Skip to main content

CertificateStoreCredentialProvider

  • Namespace: PPDS.Auth.Credentials
  • Assembly: PPDS.Auth
  • Kind: Class
  • Implements: ICredentialProvider, IDisposable

Summary

Provides authentication using a certificate from the Windows certificate store.

Members

Constructors

CertificateStoreCredentialProvider(string applicationId, string thumbprint, string tenantId, StoreName storeName, StoreLocation storeLocation, CloudEnvironment cloud)

CertificateStoreCredentialProvider(string applicationId, string thumbprint, string tenantId, StoreName storeName, StoreLocation storeLocation, CloudEnvironment cloud)

Creates a new certificate store credential provider.

  • Param applicationId: The application (client) ID.

  • Param thumbprint: The certificate thumbprint.

  • Param tenantId: The tenant ID.

  • Param storeName: The certificate store name (default: My).

  • Param storeLocation: The certificate store location (default: CurrentUser).

  • Param cloud: The cloud environment.

Methods

CreateServiceClientAsync

Task<ServiceClient> CreateServiceClientAsync(string environmentUrl, CancellationToken cancellationToken, bool forceInteractive)

Creates an authenticated ServiceClient for the specified environment URL.

  • Param environmentUrl: The Dataverse environment URL.

  • Param cancellationToken: Cancellation token.

  • Param forceInteractive: If true, skip silent auth and prompt user directly. Use for profile creation.

  • Returns: An authenticated ServiceClient.

Dispose

void Dispose()

(inherited from System.IDisposable.Dispose)

FromProfile

CertificateStoreCredentialProvider FromProfile(AuthProfile profile)

Creates a provider from an auth profile.

  • Param profile: The auth profile.

  • Returns: A new provider instance.

GetCachedTokenInfoAsync

Task<CachedTokenInfo> GetCachedTokenInfoAsync(string environmentUrl, CancellationToken cancellationToken)

Gets cached token information without triggering interactive authentication. Queries the MSAL token cache to determine current token state.

  • Param environmentUrl: The Dataverse environment URL to check token for.

  • Param cancellationToken: Cancellation token.

  • Returns: Token information if a valid cached token exists, null if token is expired or not cached.

Properties

AccessToken

string AccessToken { get; }

Gets the access token from the last authentication. Available after successful authentication. Used for extracting JWT claims.

AuthMethod

AuthMethod AuthMethod { get; }

Gets the authentication method this provider handles.

HomeAccountId

string HomeAccountId { get; }

Gets the MSAL home account identifier. Format: {objectId}.{tenantId} - uniquely identifies the account+tenant for token cache lookup. Available after successful authentication.

IdTokenClaims

ClaimsPrincipal IdTokenClaims { get; }

Gets the ID token claims from the last authentication (if available). The ID token typically contains user claims like country that aren't in the access token.

Identity

string Identity { get; }

Gets the identity string for display (e.g., username or app ID). Available after successful authentication.

ObjectId

string ObjectId { get; }

Gets the Entra Object ID (OID) from the authentication result. Available after successful authentication.

TenantId

string TenantId { get; }

Gets the tenant ID from the authentication result. Available after successful authentication.

TokenExpiresAt

Nullable<DateTimeOffset> TokenExpiresAt { get; }

Gets the token expiration time. Available after successful authentication.