AzureAD · bgavrilMS · May 1, 2026 · Apr 23, 2026 · Apr 23, 2026 · Apr 23, 2026
@@ -85,16 +85,35 @@
     <FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
     <SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
     <AzureSecurityKeyVaultSecretsVersion>4.6.0</AzureSecurityKeyVaultSecretsVersion>
-    <AzureIdentityVersion>1.11.4</AzureIdentityVersion>
+    <AzureIdentityVersion>1.17.2</AzureIdentityVersion>
     <AzureSecurityKeyVaultCertificatesVersion>4.6.0</AzureSecurityKeyVaultCertificatesVersion>
     <MicrosoftGraphVersion>4.36.0</MicrosoftGraphVersion>
     <MicrosoftGraphBetaVersion>4.57.0-preview</MicrosoftGraphBetaVersion>
     <!--CVE-2024-43485-->
-    <SystemTextJsonVersion>8.0.5</SystemTextJsonVersion>
+    <SystemTextJsonVersion>8.0.6</SystemTextJsonVersion>
     <!--CVE-2023-29331-->
     <SystemFormatsAsn1Version>8.0.1</SystemFormatsAsn1Version>
     <BannedApiAnalyzersVersion>4.14.0</BannedApiAnalyzersVersion>
     <PublicApiAnalyzersVersion>4.14.0</PublicApiAnalyzersVersion>
+    <!-- Logging.Abstractions needs a separate version variable because Azure.Core 1.50.0
+         (via System.ClientModel 1.8.0) requires Logging.Abstractions >= 8.0.3, but the full
+         Microsoft.Extensions.Logging package has no 8.0.3 release (jumps from 8.0.1 to 9.0.0). -->
+    <MicrosoftExtensionsLoggingAbstractionsVersion>8.0.3</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Label="Microsoft.Extensions base versions">
+    <!-- Base M.E.* version for all TFMs; TFM-specific blocks override as needed.
+         On net8.0, most match the base with specific hotfix overrides.
+         On net9.0/net10.0, everything is overridden to match the runtime version. -->
+    <CommonMicrosoftExtensionsVersion>8.0.0</CommonMicrosoftExtensionsVersion>
+    <MicrosoftExtensionsCachingMemoryVersion>8.0.1</MicrosoftExtensionsCachingMemoryVersion>
+    <MicrosoftExtensionsConfigurationVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsConfigurationVersion>
+    <MicrosoftExtensionsConfigurationBinderVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsConfigurationBinderVersion>
+    <MicrosoftExtensionsConfigurationJsonVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsConfigurationJsonVersion>
+    <MicrosoftExtensionsDependencyInjectionVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsDependencyInjectionVersion>
+    <MicrosoftExtensionsHostingVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsHostingVersion>
+    <MicrosoftExtensionsHttpVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsHttpVersion>
+    <MicrosoftExtensionsLoggingVersion>$(CommonMicrosoftExtensionsVersion)</MicrosoftExtensionsLoggingVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net9.0'">
@@ -110,6 +129,7 @@
     <SystemSecurityCryptographyPkcsVersion>$(SystemSecurityCryptographyServicingVersion)</SystemSecurityCryptographyPkcsVersion>
     <SystemSecurityCryptographyXmlVersion>$(SystemSecurityCryptographyServicingVersion)</SystemSecurityCryptographyXmlVersion>
     <MicrosoftExtensionsLoggingVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsLoggingVersion>
+    <MicrosoftExtensionsLoggingAbstractionsVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsLoggingAbstractionsVersion>
     <MicrosoftExtensionsConfigurationBinderVersion>$(NetNineRuntimeVersion)</MicrosoftExtensionsConfigurationBinderVersion>
     <SystemFormatsAsn1Version>$(NetNineRuntimeVersion)</SystemFormatsAsn1Version>
     <SystemTextJsonVersion>$(NetNineRuntimeVersion)</SystemTextJsonVersion>
@@ -129,6 +149,7 @@
     <SystemSecurityCryptographyPkcsVersion>$(SystemSecurityCryptographyServicingVersion)</SystemSecurityCryptographyPkcsVersion>
     <SystemSecurityCryptographyXmlVersion>$(SystemSecurityCryptographyServicingVersion)</SystemSecurityCryptographyXmlVersion>
     <MicrosoftExtensionsLoggingVersion>$(NetTenRuntimeVersion)</MicrosoftExtensionsLoggingVersion>
+    <MicrosoftExtensionsLoggingAbstractionsVersion>$(NetTenRuntimeVersion)</MicrosoftExtensionsLoggingAbstractionsVersion>
     <MicrosoftExtensionsConfigurationBinderVersion>$(NetTenRuntimeVersion)</MicrosoftExtensionsConfigurationBinderVersion>
     <SystemFormatsAsn1Version>$(NetTenRuntimeVersion)</SystemFormatsAsn1Version>
     <SystemTextJsonVersion>$(NetTenRuntimeVersion)</SystemTextJsonVersion>
@@ -139,50 +160,26 @@
     <MicrosoftAspNetCoreAuthenticationJwtBearerVersion>8.0.0</MicrosoftAspNetCoreAuthenticationJwtBearerVersion>
     <MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>8.0.0</MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>
     <MicrosoftExtensionsCachingMemoryVersion>8.0.1</MicrosoftExtensionsCachingMemoryVersion>
-    <MicrosoftExtensionsHostingVersion>8.0.0</MicrosoftExtensionsHostingVersion>
     <MicrosoftAspNetCoreDataProtectionVersion>8.0.1</MicrosoftAspNetCoreDataProtectionVersion>
     <SystemSecurityCryptographyPkcsVersion>8.0.1</SystemSecurityCryptographyPkcsVersion>
     <SystemSecurityCryptographyXmlVersion>8.0.3</SystemSecurityCryptographyXmlVersion>
-    <MicrosoftExtensionsLoggingVersion>8.0.0</MicrosoftExtensionsLoggingVersion>
     <SystemTextEncodingsWebVersion>8.0.0</SystemTextEncodingsWebVersion>
-    <MicrosoftExtensionsConfigurationBinderVersion>8.0.0</MicrosoftExtensionsConfigurationBinderVersion>
-    <MicrosoftExtensionsDependencyInjectionVersion>8.0.0</MicrosoftExtensionsDependencyInjectionVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net462'">
     <MicrosoftAspNetCoreAuthenticationJwtBearerVersion>6.0.0-*</MicrosoftAspNetCoreAuthenticationJwtBearerVersion>
     <MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>6.0.0-*</MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>
-    <MicrosoftExtensionsCachingMemoryVersion>6.0.2</MicrosoftExtensionsCachingMemoryVersion>
-    <!-- Microsoft.Extensions.* 5.* are obsoleted -->
-    <MicrosoftExtensionsHostingVersion>6.0.0</MicrosoftExtensionsHostingVersion>
-    <MicrosoftExtensionsHttpVersion>3.1.3</MicrosoftExtensionsHttpVersion>
     <MicrosoftAspNetCoreDataProtectionVersion>6.0.0</MicrosoftAspNetCoreDataProtectionVersion>
     <SystemSecurityCryptographyPkcsVersion>7.0.2</SystemSecurityCryptographyPkcsVersion>
     <SystemSecurityCryptographyXmlVersion>6.0.1</SystemSecurityCryptographyXmlVersion>
-
-    <!-- CVE-2022-34716 due to DataProtection 5.0.8 -->
     <SystemTextEncodingsWebVersion>6.0.0</SystemTextEncodingsWebVersion>
-
-    <!-- 6.0.0 as 5.x are deprecated -->
-    <MicrosoftExtensionsLoggingVersion>6.0.0</MicrosoftExtensionsLoggingVersion>
-
-    <!-- Microsoft.Extensions.Configuration.Binder 6.* are obsoleted -->
-    <MicrosoftExtensionsConfigurationBinderVersion>6.0.0</MicrosoftExtensionsConfigurationBinderVersion>
-    <MicrosoftExtensionsDependencyInjectionVersion>2.1.0</MicrosoftExtensionsDependencyInjectionVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'netstandard2.0' Or '$(TargetFramework)' == 'net472'">
     <MicrosoftAspNetCoreDataProtectionVersion>2.1.0</MicrosoftAspNetCoreDataProtectionVersion>
     <!-- CVE-2022-34716 due to DataProtection 2.1.0 -->
     <SystemSecurityCryptographyPkcsVersion>7.0.2</SystemSecurityCryptographyPkcsVersion>
     <SystemSecurityCryptographyXmlVersion>4.7.1</SystemSecurityCryptographyXmlVersion>
-    <MicrosoftExtensionsLoggingVersion>4.7.1</MicrosoftExtensionsLoggingVersion>
-    <MicrosoftExtensionsCachingMemoryVersion>2.1.0</MicrosoftExtensionsCachingMemoryVersion>
-    <MicrosoftExtensionsHostingVersion>2.1.1</MicrosoftExtensionsHostingVersion>
-    <MicrosoftExtensionsHttpVersion>3.1.3</MicrosoftExtensionsHttpVersion>
-    <MicrosoftExtensionsLoggingVersion>2.1.0</MicrosoftExtensionsLoggingVersion>
-    <MicrosoftExtensionsDependencyInjectionVersion>2.1.0</MicrosoftExtensionsDependencyInjectionVersion>
-    <MicrosoftExtensionsConfigurationBinderVersion>2.1.0</MicrosoftExtensionsConfigurationBinderVersion>
   </PropertyGroup>
 
   <ItemGroup>

@@ -66,7 +66,6 @@ public async Task LoadIfNeededAsync(CredentialDescription credentialDescription,
                     ExcludeAzureDeveloperCliCredential = true,
                     ExcludeAzurePowerShellCredential = true,
                     ExcludeInteractiveBrowserCredential = true,
-                    ExcludeSharedTokenCacheCredential = true,
                     ExcludeVisualStudioCodeCredential = true,
                     ExcludeVisualStudioCredential = true
                 };

@@ -18,7 +18,7 @@
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="$(AzureSecurityKeyVaultSecretsVersion)" />
     <PackageReference Include="Azure.Identity" Version="$(AzureIdentityVersion)" />
     <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="$(AzureSecurityKeyVaultCertificatesVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsVersion)" />
     <PackageReference Include="Microsoft.Identity.Abstractions" Version="$(MicrosoftIdentityAbstractionsVersion)" />
   </ItemGroup>
 

@@ -138,6 +138,11 @@ private void Log(
           string message,
           bool containsPii)
         {
+            if (_logger == null)
+            {
+                return;
+            }
+
             switch (level)
             {
                 case Client.LogLevel.Always:

@@ -19,7 +19,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens " Version="$(MicrosoftIdentityModelVersion)" />
     <PackageReference Include="Microsoft.Identity.Client" Version="$(MicrosoftIdentityClientVersion)" />
   </ItemGroup>

@@ -604,7 +604,7 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
                 // Otherwise use the default HttpClientFactory with optional named client.
                 HttpClient client = requestResult?.BindingCertificate != null && _msalHttpClientFactory is IMsalMtlsHttpClientFactory msalMtlsHttpClientFactory
                     ? msalMtlsHttpClientFactory.GetHttpClient(requestResult.BindingCertificate)
-                    : (string.IsNullOrEmpty(serviceName) ? _httpClientFactory.CreateClient() : _httpClientFactory.CreateClient(serviceName));
+                    : (string.IsNullOrEmpty(serviceName) ? _httpClientFactory.CreateClient() : _httpClientFactory.CreateClient(serviceName!));
 
                 // Send the HTTP message
                 downstreamApiResult = await client.SendAsync(httpRequestMessage, cancellationToken).ConfigureAwait(false);

@@ -62,10 +62,10 @@ public static IAppBuilder AddMicrosoftIdentityWebApi(
                     configuration?.GetSection(configurationSection).Bind(option);
                 }));
 
-            string instance = configuration.GetValue<string>($"{configurationSection}:Instance");
-            string tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
-            string clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
-            string audience = configuration.GetValue<string>($"{configurationSection}:Audience");
+            string? instance = configuration.GetValue<string>($"{configurationSection}:Instance");
+            string? tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
+            string? clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
+            string? audience = configuration.GetValue<string>($"{configurationSection}:Audience");
             string authority = instance + tenantId + "/v2.0";
             TokenValidationParameters tokenValidationParameters = new()
             {
@@ -121,10 +121,10 @@ public static IAppBuilder AddMicrosoftIdentityWebApp(
                     configuration?.GetSection(configurationSection).Bind(option);
                 }));
 
-            string instance = configuration.GetValue<string>($"{configurationSection}:Instance");
-            string tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
-            string clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
-            string postLogoutRedirectUri = configuration.GetValue<string>($"{configurationSection}:SignedOutCallbackPath");
+            string? instance = configuration.GetValue<string>($"{configurationSection}:Instance");
+            string? tenantId = configuration.GetValue<string>($"{configurationSection}:TenantId");
+            string? clientId = configuration.GetValue<string>($"{configurationSection}:ClientId");
+            string? postLogoutRedirectUri = configuration.GetValue<string>($"{configurationSection}:SignedOutCallbackPath");
             string authority = instance + tenantId + "/v2.0";
 
             OpenIdConnectAuthenticationOptions options = new()

@@ -23,8 +23,8 @@
     </None>
   </ItemGroup>
   <ItemGroup>
-   <PackageReference Include="Microsoft.Extensions.Configuration" Version="3.1.24" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.24" />
+   <PackageReference Include="Microsoft.Extensions.Configuration" Version="$(MicrosoftExtensionsConfigurationVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="$(MicrosoftExtensionsConfigurationJsonVersion)" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="$(MicrosoftExtensionsHttpVersion)" />
     <PackageReference Include="Microsoft.Graph" Version="$(MicrosoftGraphVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Logging" Version="$(MicrosoftIdentityModelVersion)" />
@@ -48,5 +48,5 @@
     <AdditionalFiles Include="PublicAPI\PublicAPI.Shipped.txt" />
     <AdditionalFiles Include="PublicAPI\PublicAPI.Unshipped.txt" />
   </ItemGroup>
-  
+
 </Project>
@@ -25,15 +25,15 @@ public class OwinTokenAcquirerFactory : TokenAcquirerFactory
         /// <returns></returns>
         protected override string DefineConfiguration(IConfigurationBuilder builder)
         {
-            _ = builder.AddInMemoryCollection(new Dictionary<string, string>()
+            _ = builder.AddInMemoryCollection(new Dictionary<string, string?>()
             {
-                ["AzureAd:Instance"] = EnsureTrailingSlash(ConfigurationManager.AppSettings["ida:Instance"] ?? ConfigurationManager.AppSettings["ida:AADInstance"] ?? "https://login.microsoftonline.com/"),
-                ["AzureAd:ClientId"] = ConfigurationManager.AppSettings["ida:ClientId"],
-                ["AzureAd:TenantId"] = ConfigurationManager.AppSettings["ida:Tenant"] ?? ConfigurationManager.AppSettings["ida:TenantId"],
-                ["AzureAd:Audience"] = ConfigurationManager.AppSettings["ida:Audience"],
-                ["AzureAd:ClientSecret"] = ConfigurationManager.AppSettings["ida:ClientSecret"],
-                ["AzureAd:SignedOutCallbackPath"] = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"],
-                ["AzureAd:RedirectUri"] = ConfigurationManager.AppSettings["ida:RedirectUri"],
+                ["AzureAd:Instance"] = EnsureTrailingSlash(System.Configuration.ConfigurationManager.AppSettings["ida:Instance"] ?? System.Configuration.ConfigurationManager.AppSettings["ida:AADInstance"] ?? "https://login.microsoftonline.com/"),
+                ["AzureAd:ClientId"] = System.Configuration.ConfigurationManager.AppSettings["ida:ClientId"],
+                ["AzureAd:TenantId"] = System.Configuration.ConfigurationManager.AppSettings["ida:Tenant"] ?? System.Configuration.ConfigurationManager.AppSettings["ida:TenantId"],
+                ["AzureAd:Audience"] = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"],
+                ["AzureAd:ClientSecret"] = System.Configuration.ConfigurationManager.AppSettings["ida:ClientSecret"],
+                ["AzureAd:SignedOutCallbackPath"] = System.Configuration.ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"],
+                ["AzureAd:RedirectUri"] = System.Configuration.ConfigurationManager.AppSettings["ida:RedirectUri"],
             });
 
             return HostingEnvironment.MapPath("~/");

@@ -25,7 +25,7 @@
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework' Or '$(TargetFramework)' == 'netstandard2.0'">
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationBinderVersion)" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="$(MicrosoftExtensionsHttpVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="$(MicrosoftExtensionsConfigurationJsonVersion)" />
   </ItemGroup>
 
   <ItemGroup>

@@ -16,11 +16,7 @@ public ConfidentialClientApplicationOptionsMerger(IMergedOptionsStore mergedOpti
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
             string? name,
-#else
-            string name,
-#endif
             ConfidentialClientApplicationOptions options)
         {
             MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(options, _mergedOptionsMonitor.Get(name ?? string.Empty));

@@ -21,11 +21,7 @@ public MicrosoftIdentityApplicationOptionsMerger(IMergedOptionsStore mergedOptio
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
             string? name,
-#else
-            string name,
-#endif            
             MicrosoftIdentityApplicationOptions options)
         {
             MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityApplicationOptions(options, _mergedOptionsMonitor.Get(name ?? string.Empty));

@@ -20,11 +20,7 @@ public MicrosoftIdentityOptionsMerger(IMergedOptionsStore mergedOptions)
         private readonly IMergedOptionsStore _mergedOptionsMonitor;
 
         public void PostConfigure(
-#if NET7_0_OR_GREATER
             string? name,
-#else
-            string name,
-#endif
             MicrosoftIdentityOptions options)
         {
             MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(options, _mergedOptionsMonitor.Get(name ?? string.Empty));