Implemented GitHub feedback

Robbie-Microsoft · Robbie-Microsoft · commit 89866a2ed9f3 · 2025-12-04T12:36:08.000-05:00
diff --git a/src/client/Microsoft.Identity.Client/Http/Retry/ImdsProbeRetryPolicy.cs b/src/client/Microsoft.Identity.Client/Http/Retry/ImdsProbeRetryPolicy.cs
diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsManagedIdentitySource.cs
@@ -276,6 +276,7 @@ public static async Task<bool> ProbeImdsEndpointAsync(
 
             var queryParams = ImdsQueryParamsHelper(requestContext, apiVersionQueryParam, imdsApiVersion);
 
+            // probe omits the "Metadata: true" header and then treats 400 Bad Request as success
             var headers = new Dictionary<string, string>
             {
                 { OAuth2Header.XMsCorrelationId, requestContext.CorrelationId.ToString() }
@@ -310,6 +311,7 @@ public static async Task<bool> ProbeImdsEndpointAsync(
                 return false;
             }
 
+            // probe omits the "Metadata: true" header and then treats 400 Bad Request as success
             if (response.StatusCode == HttpStatusCode.BadRequest)
             {
                 requestContext.Logger.Info(() => $"[Managed Identity] {imdsStringHelper} managed identity is available.");
diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs
@@ -93,7 +93,7 @@ private async Task<AbstractManagedIdentity> GetOrSelectManagedIdentitySourceAsyn
                     ManagedIdentitySource.AzureArc => AzureArcManagedIdentitySource.Create(requestContext),
                     ManagedIdentitySource.ImdsV2 => ImdsV2ManagedIdentitySource.Create(requestContext),
                     ManagedIdentitySource.Imds => ImdsManagedIdentitySource.Create(requestContext),
-                    _ => throw new MsalServiceException(MsalError.ManagedIdentityAllSourcesUnavailable, MsalErrorMessage.ManagedIdentityAllSourcesUnavailable)
+                    _ => throw new MsalClientException(MsalError.ManagedIdentityAllSourcesUnavailable, MsalErrorMessage.ManagedIdentityAllSourcesUnavailable)
                 };
             }
         }
@@ -102,8 +102,7 @@ private async Task<AbstractManagedIdentity> GetOrSelectManagedIdentitySourceAsyn
         // This method is perf sensitive any changes should be benchmarked.
         internal async Task<ManagedIdentitySource> GetManagedIdentitySourceAsync(
             RequestContext requestContext,
-            bool isMtlsPopRequested,
-            bool noImdsV2 = false)
+            bool isMtlsPopRequested)
         {
             // First check env vars to avoid the probe if possible
             ManagedIdentitySource source = GetManagedIdentitySourceNoImds(requestContext.Logger);
diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentityApplication.cs b/src/client/Microsoft.Identity.Client/ManagedIdentityApplication.cs
@@ -63,11 +63,11 @@ public async Task<ManagedIdentitySource> GetManagedIdentitySourceAsync()
                 return ManagedIdentityClient.s_sourceName;
             }
 
-            // Create a temporary RequestContext for the CSR metadata probe request.
-            var csrMetadataProbeRequestContext = new RequestContext(this.ServiceBundle, Guid.NewGuid(), null, CancellationToken.None);
+            // Create a temporary RequestContext for the logger and the IMDS probe request.
+            var requestContext = new RequestContext(this.ServiceBundle, Guid.NewGuid(), null, CancellationToken.None);
 
             // GetManagedIdentitySourceAsync might return ImdsV2 = true, but it still requires .WithMtlsProofOfPossesion on the Managed Identity Application object to hit the ImdsV2 flow
-            return await ManagedIdentityClient.GetManagedIdentitySourceAsync(csrMetadataProbeRequestContext, isMtlsPopRequested: true).ConfigureAwait(false);
+            return await ManagedIdentityClient.GetManagedIdentitySourceAsync(requestContext, isMtlsPopRequested: true).ConfigureAwait(false);
         }
 
         /// <summary>
diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ImdsTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ImdsTests.cs
@@ -464,7 +464,7 @@ public async Task ProbeImdsEndpointAsync_TimesOutAfterOneSecond()
                 var miSource = await (managedIdentityApp as ManagedIdentityApplication).GetManagedIdentitySourceAsync().ConfigureAwait(false);
                 Assert.AreEqual(ManagedIdentitySource.None, miSource); // Probe timed out, no source available
 
-                var ex = await Assert.ThrowsExceptionAsync<MsalServiceException>(async () =>
+                var ex = await Assert.ThrowsExceptionAsync<MsalClientException>(async () =>
                     await managedIdentityApp.AcquireTokenForManagedIdentity(ManagedIdentityTests.Resource)
                     .ExecuteAsync().ConfigureAwait(false)
                 ).ConfigureAwait(false);
diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs
@@ -1162,7 +1162,7 @@ public async Task UnavailableManagedIdentitySource_ThrowsExceptionDuringTokenAcq
 
                 httpManager.AddMockHandler(MockHelpers.MockImdsProbeFailure(ImdsVersion.V1));
 
-                MsalServiceException ex = await Assert.ThrowsExceptionAsync<MsalServiceException>(async () =>
+                var ex = await Assert.ThrowsExceptionAsync<MsalClientException>(async () =>
                     await mi.AcquireTokenForManagedIdentity("https://management.azure.com")
                         .ExecuteAsync()
                         .ConfigureAwait(false)).ConfigureAwait(false);

Original file line number	Diff line number	Diff line change
`@@ -276,6 +276,7 @@ public static async Task<bool> ProbeImdsEndpointAsync(`
`276`	`276`
`277`	`277`	`var queryParams = ImdsQueryParamsHelper(requestContext, apiVersionQueryParam, imdsApiVersion);`
`278`	`278`
	`279`	`+ // probe omits the "Metadata: true" header and then treats 400 Bad Request as success`
`279`	`280`	`var headers = new Dictionary<string, string>`
`280`	`281`	`{`
`281`	`282`	`{ OAuth2Header.XMsCorrelationId, requestContext.CorrelationId.ToString() }`
`@@ -310,6 +311,7 @@ public static async Task<bool> ProbeImdsEndpointAsync(`
`310`	`311`	`return false;`
`311`	`312`	`}`
`312`	`313`
	`314`	`+ // probe omits the "Metadata: true" header and then treats 400 Bad Request as success`
`313`	`315`	`if (response.StatusCode == HttpStatusCode.BadRequest)`
`314`	`316`	`{`
`315`	`317`	`requestContext.Logger.Info(() => $"[Managed Identity] {imdsStringHelper} managed identity is available.");`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ private async Task<AbstractManagedIdentity> GetOrSelectManagedIdentitySourceAsyn`
`93`	`93`	`ManagedIdentitySource.AzureArc => AzureArcManagedIdentitySource.Create(requestContext),`
`94`	`94`	`ManagedIdentitySource.ImdsV2 => ImdsV2ManagedIdentitySource.Create(requestContext),`
`95`	`95`	`ManagedIdentitySource.Imds => ImdsManagedIdentitySource.Create(requestContext),`
`96`		`- _ => throw new MsalServiceException(MsalError.ManagedIdentityAllSourcesUnavailable, MsalErrorMessage.ManagedIdentityAllSourcesUnavailable)`
	`96`	`+ _ => throw new MsalClientException(MsalError.ManagedIdentityAllSourcesUnavailable, MsalErrorMessage.ManagedIdentityAllSourcesUnavailable)`
`97`	`97`	`};`
`98`	`98`	`}`
`99`	`99`	`}`
`@@ -102,8 +102,7 @@ private async Task<AbstractManagedIdentity> GetOrSelectManagedIdentitySourceAsyn`
`102`	`102`	`// This method is perf sensitive any changes should be benchmarked.`
`103`	`103`	`internal async Task<ManagedIdentitySource> GetManagedIdentitySourceAsync(`
`104`	`104`	`RequestContext requestContext,`
`105`		`- bool isMtlsPopRequested,`
`106`		`- bool noImdsV2 = false)`
	`105`	`+ bool isMtlsPopRequested)`
`107`	`106`	`{`
`108`	`107`	`// First check env vars to avoid the probe if possible`
`109`	`108`	`ManagedIdentitySource source = GetManagedIdentitySourceNoImds(requestContext.Logger);`
Original file line number	Diff line number	Diff line change
`@@ -63,11 +63,11 @@ public async Task<ManagedIdentitySource> GetManagedIdentitySourceAsync()`
`63`	`63`	`return ManagedIdentityClient.s_sourceName;`
`64`	`64`	`}`
`65`	`65`
`66`		`- // Create a temporary RequestContext for the CSR metadata probe request.`
`67`		`- var csrMetadataProbeRequestContext = new RequestContext(this.ServiceBundle, Guid.NewGuid(), null, CancellationToken.None);`
	`66`	`+ // Create a temporary RequestContext for the logger and the IMDS probe request.`
	`67`	`+ var requestContext = new RequestContext(this.ServiceBundle, Guid.NewGuid(), null, CancellationToken.None);`
`68`	`68`
`69`	`69`	`// GetManagedIdentitySourceAsync might return ImdsV2 = true, but it still requires .WithMtlsProofOfPossesion on the Managed Identity Application object to hit the ImdsV2 flow`
`70`		`- return await ManagedIdentityClient.GetManagedIdentitySourceAsync(csrMetadataProbeRequestContext, isMtlsPopRequested: true).ConfigureAwait(false);`
	`70`	`+ return await ManagedIdentityClient.GetManagedIdentitySourceAsync(requestContext, isMtlsPopRequested: true).ConfigureAwait(false);`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`/// <summary>`