modes. |
| doc/apps/AzureSqlConnector/MainFormWorker.Designer.cs | Adds WinForms UI for the worker-thread (sync Open) variant. |
| doc/apps/AzureSqlConnector/MainFormWorker.cs | Implements worker-thread connection open + device code UX + AD provider registration. |
| doc/apps/AzureSqlConnector/MainForm.Designer.cs | Adds WinForms UI for the UI-thread (async/sync selectable) variant. |
| doc/apps/AzureSqlConnector/MainForm.cs | Implements UI-thread open patterns + device code UX + AD provider registration. |
| doc/apps/AzureSqlConnector/IdentityQuery.cs | Shared identity query text used by both sample modes. |
| doc/apps/AzureSqlConnector/AzureSqlConnector.csproj | New multi-targeted WinForms project for manual validation/repro. |
| Directory.Packages.props | Bumps Microsoft.Identity.Client and adds central version for Microsoft.Identity.Client.Broker. |
Files not reviewed (3)
- doc/apps/AzureSqlConnector/MainForm.Designer.cs: Generated file
- doc/apps/AzureSqlConnector/MainFormWorker.Designer.cs: Generated file
- src/Microsoft.Data.SqlClient/src/Resources/Strings.Designer.cs: Generated file
…nager The "Analyze (csharp)" CodeQL job was failing with IL2067/IL2070 trim analyzer errors because CreateAzureAuthenticationProvider used reflection APIs (Activator.CreateInstance, Type.GetConstructor, Type.GetProperty) on Type parameters that lacked [DynamicallyAccessedMembers] annotations. Since the repo has TreatWarningsAsErrors=true, these trim warnings became build errors and broke the CodeQL CI job. Fix: - Add [DynamicallyAccessedMembers(PublicParameterlessConstructor | PublicConstructors)] to the providerType parameter - Add [DynamicallyAccessedMembers(PublicParameterlessConstructor | PublicProperties)] to the optionsType parameter - Suppress IL2072 at the call site (assembly.GetType() returns an unannotated Type? which would otherwise conflict with the now-annotated parameters) Co-authored-by: cheenamalhotra <13396919+cheenamalhotra@users.noreply.github.com>
cheenamalhotra
added
the
Public API 🆕
cheenamalhotra
commented
Jun 19, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 31 out of 34 changed files in this pull request and generated 3 comments.
Files not reviewed (3)
- doc/apps/AzureSqlConnector/MainForm.Designer.cs: Generated file
- doc/apps/AzureSqlConnector/MainFormWorker.Designer.cs: Generated file
- src/Microsoft.Data.SqlClient/src/Resources/Strings.Designer.cs: Generated file
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 32 out of 35 changed files in this pull request and generated 2 comments.
Files not reviewed (3)
- doc/apps/AzureSqlConnector/MainForm.Designer.cs: Generated file
- doc/apps/AzureSqlConnector/MainFormWorker.Designer.cs: Generated file
- src/Microsoft.Data.SqlClient/src/Resources/Strings.Designer.cs: Generated file
apoorvdeshmukh
approved these changes
Jun 22, 2026
mdaigle
approved these changes
Jun 22, 2026
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release/7.0 #4388 +/- ##
===============================================
- Coverage 73.18% 65.79% -7.39%
===============================================
Files 280 275 -5
Lines 43045 65947 +22902
===============================================
+ Hits 31502 43390 +11888
- Misses 11543 22557 +11014
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ports #4288 to release/7.0 branch.