diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs
index 566a820616..1c1883aedf 100644
--- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs
+++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs
@@ -62,11 +62,7 @@ internal static ManagedIdentitySource GetManagedIdentitySource(ILoggerAdapter lo
string imdsEndpoint = EnvironmentVariables.ImdsEndpoint;
string podIdentityEndpoint = EnvironmentVariables.PodIdentityEndpoint;
- if (!string.IsNullOrEmpty(msiSecretMachineLearning) && !string.IsNullOrEmpty(msiEndpoint))
- {
- return ManagedIdentitySource.MachineLearning;
- }
- else if (!string.IsNullOrEmpty(identityEndpoint) && !string.IsNullOrEmpty(identityHeader))
+ if (!string.IsNullOrEmpty(identityEndpoint) && !string.IsNullOrEmpty(identityHeader))
{
if (!string.IsNullOrEmpty(identityServerThumbprint))
{
@@ -77,6 +73,10 @@ internal static ManagedIdentitySource GetManagedIdentitySource(ILoggerAdapter lo
return ManagedIdentitySource.AppService;
}
}
+ else if (!string.IsNullOrEmpty(msiSecretMachineLearning) && !string.IsNullOrEmpty(msiEndpoint))
+ {
+ return ManagedIdentitySource.MachineLearning;
+ }
else if (!string.IsNullOrEmpty(msiEndpoint))
{
return ManagedIdentitySource.CloudShell;
diff --git a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs
index 5ae110e4da..c6e0627d0c 100644
--- a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs
+++ b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs
@@ -66,6 +66,41 @@ public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentity
}
}
+ ///
+ /// Sets environment variables for testing upgrade scenarios.
+ /// This method mimics a scenario where older environment variables
+ /// (e.g., MSI_ENDPOINT and MSI_SECRET) from previous versions of
+ /// App Service (2017) still exist after an upgrade to newer versions (2019).
+ /// It ensures that MSAL's Managed Identity source detection can correctly
+ /// handle both legacy and new variables.
+ ///
+ ///
+ /// The type of managed identity source being tested (e.g., AppService, MachineLearning).
+ ///
+ ///
+ /// The endpoint URL to be set as part of the environment variables.
+ ///
+ ///
+ /// Optional: The secret value to be set (default is "secret").
+ ///
+ ///
+ /// Optional: The certificate thumbprint to be set (default is "thumbprint").
+ ///
+ internal static void SetUpgradeScenarioEnvironmentVariables(ManagedIdentitySource managedIdentitySource, string endpoint, string secret = "secret", string thumbprint = "thumbprint")
+ {
+ // Use the common method to set base environment variables
+ SetEnvironmentVariables(managedIdentitySource, endpoint, secret, thumbprint);
+
+ // Add upgrade-specific variables where needed
+ switch (managedIdentitySource)
+ {
+ case ManagedIdentitySource.AppService:
+ Environment.SetEnvironmentVariable("MSI_ENDPOINT", endpoint);
+ Environment.SetEnvironmentVariable("MSI_SECRET", secret);
+ break;
+ }
+ }
+
///
/// Create the MIA with the http proxy
///
diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/AppServiceTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/AppServiceTests.cs
index 2ad9732daa..5b7ca38f3d 100644
--- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/AppServiceTests.cs
+++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/AppServiceTests.cs
@@ -20,6 +20,8 @@ namespace Microsoft.Identity.Test.Unit.ManagedIdentityTests
public class AppServiceTests : TestBase
{
private const string AppService = "App Service";
+ internal const string AppServiceEndpoint = "http://127.0.0.1:41564/msi/token";
+ internal const string MachineLearningEndpoint = "http://localhost:7071/msi/token";
[TestMethod]
public async Task AppServiceInvalidEndpointAsync()
@@ -47,5 +49,23 @@ await mi.AcquireTokenForManagedIdentity(ManagedIdentityTests.Resource)
Assert.AreEqual(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, "IDENTITY_ENDPOINT", "127.0.0.1:41564/msi/token", AppService), ex.Message);
}
}
+
+ // Regression test for Bug ID #5077 - ManagedIdentityCredential authentication failed
+ [DataTestMethod]
+ [DataRow("http://127.0.0.1:41564/msi/token/", ManagedIdentitySource.AppService, ManagedIdentitySource.AppService)]
+ [DataRow(AppServiceEndpoint, ManagedIdentitySource.AppService, ManagedIdentitySource.AppService)]
+ [DataRow(MachineLearningEndpoint, ManagedIdentitySource.MachineLearning, ManagedIdentitySource.MachineLearning)]
+ public void TestAppServiceUpgradeScenario(
+ string endpoint,
+ ManagedIdentitySource managedIdentitySource,
+ ManagedIdentitySource expectedManagedIdentitySource)
+ {
+ using (new EnvVariableContext())
+ {
+ SetUpgradeScenarioEnvironmentVariables(managedIdentitySource, endpoint);
+
+ Assert.AreEqual(expectedManagedIdentitySource, ManagedIdentityApplication.GetManagedIdentitySource());
+ }
+ }
}
}