From dca5f8f6b538b684e97c412175732f3407cfb2a4 Mon Sep 17 00:00:00 2001
From: Cheena Malhotra <v-chmalh@microsoft.com>
Date: Wed, 23 Sep 2020 02:15:58 -0700
Subject: [PATCH] Add support for user-defined ApplicationClientId

---
 ...tionClientIdAzureAuthenticationProvider.cs | 26 +++++++++++++++
 .../ActiveDirectoryAuthenticationProvider.xml | 23 +++++++++++--
 .../netcore/ref/Microsoft.Data.SqlClient.cs   |  4 ++-
 ...uthenticationProviderManager.NetCoreApp.cs | 30 +++++++++++++++--
 ...thenticationProviderManager.NetStandard.cs |  2 +-
 .../SqlAuthenticationProviderManager.cs       |  1 +
 .../src/Microsoft/Data/SqlClient/SqlUtil.cs   |  5 +++
 .../netcore/src/Resources/Strings.Designer.cs |  9 +++++
 .../netcore/src/Resources/Strings.resx        |  5 ++-
 .../netfx/ref/Microsoft.Data.SqlClient.cs     |  4 ++-
 .../SqlAuthenticationProviderManager.cs       | 33 ++++++++++++++++---
 .../src/Microsoft/Data/SqlClient/SqlUtil.cs   |  9 +++--
 .../netfx/src/Resources/Strings.Designer.cs   |  9 +++++
 .../netfx/src/Resources/Strings.resx          |  5 ++-
 .../ActiveDirectoryAuthenticationProvider.cs  | 16 ++++++---
 15 files changed, 161 insertions(+), 20 deletions(-)
 create mode 100644 doc/samples/ApplicationClientIdAzureAuthenticationProvider.cs

diff --git a/doc/samples/ApplicationClientIdAzureAuthenticationProvider.cs b/doc/samples/ApplicationClientIdAzureAuthenticationProvider.cs
new file mode 100644
index 0000000000..f206a1c29e
--- /dev/null
+++ b/doc/samples/ApplicationClientIdAzureAuthenticationProvider.cs
@@ -0,0 +1,26 @@
+//<Snippet1>
+using System;
+using Microsoft.Data.SqlClient;
+
+namespace CustomAuthenticationProviderExamples
+{
+    public class Program
+    {
+        public static void Main()
+        {
+            // Supported for all authentication modes supported by ActiveDirectoryAuthenticationProvider
+            ActiveDirectoryAuthenticationProvider provider = new ActiveDirectoryAuthenticationProvider("<application_client_id>");
+            if (provider.IsSupported(SqlAuthenticationMethod.ActiveDirectoryInteractive))
+            {
+                SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, provider);
+            }
+            
+            using (SqlConnection sqlConnection = new SqlConnection("Server=<myserver>.database.windows.net;Authentication=Active Directory Interactive;Database=<db>;"))
+            {
+                sqlConnection.Open();
+                Console.WriteLine("Connected successfully!");
+            }
+        }
+    }
+}
+//</Snippet1>
diff --git a/doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml b/doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml
index 49a2e5616a..e136306055 100644
--- a/doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml
+++ b/doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml
@@ -11,11 +11,30 @@
       </summary>
     </ctor>
     <ctor2>
-      <param name="deviceCodeFlowCallbackMethod">The callback method to be used when performing 'Active Directory Device Code Flow' authentication.</param>
+      <param name="applicationClientId">Client Application Id to be used for acquiring access token for federated authentication. The driver uses it's own application client id by default.</param>
       <summary>
-        Initializes the <see cref="T:Microsoft.Data.SqlClient.ActiveDirectoryAuthenticationProvider" /> class with the provided device code flow callback method.
+        Initializes the <see cref="T:Microsoft.Data.SqlClient.ActiveDirectoryAuthenticationProvider" /> class with the provided application client id.
       </summary>
+      <remarks>
+        <format type="text/markdown">
+          <![CDATA[  
+
+## Examples  
+ The following example demonstrates providing user-defined application client id to SqlClient for performing "Active Directory Interactive" authentication method:
+ 
+ [!code-csharp[ActiveDirectory_ApplicationClientId Example#1](~/../sqlclient/doc/samples/ApplicationClientIdAzureAuthenticationProvider.cs#1)]
+  
+ ]]>
+        </format>
+      </remarks>
     </ctor2>
+    <ctor3>
+      <param name="deviceCodeFlowCallbackMethod">The callback method to be used when performing 'Active Directory Device Code Flow' authentication.</param>
+      <param name="applicationClientId">(Optional) Client Application Id to be used for acquiring access token for federated authentication. The driver uses it's own application client id by default.</param>
+      <summary>
+        Initializes the <see cref="T:Microsoft.Data.SqlClient.ActiveDirectoryAuthenticationProvider" /> class with the provided device code flow callback method and application client id.
+      </summary>
+    </ctor3>
     <AcquireTokenAsync>
       <param name="parameters">The Active Directory authentication parameters passed to authentication providers.</param>
       <summary>Acquires a security token from the authority.</summary>
diff --git a/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs b/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
index 3a75ca8d09..f08e1835ed 100644
--- a/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
@@ -36,7 +36,9 @@ public sealed partial class ActiveDirectoryAuthenticationProvider : SqlAuthentic
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor/*'/>
         public ActiveDirectoryAuthenticationProvider() { }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor2/*'/>
-        public ActiveDirectoryAuthenticationProvider(System.Func<Microsoft.Identity.Client.DeviceCodeResult, System.Threading.Tasks.Task> deviceCodeFlowCallbackMethod) { }
+        public ActiveDirectoryAuthenticationProvider(string applicationClientId) { }
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor3/*'/>
+        public ActiveDirectoryAuthenticationProvider(System.Func<Microsoft.Identity.Client.DeviceCodeResult, System.Threading.Tasks.Task> deviceCodeFlowCallbackMethod, string applicationClientId = null) { }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/AcquireTokenAsync/*'/>
         public override System.Threading.Tasks.Task<SqlAuthenticationToken> AcquireTokenAsync(SqlAuthenticationParameters parameters) { throw null; }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/SetDeviceCodeFlowCallback/*'/>
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetCoreApp.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetCoreApp.cs
index bf7c1632d1..684f9210be 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetCoreApp.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetCoreApp.cs
@@ -15,7 +15,6 @@ internal partial class SqlAuthenticationProviderManager
 
         static SqlAuthenticationProviderManager()
         {
-            var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider();
             SqlAuthenticationProviderConfigurationSection configurationSection = null;
 
             try
@@ -35,6 +34,7 @@ static SqlAuthenticationProviderManager()
             }
 
             Instance = new SqlAuthenticationProviderManager(configurationSection);
+            var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider(Instance._applicationClientId);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryIntegrated, activeDirectoryAuthProvider);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryPassword, activeDirectoryAuthProvider);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, activeDirectoryAuthProvider);
@@ -59,6 +59,24 @@ public SqlAuthenticationProviderManager(SqlAuthenticationProviderConfigurationSe
                 return;
             }
 
+            if (!string.IsNullOrEmpty(configSection.ApplicationClientId))
+            {
+                try
+                {
+                    _applicationClientId = configSection.ApplicationClientId;
+                }
+                catch (Exception e)
+                {
+                    throw SQL.CannotFetchApplicationClientId(configSection.ApplicationClientId, e);
+                }
+
+                _sqlAuthLogger.LogInfo(_typeName, methodName, "Received user-defined Application Client Id");
+            }
+            else
+            {
+                _sqlAuthLogger.LogInfo(_typeName, methodName, "No user-defined Application Client Id found.");
+            }
+
             // Create user-defined auth initializer, if any.
             if (!string.IsNullOrEmpty(configSection.InitializerType))
             {
@@ -159,13 +177,19 @@ internal class SqlAuthenticationProviderConfigurationSection : ConfigurationSect
             /// User-defined auth providers.
             /// </summary>
             [ConfigurationProperty("providers")]
-            public ProviderSettingsCollection Providers => (ProviderSettingsCollection)base["providers"];
+            public ProviderSettingsCollection Providers => (ProviderSettingsCollection)this["providers"];
 
             /// <summary>
             /// User-defined initializer.
             /// </summary>
             [ConfigurationProperty("initializerType")]
-            public string InitializerType => base["initializerType"] as string;
+            public string InitializerType => this["initializerType"] as string;
+
+            /// <summary>
+            /// Application Client Id
+            /// </summary>
+            [ConfigurationProperty("applicationClientId", IsRequired = false)]
+            public string ApplicationClientId => this["applicationClientId"] as string;
         }
 
         /// <summary>
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetStandard.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetStandard.cs
index e3d5fd5e11..d283f58400 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetStandard.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.NetStandard.cs
@@ -8,8 +8,8 @@ internal partial class SqlAuthenticationProviderManager
     {
         static SqlAuthenticationProviderManager()
         {
-            var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider();
             Instance = new SqlAuthenticationProviderManager();
+            var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider(Instance._applicationClientId);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryPassword, activeDirectoryAuthProvider);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryIntegrated, activeDirectoryAuthProvider);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, activeDirectoryAuthProvider);
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
index 8d85802486..512f3d4b04 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
@@ -24,6 +24,7 @@ internal partial class SqlAuthenticationProviderManager
         private readonly IReadOnlyCollection<SqlAuthenticationMethod> _authenticationsWithAppSpecifiedProvider;
         private readonly ConcurrentDictionary<SqlAuthenticationMethod, SqlAuthenticationProvider> _providers;
         private readonly SqlClientLogger _sqlAuthLogger = new SqlClientLogger();
+        private readonly string _applicationClientId = ActiveDirectoryAuthentication.AdoClientId;
 
         public static readonly SqlAuthenticationProviderManager Instance;
 
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs
index ebfe96b769..611fd5a3a5 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlUtil.cs
@@ -432,6 +432,11 @@ internal static Exception CannotCreateSqlAuthInitializer(string type, Exception
         {
             return ADP.Argument(System.StringsHelper.GetString(Strings.SQL_CannotCreateAuthInitializer, type), e);
         }
+        
+        static internal Exception CannotFetchApplicationClientId(string type, Exception e)
+        {
+            return ADP.Argument(StringsHelper.GetString(Strings.SQL_CannotFetchApplicationClientId, type), e);
+        }
 
         internal static Exception CannotInitializeAuthProvider(string type, Exception e)
         {
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.Designer.cs b/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.Designer.cs
index 438423fa71..d3a6f1ea52 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.Designer.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.Designer.cs
@@ -2373,6 +2373,15 @@ internal class Strings {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Failed to fetch application client id with type &apos;{0}&apos;..
+        /// </summary>
+        internal static string SQL_CannotFetchApplicationClientId {
+            get {
+                return ResourceManager.GetString("SQL_CannotFetchApplicationClientId", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Cannot find an authentication provider for &apos;{0}&apos;..
         /// </summary>
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.resx b/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.resx
index b94391deac..34c22d3029 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.resx
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Resources/Strings.resx
@@ -1905,4 +1905,7 @@
   <data name="SQL_SettingDeviceFlowWithCredential" xml:space="preserve">
     <value>Cannot use 'Authentication=Active Directory Device Code Flow', if the Credential property has been set.</value>
   </data>
-</root>
+  <data name="SQL_CannotFetchApplicationClientId" xml:space="preserve">
+    <value>Failed to fetch application client id with type '{0}'.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs b/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
index 6f29fe813c..8fb8e1fed5 100644
--- a/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
@@ -41,7 +41,9 @@ public sealed class ActiveDirectoryAuthenticationProvider : SqlAuthenticationPro
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor/*'/>
         public ActiveDirectoryAuthenticationProvider() { }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor2/*'/>
-        public ActiveDirectoryAuthenticationProvider(System.Func<Microsoft.Identity.Client.DeviceCodeResult, System.Threading.Tasks.Task> deviceCodeFlowCallbackMethod) { }
+        public ActiveDirectoryAuthenticationProvider(string applicationClientId) { }
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor3/*'/>
+        public ActiveDirectoryAuthenticationProvider(System.Func<Microsoft.Identity.Client.DeviceCodeResult, System.Threading.Tasks.Task> deviceCodeFlowCallbackMethod, string applicationClientId = null) { }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/AcquireTokenAsync/*'/>
         public override System.Threading.Tasks.Task<SqlAuthenticationToken> AcquireTokenAsync(SqlAuthenticationParameters parameters) { throw null; }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/SetDeviceCodeFlowCallback/*'/>
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
index 06bdc0bb6b..c0d9ac7d0d 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
@@ -23,7 +23,6 @@ internal class SqlAuthenticationProviderManager
 
         static SqlAuthenticationProviderManager()
         {
-            var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider();
             SqlAuthenticationProviderConfigurationSection configurationSection = null;
             try
             {
@@ -41,6 +40,8 @@ static SqlAuthenticationProviderManager()
                 SqlClientEventSource.Log.TryTraceEvent("Unable to load custom SqlAuthenticationProviders or SqlClientAuthenticationProviders. ConfigurationManager failed to load due to configuration errors: {0}", e);
             }
             Instance = new SqlAuthenticationProviderManager(configurationSection);
+
+            var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider(Instance._applicationClientId);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryIntegrated, activeDirectoryAuthProvider);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryPassword, activeDirectoryAuthProvider);
             Instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, activeDirectoryAuthProvider);
@@ -54,6 +55,7 @@ static SqlAuthenticationProviderManager()
         private readonly IReadOnlyCollection<SqlAuthenticationMethod> _authenticationsWithAppSpecifiedProvider;
         private readonly ConcurrentDictionary<SqlAuthenticationMethod, SqlAuthenticationProvider> _providers;
         private readonly SqlClientLogger _sqlAuthLogger = new SqlClientLogger();
+        private readonly string _applicationClientId = ActiveDirectoryAuthentication.AdoClientId;
 
         /// <summary>
         /// Constructor.
@@ -72,8 +74,25 @@ public SqlAuthenticationProviderManager(SqlAuthenticationProviderConfigurationSe
                 return;
             }
 
+            if (!string.IsNullOrEmpty(configSection.ApplicationClientId))
+            {
+                try
+                {
+                    _applicationClientId = configSection.ApplicationClientId;
+                }
+                catch (Exception e)
+                {
+                    throw SQL.CannotFetchApplicationClientId(configSection.ApplicationClientId, e);
+                }
+
+                _sqlAuthLogger.LogInfo(_typeName, methodName, "Received user-defined Application Client Id");
+            }
+            else
+            {
+                _sqlAuthLogger.LogInfo(_typeName, methodName, "No user-defined Application Client Id found.");
+            }
+
             // Create user-defined auth initializer, if any.
-            //
             if (!string.IsNullOrEmpty(configSection.InitializerType))
             {
                 try
@@ -226,13 +245,19 @@ internal class SqlAuthenticationProviderConfigurationSection : ConfigurationSect
         /// User-defined auth providers.
         /// </summary>
         [ConfigurationProperty("providers")]
-        public ProviderSettingsCollection Providers => (ProviderSettingsCollection)base["providers"];
+        public ProviderSettingsCollection Providers => (ProviderSettingsCollection)this["providers"];
 
         /// <summary>
         /// User-defined initializer.
         /// </summary>
         [ConfigurationProperty("initializerType")]
-        public string InitializerType => base["initializerType"] as string;
+        public string InitializerType => this["initializerType"] as string;
+
+        /// <summary>
+        /// Application Client Id
+        /// </summary>
+        [ConfigurationProperty("applicationClientId", IsRequired = false)]
+        public string ApplicationClientId => this["applicationClientId"] as string;
     }
 
     /// <summary>
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs
index 6318a1491f..ac29ff4f95 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlUtil.cs
@@ -462,6 +462,11 @@ static internal Exception CannotCreateSqlAuthInitializer(string type, Exception
             return ADP.Argument(StringsHelper.GetString(Strings.SQL_CannotCreateAuthInitializer, type), e);
         }
 
+        static internal Exception CannotFetchApplicationClientId(string type, Exception e)
+        {
+            return ADP.Argument(StringsHelper.GetString(Strings.SQL_CannotFetchApplicationClientId, type), e);
+        }
+
         static internal Exception CannotInitializeAuthProvider(string type, Exception e)
         {
             return ADP.InvalidOperation(StringsHelper.GetString(Strings.SQL_CannotInitializeAuthProvider, type), e);
@@ -772,7 +777,7 @@ static internal Exception UDTUnexpectedResult(string exceptionText)
         static internal Exception CannotCompleteDelegatedTransactionWithOpenResults(SqlInternalConnectionTds internalConnection, bool marsOn)
         {
             SqlErrorCollection errors = new SqlErrorCollection();
-            errors.Add(new SqlError(TdsEnums.TIMEOUT_EXPIRED, (byte)0x00, TdsEnums.MIN_ERROR_CLASS, null, (StringsHelper.GetString(Strings.ADP_OpenReaderExists, marsOn? ADP.Command : ADP.Connection)), "", 0, TdsEnums.SNI_WAIT_TIMEOUT));
+            errors.Add(new SqlError(TdsEnums.TIMEOUT_EXPIRED, (byte)0x00, TdsEnums.MIN_ERROR_CLASS, null, (StringsHelper.GetString(Strings.ADP_OpenReaderExists, marsOn ? ADP.Command : ADP.Connection)), "", 0, TdsEnums.SNI_WAIT_TIMEOUT));
             return SqlException.CreateException(errors, null, internalConnection);
         }
         static internal SysTx.TransactionPromotionException PromotionFailed(Exception inner)
@@ -858,7 +863,7 @@ static internal Exception UDTInvalidSqlType(string typeName)
         {
             return ADP.Argument(StringsHelper.GetString(Strings.SQLUDT_InvalidSqlType, typeName));
         }
-        
+
         static internal Exception UDTInvalidSize(int maxSize, int maxSupportedSize)
         {
             throw ADP.ArgumentOutOfRange(StringsHelper.GetString(Strings.SQLUDT_InvalidSize, maxSize, maxSupportedSize));
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.Designer.cs b/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.Designer.cs
index 0501c22c3e..2471648af3 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.Designer.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.Designer.cs
@@ -9090,6 +9090,15 @@ internal class Strings {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Failed to fetch application client id with type &apos;{0}&apos;..
+        /// </summary>
+        internal static string SQL_CannotFetchApplicationClientId {
+            get {
+                return ResourceManager.GetString("SQL_CannotFetchApplicationClientId", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Cannot find an authentication provider for &apos;{0}&apos;..
         /// </summary>
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.resx b/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.resx
index c74e4526ef..127d0fff82 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.resx
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Resources/Strings.resx
@@ -4575,4 +4575,7 @@
   <data name="SQL_SettingDeviceFlowWithCredential" xml:space="preserve">
     <value>Cannot use 'Authentication=Active Directory Device Code Flow', if the Credential property has been set.</value>
   </data>
-</root>
+  <data name="SQL_CannotFetchApplicationClientId" xml:space="preserve">
+    <value>Failed to fetch application client id with type '{0}'.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs
index fe3317f17b..fd3ddfe932 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs
@@ -20,13 +20,21 @@ public sealed class ActiveDirectoryAuthenticationProvider : SqlAuthenticationPro
         private readonly SqlClientLogger _logger = new SqlClientLogger();
         private Func<DeviceCodeResult, Task> _deviceCodeFlowCallback;
         private ICustomWebUi _customWebUI = null;
+        private readonly string _applicationClientId = ActiveDirectoryAuthentication.AdoClientId;
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor/*'/>
         public ActiveDirectoryAuthenticationProvider() => new ActiveDirectoryAuthenticationProvider(DefaultDeviceFlowCallback);
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor2/*'/>
-        public ActiveDirectoryAuthenticationProvider(Func<DeviceCodeResult, Task> deviceCodeFlowCallbackMethod)
+        public ActiveDirectoryAuthenticationProvider(string applicationClientId) => new ActiveDirectoryAuthenticationProvider(DefaultDeviceFlowCallback, applicationClientId);
+
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/ActiveDirectoryAuthenticationProvider.xml' path='docs/members[@name="ActiveDirectoryAuthenticationProvider"]/ctor3/*'/>
+        public ActiveDirectoryAuthenticationProvider(Func<DeviceCodeResult, Task> deviceCodeFlowCallbackMethod, string applicationClientId = null)
         {
+            if (applicationClientId != null)
+            {
+                _applicationClientId = applicationClientId;
+            }
             SetDeviceCodeFlowCallback(deviceCodeFlowCallbackMethod);
         }
 
@@ -112,7 +120,7 @@ public override void BeforeUnload(SqlAuthenticationMethod authentication)
 #if netstandard
             if (parentActivityOrWindowFunc != null)
             {
-                app = PublicClientApplicationBuilder.Create(ActiveDirectoryAuthentication.AdoClientId)
+                app = PublicClientApplicationBuilder.Create(_applicationClientId)
                 .WithAuthority(parameters.Authority)
                 .WithClientName(Common.DbConnectionStringDefaults.ApplicationName)
                 .WithClientVersion(Common.ADP.GetAssemblyVersion().ToString())
@@ -124,7 +132,7 @@ public override void BeforeUnload(SqlAuthenticationMethod authentication)
 #if netfx
             if (_iWin32WindowFunc != null)
             {
-                app = PublicClientApplicationBuilder.Create(ActiveDirectoryAuthentication.AdoClientId)
+                app = PublicClientApplicationBuilder.Create(_applicationClientId)
                 .WithAuthority(parameters.Authority)
                 .WithClientName(Common.DbConnectionStringDefaults.ApplicationName)
                 .WithClientVersion(Common.ADP.GetAssemblyVersion().ToString())
@@ -137,7 +145,7 @@ public override void BeforeUnload(SqlAuthenticationMethod authentication)
             else
 #endif
             {
-                app = PublicClientApplicationBuilder.Create(ActiveDirectoryAuthentication.AdoClientId)
+                app = PublicClientApplicationBuilder.Create(_applicationClientId)
                 .WithAuthority(parameters.Authority)
                 .WithClientName(Common.DbConnectionStringDefaults.ApplicationName)
                 .WithClientVersion(Common.ADP.GetAssemblyVersion().ToString())