msauth: always set the parent window for MSAL

mjcheetham · mjcheetham · commit 134e622aefa7 · 2023-04-07T13:48:54.000-07:00
Always set the parent window handle for MSAL on Windows. Previously we only set this if provided a handle by the user/config. Now however we must always try and provide a handle because using the new MSALRuntime-based Windows broker means we must do so - MSAL no longer provides us with a 'dummy' handle to use. Use the parent console window handle, as recommended by the MSAL docs: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/wam#parent-window-handles
diff --git a/src/shared/Core/Authentication/MicrosoftAuthentication.cs b/src/shared/Core/Authentication/MicrosoftAuthentication.cs
@@ -3,6 +3,7 @@
 using System.IO;
 using System.Net.Http;
 using System.Threading.Tasks;
+using GitCredentialManager.Interop.Windows.Native;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.Extensions.Msal;
 
@@ -223,12 +224,25 @@ private async Task<IPublicClientApplication> CreatePublicClientApplicationAsync(
                 appBuilder.WithLogging(OnMsalLogMessage, LogLevel.Verbose, enablePiiLogging, false);
             }
 
-            // If we have a parent window ID we should tell MSAL about it so it can parent any authentication dialogs
-            // correctly. We only support this on Windows right now as MSAL only supports embedded/dialogs on Windows.
-            if (PlatformUtils.IsWindows() && !string.IsNullOrWhiteSpace(Context.Settings.ParentWindowId) &&
-                int.TryParse(Context.Settings.ParentWindowId, out int hWndInt) && hWndInt > 0)
+            // On Windows we should set the parent window handle for the authentication dialogs
+            // so that they are displayed as a child of the correct window.
+            if (PlatformUtils.IsWindows())
             {
-                appBuilder.WithParentActivityOrWindow(() => new IntPtr(hWndInt));
+                // If we have a parent window ID then use that, otherwise use the hosting terminal window.
+                IntPtr parentHandle;
+                if (!string.IsNullOrWhiteSpace(Context.Settings.ParentWindowId) &&
+                    int.TryParse(Context.Settings.ParentWindowId, out int hWndInt) && hWndInt > 0)
+                {
+                    parentHandle = new IntPtr(hWndInt);
+                }
+                else
+                {
+                    IntPtr consoleHandle = Kernel32.GetConsoleWindow();
+                    parentHandle = User32.GetAncestor(consoleHandle, GetAncestorFlags.GetRootOwner);
+                }
+
+                Context.Trace.WriteLine($"Using parent window ID '{parentHandle}' for MSAL authentication dialogs.");
+                appBuilder.WithParentActivityOrWindow(() => parentHandle);
             }
 
             // Configure the broker if enabled
diff --git a/src/shared/Core/Interop/Windows/Native/Kernel32.cs b/src/shared/Core/Interop/Windows/Native/Kernel32.cs
@@ -251,6 +251,16 @@ public static extern bool SetConsoleMode(
         /// </returns>
         [DllImport(LibraryName, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]
         public static extern IntPtr LocalFree(IntPtr ptr);
+
+        /// <summary>
+        /// Retrieves the window handle used by the console associated with the calling process.
+        /// </summary>
+        /// <returns>
+        /// The return value is a handle to the window used by the console associated with the calling process or
+        /// NULL if there is no such associated console.
+        /// </returns>
+        [DllImport("kernel32.dll", SetLastError = true)]
+        public static extern IntPtr GetConsoleWindow();
     }
 
     [Flags]
diff --git a/src/shared/Core/Interop/Windows/Native/User32.cs b/src/shared/Core/Interop/Windows/Native/User32.cs
@@ -35,6 +35,36 @@ public static IntPtr SetWindowLongPtr(IntPtr hWnd, int nIndex, IntPtr value)
 
         [DllImport(LibraryName, SetLastError = true)]
         public static extern bool GetClientRect(IntPtr hwnd, out RECT lpRect);
+
+        /// <summary>
+        /// Retrieves the handle to the ancestor of the specified window.
+        /// </summary>
+        /// <param name="hwnd">
+        /// A handle to the window whose ancestor is to be retrieved.
+        /// If this parameter is the desktop window, the function returns NULL.
+        /// </param>
+        /// <param name="flags">The ancestor to be retrieved.</param>
+        /// <returns>The return value is the handle to the ancestor window.</returns>
+        [DllImport("user32.dll", SetLastError = true)]
+        public static extern IntPtr GetAncestor(IntPtr hwnd, GetAncestorFlags flags);
+    }
+
+    public enum GetAncestorFlags
+    {
+        /// <summary>
+        /// Retrieves the parent window. This does not include the owner, as it does with the GetParent function.
+        /// </summary>
+        GetParent = 1,
+
+        /// <summary>
+        /// Retrieves the root window by walking the chain of parent windows.
+        /// </summary>
+        GetRoot = 2,
+
+        /// <summary>
+        /// Retrieves the owned root window by walking the chain of parent and owner windows returned by GetParent.
+        /// </summary>
+        GetRootOwner = 3
     }
 
     [StructLayout(LayoutKind.Sequential)]
