Add optional login and domain hints to SignIn method (#3330)

* Added new optional paramters in the sign in function. Removed the old public api signatire and added new one.

* Modeified the SignIn method. Added some tests to test the changes

* Removed unwanted test. Added the project to the solution

* Update tests/Microsoft.Identity.Web.UI.Test/Microsoft.Identity.Web.UI.Test.csproj

Co-authored-by: Westin Musser <127992899+westin-m@users.noreply.github.com>

* Update tests/Microsoft.Identity.Web.UI.Test/Microsoft.Identity.Web.UI.Test.csproj

Co-authored-by: Westin Musser <127992899+westin-m@users.noreply.github.com>

* Update src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs

Co-authored-by: Westin Musser <127992899+westin-m@users.noreply.github.com>

* Update src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs

Co-authored-by: Westin Musser <127992899+westin-m@users.noreply.github.com>

* NIT: removed extra lines

---------

Co-authored-by: Westin Musser <127992899+westin-m@users.noreply.github.com>

Author: saurabhsathe-ms

Microsoft.Identity.Web.sln

@@ -162,6 +162,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "OidcIdpSignedAssertionProvi
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Identity.Web.OidcFIC", "src\Microsoft.Identity.Web.OidcFIC\Microsoft.Identity.Web.OidcFIC.csproj", "{8DA7A2C6-00D4-4CF1-8145-448D7B7B4E5A}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Identity.Web.UI.Test", "tests\Microsoft.Identity.Web.UI.Test\Microsoft.Identity.Web.UI.Test.csproj", "{CF31F33A-E5F5-DB57-4FEF-81BDAFD497C8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -381,6 +383,10 @@ Global
 		{8DA7A2C6-00D4-4CF1-8145-448D7B7B4E5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8DA7A2C6-00D4-4CF1-8145-448D7B7B4E5A}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8DA7A2C6-00D4-4CF1-8145-448D7B7B4E5A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CF31F33A-E5F5-DB57-4FEF-81BDAFD497C8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CF31F33A-E5F5-DB57-4FEF-81BDAFD497C8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CF31F33A-E5F5-DB57-4FEF-81BDAFD497C8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CF31F33A-E5F5-DB57-4FEF-81BDAFD497C8}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -454,6 +460,7 @@ Global
 		{02EA681E-C7D8-13C7-8484-4AC65E1B71E8} = {7786D2DD-9EE4-42E1-B587-740A2E15C41D}
 		{E927D215-A96C-626C-9A1A-CF99876FE7B4} = {45B20A78-91F8-4DD2-B9AD-F12D3A93536C}
 		{8DA7A2C6-00D4-4CF1-8145-448D7B7B4E5A} = {1DDE1AAC-5AE6-4725-94B6-A26C58D3423F}
+		{CF31F33A-E5F5-DB57-4FEF-81BDAFD497C8} = {B4E72F1C-603F-437C-AAA1-153A604CD34A}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {104367F1-CE75-4F40-B32F-F14853973187}

src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs

@@ -39,11 +39,15 @@ public AccountController(IOptionsMonitor<MicrosoftIdentityOptions> microsoftIden
         /// </summary>
         /// <param name="scheme">Authentication scheme.</param>
         /// <param name="redirectUri">Redirect URI.</param>
+        /// <param name="loginHint">Login hint (user's email address).</param>
+        /// <param name="domainHint">Domain hint.</param>
         /// <returns>Challenge generating a redirect to Azure AD to sign in the user.</returns>
         [HttpGet("{scheme?}")]
         public IActionResult SignIn(
             [FromRoute] string scheme,
-            [FromQuery] string redirectUri)
+            [FromQuery] string redirectUri,
+            [FromQuery] string? loginHint = null,
+            [FromQuery] string? domainHint = null)
         {
             scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
             string redirect;
@@ -55,9 +59,18 @@ public IActionResult SignIn(
             {
                 redirect = Url.Content("~/")!;
             }
+            var authProps = new AuthenticationProperties { RedirectUri = redirect };
+            if (!string.IsNullOrEmpty(loginHint))
+            {
+                authProps.Parameters[Constants.LoginHint] = loginHint;
+            }
 
+            if (!string.IsNullOrEmpty(domainHint))
+            {
+                authProps.Parameters[Constants.DomainHint] = domainHint;
+            }
             return Challenge(
-                new AuthenticationProperties { RedirectUri = redirect },
+                authProps,
                 scheme);
         }
 

src/Microsoft.Identity.Web.UI/PublicAPI.Shipped.txt

@@ -4,7 +4,6 @@ Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.
 Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.Challenge(string! redirectUri, string! scope, string! loginHint, string! domainHint, string! claims, string! policy, string! scheme) -> Microsoft.AspNetCore.Mvc.IActionResult!
 Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.EditProfile(string! scheme) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Mvc.IActionResult!>!
 Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.ResetPassword(string! scheme) -> Microsoft.AspNetCore.Mvc.IActionResult!
-Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.SignIn(string! scheme, string! redirectUri) -> Microsoft.AspNetCore.Mvc.IActionResult!
 Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.SignOut(string! scheme) -> Microsoft.AspNetCore.Mvc.IActionResult!
 Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Pages.Account.AccessDeniedModel
 Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Pages.Account.AccessDeniedModel.AccessDeniedModel() -> void

src/Microsoft.Identity.Web.UI/PublicAPI.Unshipped.txt

@@ -0,0 +1 @@
+Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers.AccountController.SignIn(string! scheme, string! redirectUri, string? loginHint = null, string? domainHint = null) -> Microsoft.AspNetCore.Mvc.IActionResult!

tests/Microsoft.Identity.Web.UI.Test/Areas/MicrosoftIdentity/Controllers/AccountControllerTests.cs

@@ -0,0 +1,106 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Routing;
+using Microsoft.Extensions.Options;
+using Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers;
+using NSubstitute;
+using Xunit;
+
+namespace Microsoft.Identity.Web.UI.Test.Areas.MicrosoftIdentity.Controllers
+{
+    public class AccountControllerTests
+    {
+        private readonly IOptionsMonitor<MicrosoftIdentityOptions> _optionsMonitorMock;
+        private readonly AccountController _accountController;
+
+        public AccountControllerTests()
+        {
+            _optionsMonitorMock = Substitute.For<IOptionsMonitor<MicrosoftIdentityOptions>>();
+            _optionsMonitorMock.Get(Arg.Any<string>()).Returns(new MicrosoftIdentityOptions());
+            _accountController = new AccountController(_optionsMonitorMock);
+            var urlHelperMock = Substitute.For<IUrlHelper>();
+            urlHelperMock.IsLocalUrl(Arg.Any<string>()).Returns(true);
+            urlHelperMock.Content("~/").Returns("/");
+            _accountController.Url = urlHelperMock;
+            _accountController.ControllerContext = new ControllerContext
+            {
+                HttpContext = new DefaultHttpContext()
+            };
+        }
+
+        [Fact]
+        public void SignIn_WithLoginHintAndDomainHint_AddsToAuthProperties()
+        {
+            // Arrange
+            string scheme = OpenIdConnectDefaults.AuthenticationScheme;
+            string redirectUri = "https://localhost/redirect";
+            string loginHint = "user@example.com";
+            string domainHint = "contoso.com";
+
+            // Act
+            var result = _accountController.SignIn(scheme, redirectUri, loginHint, domainHint);
+
+            // Assert
+            var challengeResult = Assert.IsType<ChallengeResult>(result);
+            Assert.Single(challengeResult.AuthenticationSchemes);
+            Assert.Equal(scheme, challengeResult.AuthenticationSchemes[0]);
+
+            var authProps = challengeResult.Properties;
+            Assert.NotNull(authProps);
+            Assert.Equal(redirectUri, authProps.RedirectUri);
+            Assert.True(authProps.Parameters.ContainsKey(Constants.LoginHint));
+            Assert.Equal(loginHint, authProps.Parameters[Constants.LoginHint]);
+            Assert.True(authProps.Parameters.ContainsKey(Constants.DomainHint));
+            Assert.Equal(domainHint, authProps.Parameters[Constants.DomainHint]);
+        }
+
+        [Fact]
+        public void SignIn_WithoutLoginHintAndDomainHint_DoesNotAddToAuthProperties()
+        {
+            // Arrange
+            string scheme = OpenIdConnectDefaults.AuthenticationScheme;
+            string redirectUri = "https://localhost/redirect";
+
+            // Act
+            var result = _accountController.SignIn(scheme, redirectUri);
+
+            // Assert
+            var challengeResult = Assert.IsType<ChallengeResult>(result);
+            Assert.Single(challengeResult.AuthenticationSchemes);
+            Assert.Equal(scheme, challengeResult.AuthenticationSchemes[0]);
+
+            var authProps = challengeResult.Properties;
+            Assert.NotNull(authProps);
+            Assert.Equal(redirectUri, authProps.RedirectUri);
+            Assert.False(authProps.Parameters.ContainsKey(Constants.LoginHint));
+            Assert.False(authProps.Parameters.ContainsKey(Constants.DomainHint));
+        }
+
+        [Fact]
+        public void SignIn_WithInvalidRedirectUri_UsesDefaultRedirectUri()
+        {
+            // Arrange
+            string scheme = OpenIdConnectDefaults.AuthenticationScheme;
+            string redirectUri = "https://external-site.com";
+            string loginHint = "user@example.com";
+            string domainHint = "contoso.com";
+
+            var urlHelperMock = Substitute.For<IUrlHelper>();
+            urlHelperMock.IsLocalUrl(redirectUri).Returns(false);
+            urlHelperMock.Content("~/").Returns("/");
+            _accountController.Url = urlHelperMock;
+
+            var result = _accountController.SignIn(scheme, redirectUri, loginHint, domainHint);
+            var challengeResult = Assert.IsType<ChallengeResult>(result);
+            var authProps = challengeResult.Properties;
+            Assert.NotNull(authProps); // Ensure authProps is not null
+            Assert.Equal("/", authProps.RedirectUri);
+        }
+    }
+}

tests/Microsoft.Identity.Web.UI.Test/Microsoft.Identity.Web.UI.Test.csproj

@@ -0,0 +1,30 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>net6.0;net7.0;net8.0;net9.0</TargetFrameworks>
+    <IsPackable>false</IsPackable>
+    <LangVersion>latest</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
+    <PackageReference Include="NSubstitute" Version="5.3.0" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="6.0.0">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.Identity.Web.UI\Microsoft.Identity.Web.UI.csproj" />
+    <ProjectReference Include="..\Microsoft.Identity.Web.Test.Common\Microsoft.Identity.Web.Test.Common.csproj" />
+  </ItemGroup>
+
+</Project>