From 1a073ed8c0f1e6edf7ac929729c4f76251f1fff7 Mon Sep 17 00:00:00 2001
From: jennyf19 <jeferrie@microsoft.com>
Date: Thu, 12 Nov 2020 13:58:15 -0800
Subject: [PATCH] first round of fixing more sc warnings (#753)

* first round of fixing more sc warnings

* add sonar cloud via vs extension

* fix more warnings

* change order

* fix yml

* force re-build

* add keyvault build

* fix new code warning
---
 .sonarlint/Microsoft.Identity.Web.slconfig    |  15 +
 .../CSharp/SonarLint.xml                      |  89 +++++
 ...uread_microsoft-identity-webcsharp.ruleset | 368 ++++++++++++++++++
 ...icrosoftIdentityWebProjectTemplates.csproj |   6 +
 azure-pipelines.yml                           |   7 +-
 ...crosoft.Identity.Web.MicrosoftGraph.csproj |   5 +
 .../TokenAcquisitionAuthenticationProvider.cs |   4 +-
 ...oft.Identity.Web.MicrosoftGraphBeta.csproj |   5 +
 .../Microsoft.Identity.Web.UI.csproj          |   5 +
 .../ClaimsPrincipalExtensions.cs              |   4 +-
 .../Constants/Constants.cs                    |   2 +
 .../DownstreamWebApi.cs                       |  32 +-
 .../IDownstreamWebApi.cs                      |  14 +-
 .../Microsoft.Identity.Web.csproj             |  11 +-
 .../Microsoft.Identity.Web.xml                |  54 +--
 .../MicrosoftIdentityCircuitHandler.cs        |   2 +-
 .../MsalAspNetCoreHttpClientFactory.cs        |   2 +-
 .../TokenAcquisition.cs                       |  20 +-
 tests/.editorconfig                           |   6 +
 .../AjaxCallActionsWithDynamicConsent.csproj  |   6 +
 .../Client/TodoListClient.csproj              |   6 +
 .../TodoListService/TodoListService.csproj    |   6 +
 tests/BlazorServerCallsGraph/blazor.csproj    |   5 +
 ...crosoft.Identity.Web.Perf.Benchmark.csproj |   5 +
 .../Microsoft.Identity.Web.Perf.Client.csproj |   5 +
 .../WebAppCallsMicrosoftGraph.csproj          |   5 +
 .../Client/TodoListClient.csproj              |   6 +
 .../TodoListService/TodoListService.csproj    |   6 +
 .../blazor.csproj                             |   5 +
 tests/blazorwasm-b2c/blazorwasm2-b2c.csproj   |   6 +
 .../blazorwasm2-b2c-hosted.Client.csproj      |   5 +
 .../blazorwasm2-b2c-hosted.Server.csproj      |   5 +
 .../blazorwasm2-b2c-hosted.Shared.csproj      |   6 +
 ...lazorwasm2-singleOrg-hosted4.Client.csproj |   6 +
 ...lazorwasm2-singleOrg-hosted4.Server.csproj |   5 +
 ...lazorwasm2-singleOrg-hosted4.Shared.csproj |   6 +
 .../ConfigureGeneratedApplications.csproj     |   6 +
 37 files changed, 674 insertions(+), 77 deletions(-)
 create mode 100644 .sonarlint/Microsoft.Identity.Web.slconfig
 create mode 100644 .sonarlint/azuread_microsoft-identity-web/CSharp/SonarLint.xml
 create mode 100644 .sonarlint/azuread_microsoft-identity-webcsharp.ruleset

diff --git a/.sonarlint/Microsoft.Identity.Web.slconfig b/.sonarlint/Microsoft.Identity.Web.slconfig
new file mode 100644
index 000000000..2784954db
--- /dev/null
+++ b/.sonarlint/Microsoft.Identity.Web.slconfig
@@ -0,0 +1,15 @@
+{
+  "ServerUri": "https://sonarcloud.io/",
+  "Organization": {
+    "Key": "azuread",
+    "Name": "Azure Active Directory"
+  },
+  "ProjectKey": "AzureAD_microsoft-identity-web",
+  "ProjectName": "microsoft-identity-web",
+  "Profiles": {
+    "CSharp": {
+      "ProfileKey": "AXMqHrScFqF0v-dl6dl_",
+      "ProfileTimestamp": "2020-10-13T14:12:09Z"
+    }
+  }
+}
\ No newline at end of file
diff --git a/.sonarlint/azuread_microsoft-identity-web/CSharp/SonarLint.xml b/.sonarlint/azuread_microsoft-identity-web/CSharp/SonarLint.xml
new file mode 100644
index 000000000..21acd70e2
--- /dev/null
+++ b/.sonarlint/azuread_microsoft-identity-web/CSharp/SonarLint.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<AnalysisInput xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <Settings>
+    <Setting>
+      <Key>sonar.cs.analyzeGeneratedCode</Key>
+      <Value>false</Value>
+    </Setting>
+    <Setting>
+      <Key>sonar.cs.file.suffixes</Key>
+      <Value>.cs</Value>
+    </Setting>
+    <Setting>
+      <Key>sonar.cs.ignoreHeaderComments</Key>
+      <Value>true</Value>
+    </Setting>
+    <Setting>
+      <Key>sonar.cs.roslyn.ignoreIssues</Key>
+      <Value>false</Value>
+    </Setting>
+  </Settings>
+  <Rules>
+    <Rule>
+      <Key>S107</Key>
+      <Parameters>
+        <Parameter>
+          <Key>max</Key>
+          <Value>7</Value>
+        </Parameter>
+      </Parameters>
+    </Rule>
+    <Rule>
+      <Key>S110</Key>
+      <Parameters>
+        <Parameter>
+          <Key>max</Key>
+          <Value>5</Value>
+        </Parameter>
+      </Parameters>
+    </Rule>
+    <Rule>
+      <Key>S1479</Key>
+      <Parameters>
+        <Parameter>
+          <Key>maximum</Key>
+          <Value>30</Value>
+        </Parameter>
+      </Parameters>
+    </Rule>
+    <Rule>
+      <Key>S2342</Key>
+      <Parameters>
+        <Parameter>
+          <Key>flagsAttributeFormat</Key>
+          <Value>^([A-Z]{1,3}[a-z0-9]+)*([A-Z]{2})?s$</Value>
+        </Parameter>
+        <Parameter>
+          <Key>format</Key>
+          <Value>^([A-Z]{1,3}[a-z0-9]+)*([A-Z]{2})?$</Value>
+        </Parameter>
+      </Parameters>
+    </Rule>
+    <Rule>
+      <Key>S2436</Key>
+      <Parameters>
+        <Parameter>
+          <Key>max</Key>
+          <Value>2</Value>
+        </Parameter>
+        <Parameter>
+          <Key>maxMethod</Key>
+          <Value>3</Value>
+        </Parameter>
+      </Parameters>
+    </Rule>
+    <Rule>
+      <Key>S3776</Key>
+      <Parameters>
+        <Parameter>
+          <Key>propertyThreshold</Key>
+          <Value>3</Value>
+        </Parameter>
+        <Parameter>
+          <Key>threshold</Key>
+          <Value>15</Value>
+        </Parameter>
+      </Parameters>
+    </Rule>
+  </Rules>
+</AnalysisInput>
\ No newline at end of file
diff --git a/.sonarlint/azuread_microsoft-identity-webcsharp.ruleset b/.sonarlint/azuread_microsoft-identity-webcsharp.ruleset
new file mode 100644
index 000000000..e85398ed5
--- /dev/null
+++ b/.sonarlint/azuread_microsoft-identity-webcsharp.ruleset
@@ -0,0 +1,368 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RuleSet xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Name="SonarQube - microsoft-identity-web Sonar way" Description="This rule set was automatically generated from SonarQube https://sonarcloud.io/profiles/show?key=AXMqHrScFqF0v-dl6dl_" ToolsVersion="14.0">
+  <Rules AnalyzerId="SonarAnalyzer.CSharp" RuleNamespace="SonarAnalyzer.CSharp">
+    <Rule Id="S100" Action="None" />
+    <Rule Id="S1006" Action="Warning" />
+    <Rule Id="S101" Action="None" />
+    <Rule Id="S103" Action="None" />
+    <Rule Id="S104" Action="None" />
+    <Rule Id="S1048" Action="Warning" />
+    <Rule Id="S105" Action="None" />
+    <Rule Id="S106" Action="None" />
+    <Rule Id="S1066" Action="Warning" />
+    <Rule Id="S1067" Action="None" />
+    <Rule Id="S107" Action="Warning" />
+    <Rule Id="S1075" Action="Info" />
+    <Rule Id="S108" Action="Warning" />
+    <Rule Id="S109" Action="None" />
+    <Rule Id="S110" Action="Warning" />
+    <Rule Id="S1104" Action="Info" />
+    <Rule Id="S1109" Action="None" />
+    <Rule Id="S1110" Action="Warning" />
+    <Rule Id="S1116" Action="Info" />
+    <Rule Id="S1117" Action="Warning" />
+    <Rule Id="S1118" Action="Warning" />
+    <Rule Id="S112" Action="Warning" />
+    <Rule Id="S1121" Action="Warning" />
+    <Rule Id="S1123" Action="Warning" />
+    <Rule Id="S1125" Action="Info" />
+    <Rule Id="S1128" Action="Info" />
+    <Rule Id="S113" Action="None" />
+    <Rule Id="S1134" Action="Warning" />
+    <Rule Id="S1135" Action="Info" />
+    <Rule Id="S1144" Action="Warning" />
+    <Rule Id="S1145" Action="None" />
+    <Rule Id="S1147" Action="None" />
+    <Rule Id="S1151" Action="None" />
+    <Rule Id="S1155" Action="Info" />
+    <Rule Id="S1163" Action="Warning" />
+    <Rule Id="S1168" Action="Warning" />
+    <Rule Id="S1172" Action="Warning" />
+    <Rule Id="S1185" Action="Info" />
+    <Rule Id="S1186" Action="Warning" />
+    <Rule Id="S1192" Action="None" />
+    <Rule Id="S1199" Action="Info" />
+    <Rule Id="S1200" Action="None" />
+    <Rule Id="S1206" Action="Info" />
+    <Rule Id="S121" Action="None" />
+    <Rule Id="S1210" Action="Info" />
+    <Rule Id="S1215" Action="Warning" />
+    <Rule Id="S122" Action="None" />
+    <Rule Id="S1226" Action="None" />
+    <Rule Id="S1227" Action="None" />
+    <Rule Id="S1244" Action="None" />
+    <Rule Id="S125" Action="None" />
+    <Rule Id="S126" Action="None" />
+    <Rule Id="S1264" Action="Info" />
+    <Rule Id="S127" Action="None" />
+    <Rule Id="S1301" Action="None" />
+    <Rule Id="S1309" Action="None" />
+    <Rule Id="S131" Action="None" />
+    <Rule Id="S134" Action="None" />
+    <Rule Id="S138" Action="None" />
+    <Rule Id="S1449" Action="None" />
+    <Rule Id="S1450" Action="Info" />
+    <Rule Id="S1451" Action="None" />
+    <Rule Id="S1479" Action="Warning" />
+    <Rule Id="S1481" Action="Info" />
+    <Rule Id="S1541" Action="None" />
+    <Rule Id="S1607" Action="Warning" />
+    <Rule Id="S1643" Action="Info" />
+    <Rule Id="S1656" Action="Warning" />
+    <Rule Id="S1659" Action="None" />
+    <Rule Id="S1694" Action="None" />
+    <Rule Id="S1696" Action="None" />
+    <Rule Id="S1697" Action="None" />
+    <Rule Id="S1698" Action="None" />
+    <Rule Id="S1699" Action="Warning" />
+    <Rule Id="S1751" Action="Warning" />
+    <Rule Id="S1764" Action="Warning" />
+    <Rule Id="S1821" Action="None" />
+    <Rule Id="S1848" Action="Warning" />
+    <Rule Id="S1854" Action="Warning" />
+    <Rule Id="S1858" Action="None" />
+    <Rule Id="S1862" Action="Warning" />
+    <Rule Id="S1871" Action="Warning" />
+    <Rule Id="S1905" Action="Info" />
+    <Rule Id="S1939" Action="Info" />
+    <Rule Id="S1940" Action="Info" />
+    <Rule Id="S1944" Action="Warning" />
+    <Rule Id="S1994" Action="None" />
+    <Rule Id="S2070" Action="None" />
+    <Rule Id="S2114" Action="Warning" />
+    <Rule Id="S2123" Action="Warning" />
+    <Rule Id="S2148" Action="None" />
+    <Rule Id="S2156" Action="None" />
+    <Rule Id="S2178" Action="Warning" />
+    <Rule Id="S2183" Action="Info" />
+    <Rule Id="S2184" Action="Info" />
+    <Rule Id="S2187" Action="Warning" />
+    <Rule Id="S2190" Action="Warning" />
+    <Rule Id="S2197" Action="None" />
+    <Rule Id="S2201" Action="Warning" />
+    <Rule Id="S2219" Action="Info" />
+    <Rule Id="S2221" Action="None" />
+    <Rule Id="S2223" Action="Warning" />
+    <Rule Id="S2225" Action="Warning" />
+    <Rule Id="S2228" Action="None" />
+    <Rule Id="S2234" Action="Warning" />
+    <Rule Id="S2251" Action="Warning" />
+    <Rule Id="S2252" Action="Warning" />
+    <Rule Id="S2259" Action="Warning" />
+    <Rule Id="S2275" Action="Warning" />
+    <Rule Id="S2278" Action="None" />
+    <Rule Id="S2290" Action="Warning" />
+    <Rule Id="S2291" Action="Warning" />
+    <Rule Id="S2292" Action="Info" />
+    <Rule Id="S2302" Action="None" />
+    <Rule Id="S2306" Action="Warning" />
+    <Rule Id="S2325" Action="None" />
+    <Rule Id="S2326" Action="Warning" />
+    <Rule Id="S2327" Action="Warning" />
+    <Rule Id="S2328" Action="Info" />
+    <Rule Id="S2330" Action="None" />
+    <Rule Id="S2333" Action="None" />
+    <Rule Id="S2339" Action="None" />
+    <Rule Id="S2342" Action="Info" />
+    <Rule Id="S2344" Action="Info" />
+    <Rule Id="S2345" Action="Info" />
+    <Rule Id="S2346" Action="Warning" />
+    <Rule Id="S2357" Action="None" />
+    <Rule Id="S2360" Action="None" />
+    <Rule Id="S2365" Action="Warning" />
+    <Rule Id="S2368" Action="Warning" />
+    <Rule Id="S2372" Action="Warning" />
+    <Rule Id="S2376" Action="Warning" />
+    <Rule Id="S2386" Action="Info" />
+    <Rule Id="S2387" Action="None" />
+    <Rule Id="S2436" Action="Warning" />
+    <Rule Id="S2437" Action="Warning" />
+    <Rule Id="S2479" Action="Warning" />
+    <Rule Id="S2486" Action="Info" />
+    <Rule Id="S2551" Action="Warning" />
+    <Rule Id="S2583" Action="Warning" />
+    <Rule Id="S2589" Action="Warning" />
+    <Rule Id="S2674" Action="None" />
+    <Rule Id="S2681" Action="Warning" />
+    <Rule Id="S2688" Action="Warning" />
+    <Rule Id="S2692" Action="Warning" />
+    <Rule Id="S2696" Action="Warning" />
+    <Rule Id="S2699" Action="Warning" />
+    <Rule Id="S2701" Action="None" />
+    <Rule Id="S2737" Action="Info" />
+    <Rule Id="S2743" Action="Warning" />
+    <Rule Id="S2755" Action="Warning" />
+    <Rule Id="S2757" Action="Warning" />
+    <Rule Id="S2758" Action="Warning" />
+    <Rule Id="S2760" Action="None" />
+    <Rule Id="S2761" Action="Warning" />
+    <Rule Id="S2857" Action="Warning" />
+    <Rule Id="S2930" Action="Warning" />
+    <Rule Id="S2931" Action="None" />
+    <Rule Id="S2933" Action="Warning" />
+    <Rule Id="S2934" Action="Info" />
+    <Rule Id="S2952" Action="None" />
+    <Rule Id="S2953" Action="Warning" />
+    <Rule Id="S2955" Action="None" />
+    <Rule Id="S2971" Action="Warning" />
+    <Rule Id="S2995" Action="Warning" />
+    <Rule Id="S2996" Action="Warning" />
+    <Rule Id="S2997" Action="Warning" />
+    <Rule Id="S3005" Action="Warning" />
+    <Rule Id="S3010" Action="Warning" />
+    <Rule Id="S3011" Action="Warning" />
+    <Rule Id="S3052" Action="None" />
+    <Rule Id="S3060" Action="Warning" />
+    <Rule Id="S3168" Action="Warning" />
+    <Rule Id="S3169" Action="Warning" />
+    <Rule Id="S3172" Action="Warning" />
+    <Rule Id="S3215" Action="None" />
+    <Rule Id="S3216" Action="None" />
+    <Rule Id="S3217" Action="Warning" />
+    <Rule Id="S3218" Action="Warning" />
+    <Rule Id="S3220" Action="Info" />
+    <Rule Id="S3234" Action="None" />
+    <Rule Id="S3235" Action="None" />
+    <Rule Id="S3236" Action="Info" />
+    <Rule Id="S3237" Action="Warning" />
+    <Rule Id="S3240" Action="None" />
+    <Rule Id="S3241" Action="Info" />
+    <Rule Id="S3242" Action="None" />
+    <Rule Id="S3244" Action="Warning" />
+    <Rule Id="S3246" Action="Warning" />
+    <Rule Id="S3247" Action="Info" />
+    <Rule Id="S3249" Action="Warning" />
+    <Rule Id="S3251" Action="Info" />
+    <Rule Id="S3253" Action="None" />
+    <Rule Id="S3254" Action="None" />
+    <Rule Id="S3256" Action="Info" />
+    <Rule Id="S3257" Action="None" />
+    <Rule Id="S3261" Action="Info" />
+    <Rule Id="S3262" Action="Warning" />
+    <Rule Id="S3263" Action="Warning" />
+    <Rule Id="S3264" Action="Warning" />
+    <Rule Id="S3265" Action="Warning" />
+    <Rule Id="S3343" Action="Warning" />
+    <Rule Id="S3346" Action="Warning" />
+    <Rule Id="S3353" Action="None" />
+    <Rule Id="S3358" Action="None" />
+    <Rule Id="S3366" Action="None" />
+    <Rule Id="S3376" Action="Info" />
+    <Rule Id="S3397" Action="Info" />
+    <Rule Id="S3400" Action="Info" />
+    <Rule Id="S3415" Action="Warning" />
+    <Rule Id="S3427" Action="Warning" />
+    <Rule Id="S3431" Action="None" />
+    <Rule Id="S3433" Action="Warning" />
+    <Rule Id="S3440" Action="Info" />
+    <Rule Id="S3441" Action="None" />
+    <Rule Id="S3442" Action="Warning" />
+    <Rule Id="S3443" Action="Warning" />
+    <Rule Id="S3444" Action="Info" />
+    <Rule Id="S3445" Action="Warning" />
+    <Rule Id="S3447" Action="Warning" />
+    <Rule Id="S3449" Action="Warning" />
+    <Rule Id="S3450" Action="Info" />
+    <Rule Id="S3451" Action="Warning" />
+    <Rule Id="S3453" Action="Warning" />
+    <Rule Id="S3456" Action="Info" />
+    <Rule Id="S3457" Action="Warning" />
+    <Rule Id="S3458" Action="Info" />
+    <Rule Id="S3459" Action="Info" />
+    <Rule Id="S3464" Action="Warning" />
+    <Rule Id="S3466" Action="Warning" />
+    <Rule Id="S3532" Action="None" />
+    <Rule Id="S3597" Action="Warning" />
+    <Rule Id="S3598" Action="Warning" />
+    <Rule Id="S3600" Action="Warning" />
+    <Rule Id="S3603" Action="Warning" />
+    <Rule Id="S3604" Action="Info" />
+    <Rule Id="S3610" Action="Warning" />
+    <Rule Id="S3626" Action="Info" />
+    <Rule Id="S3655" Action="Warning" />
+    <Rule Id="S3693" Action="None" />
+    <Rule Id="S3717" Action="None" />
+    <Rule Id="S3776" Action="Warning" />
+    <Rule Id="S3869" Action="Warning" />
+    <Rule Id="S3871" Action="Warning" />
+    <Rule Id="S3872" Action="None" />
+    <Rule Id="S3874" Action="None" />
+    <Rule Id="S3875" Action="Warning" />
+    <Rule Id="S3876" Action="None" />
+    <Rule Id="S3877" Action="Warning" />
+    <Rule Id="S3880" Action="None" />
+    <Rule Id="S3881" Action="Warning" />
+    <Rule Id="S3884" Action="Warning" />
+    <Rule Id="S3885" Action="Warning" />
+    <Rule Id="S3887" Action="Info" />
+    <Rule Id="S3889" Action="Warning" />
+    <Rule Id="S3897" Action="Info" />
+    <Rule Id="S3898" Action="None" />
+    <Rule Id="S3900" Action="None" />
+    <Rule Id="S3902" Action="None" />
+    <Rule Id="S3903" Action="Warning" />
+    <Rule Id="S3904" Action="Warning" />
+    <Rule Id="S3906" Action="None" />
+    <Rule Id="S3908" Action="None" />
+    <Rule Id="S3909" Action="None" />
+    <Rule Id="S3923" Action="Warning" />
+    <Rule Id="S3925" Action="Warning" />
+    <Rule Id="S3926" Action="Warning" />
+    <Rule Id="S3927" Action="Warning" />
+    <Rule Id="S3928" Action="None" />
+    <Rule Id="S3937" Action="None" />
+    <Rule Id="S3949" Action="Warning" />
+    <Rule Id="S3956" Action="None" />
+    <Rule Id="S3962" Action="None" />
+    <Rule Id="S3963" Action="Info" />
+    <Rule Id="S3966" Action="Warning" />
+    <Rule Id="S3967" Action="None" />
+    <Rule Id="S3971" Action="Warning" />
+    <Rule Id="S3972" Action="Warning" />
+    <Rule Id="S3973" Action="Warning" />
+    <Rule Id="S3981" Action="Warning" />
+    <Rule Id="S3984" Action="Warning" />
+    <Rule Id="S3990" Action="None" />
+    <Rule Id="S3992" Action="None" />
+    <Rule Id="S3993" Action="None" />
+    <Rule Id="S3994" Action="None" />
+    <Rule Id="S3995" Action="None" />
+    <Rule Id="S3996" Action="None" />
+    <Rule Id="S3997" Action="None" />
+    <Rule Id="S3998" Action="Warning" />
+    <Rule Id="S4000" Action="None" />
+    <Rule Id="S4002" Action="None" />
+    <Rule Id="S4004" Action="None" />
+    <Rule Id="S4005" Action="None" />
+    <Rule Id="S4015" Action="Warning" />
+    <Rule Id="S4016" Action="Warning" />
+    <Rule Id="S4017" Action="None" />
+    <Rule Id="S4018" Action="None" />
+    <Rule Id="S4019" Action="Warning" />
+    <Rule Id="S4022" Action="None" />
+    <Rule Id="S4023" Action="None" />
+    <Rule Id="S4025" Action="None" />
+    <Rule Id="S4026" Action="None" />
+    <Rule Id="S4027" Action="None" />
+    <Rule Id="S4035" Action="Warning" />
+    <Rule Id="S4039" Action="None" />
+    <Rule Id="S4040" Action="None" />
+    <Rule Id="S4041" Action="None" />
+    <Rule Id="S4047" Action="None" />
+    <Rule Id="S4049" Action="None" />
+    <Rule Id="S4050" Action="None" />
+    <Rule Id="S4052" Action="None" />
+    <Rule Id="S4055" Action="None" />
+    <Rule Id="S4056" Action="None" />
+    <Rule Id="S4057" Action="None" />
+    <Rule Id="S4058" Action="None" />
+    <Rule Id="S4059" Action="None" />
+    <Rule Id="S4060" Action="None" />
+    <Rule Id="S4061" Action="Info" />
+    <Rule Id="S4069" Action="None" />
+    <Rule Id="S4070" Action="Warning" />
+    <Rule Id="S4136" Action="Info" />
+    <Rule Id="S4142" Action="None" />
+    <Rule Id="S4143" Action="Warning" />
+    <Rule Id="S4144" Action="Warning" />
+    <Rule Id="S4158" Action="Info" />
+    <Rule Id="S4159" Action="Warning" />
+    <Rule Id="S4200" Action="Warning" />
+    <Rule Id="S4201" Action="Info" />
+    <Rule Id="S4210" Action="Warning" />
+    <Rule Id="S4211" Action="Warning" />
+    <Rule Id="S4212" Action="None" />
+    <Rule Id="S4214" Action="Warning" />
+    <Rule Id="S4220" Action="Warning" />
+    <Rule Id="S4225" Action="None" />
+    <Rule Id="S4226" Action="None" />
+    <Rule Id="S4260" Action="Warning" />
+    <Rule Id="S4261" Action="None" />
+    <Rule Id="S4275" Action="Warning" />
+    <Rule Id="S4277" Action="Warning" />
+    <Rule Id="S4426" Action="Warning" />
+    <Rule Id="S4428" Action="Warning" />
+    <Rule Id="S4432" Action="None" />
+    <Rule Id="S4433" Action="Warning" />
+    <Rule Id="S4456" Action="Warning" />
+    <Rule Id="S4457" Action="None" />
+    <Rule Id="S4462" Action="None" />
+    <Rule Id="S4487" Action="Warning" />
+    <Rule Id="S4524" Action="Warning" />
+    <Rule Id="S4564" Action="None" />
+    <Rule Id="S4581" Action="Warning" />
+    <Rule Id="S4583" Action="Warning" />
+    <Rule Id="S4586" Action="Warning" />
+    <Rule Id="S4635" Action="Warning" />
+    <Rule Id="S4830" Action="Warning" />
+    <Rule Id="S5034" Action="Warning" />
+    <Rule Id="S5542" Action="Warning" />
+    <Rule Id="S5547" Action="Warning" />
+    <Rule Id="S5659" Action="Warning" />
+    <Rule Id="S5773" Action="Warning" />
+    <Rule Id="S818" Action="Info" />
+    <Rule Id="S881" Action="None" />
+    <Rule Id="S907" Action="Warning" />
+    <Rule Id="S927" Action="Warning" />
+  </Rules>
+</RuleSet>
\ No newline at end of file
diff --git a/ProjectTemplates/AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj b/ProjectTemplates/AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
index e96b3a903..449809da2 100644
--- a/ProjectTemplates/AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
+++ b/ProjectTemplates/AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
@@ -26,6 +26,8 @@
     <IncludeContentInPack>true</IncludeContentInPack>
     <IncludeBuildOutput>false</IncludeBuildOutput>
     <ContentTargetFolders>content</ContentTargetFolders>
+    <CodeAnalysisRuleSet>..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -36,4 +38,8 @@
     <Content Include="templates\**\*" Exclude="templates\**\bin\**;templates\**\obj\**" />
     <Compile Remove="**\*" />
   </ItemGroup>
+
+  <ItemGroup>
+    <AdditionalFiles Include="..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
 </Project>
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index d0f6914dc..d018e7096 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -15,6 +15,7 @@ jobs:
     - msbuild
   steps:
     - template: build/template-install-dotnet-core.yaml
+    - template: build/template-install-keyvault-secrets.yaml
     - task: SonarCloudPrepare@1
       inputs:
         SonarCloud: 'SonarCloud-microsoft_identity_web'
@@ -37,9 +38,9 @@ jobs:
       displayName: 'Run unit tests'
       inputs:
         command: test
-        projects: 'tests/Microsoft.Identity.Web.Test*.csproj'
-        arguments: '--no-build --no-restore --collect "Code coverage"'
+        projects: 'tests/**/Microsoft.Identity.Web.Test*.csproj'
+        arguments: '--collect "Code coverage"'
     - task: SonarCloudAnalyze@1
     - task: SonarCloudPublish@1
       inputs:
-        pollingTimeoutSec: '300'
\ No newline at end of file
+        pollingTimeoutSec: '300'
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj b/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj
index a31d604ca..521290289 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj
@@ -38,6 +38,10 @@
     <AdditionalFiles Include="..\..\stylecop.json" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <None Include="..\..\LICENSE">
       <Pack>True</Pack>
@@ -68,6 +72,7 @@
   <PropertyGroup>
     <!-- The MSAL.snk has both private and public keys -->
     <DelaySign>false</DelaySign>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
 
 </Project>
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs
index adb67fc57..9e582ca47 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs
@@ -20,8 +20,8 @@ public TokenAcquisitionAuthenticationProvider(ITokenAcquisition tokenAcquisition
             _initialOptions = options;
         }
 
-        private ITokenAcquisition _tokenAcquisition;
-        private TokenAcquisitionAuthenticationProviderOption _initialOptions;
+        private readonly ITokenAcquisition _tokenAcquisition;
+        private readonly TokenAcquisitionAuthenticationProviderOption _initialOptions;
 
         /// <summary>
         /// Adds an authorization header to an HttpRequestMessage.
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj
index 0ffb5ce69..dd1417fe4 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj
+++ b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj
@@ -45,6 +45,10 @@
     <Compile Include="..\Microsoft.Identity.Web.MicrosoftGraph\TokenAcquisitionAuthenticationProviderOption.cs" Link="TokenAcquisitionAuthenticationProviderOption.cs" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <None Include="..\..\LICENSE">
       <Pack>True</Pack>
@@ -75,6 +79,7 @@
   <PropertyGroup>
     <!-- The MSAL.snk has both private and public keys -->
     <DelaySign>false</DelaySign>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
 
 </Project>
diff --git a/src/Microsoft.Identity.Web.UI/Microsoft.Identity.Web.UI.csproj b/src/Microsoft.Identity.Web.UI/Microsoft.Identity.Web.UI.csproj
index 8c42ff0d1..3617da533 100644
--- a/src/Microsoft.Identity.Web.UI/Microsoft.Identity.Web.UI.csproj
+++ b/src/Microsoft.Identity.Web.UI/Microsoft.Identity.Web.UI.csproj
@@ -32,6 +32,10 @@
     <AdditionalFiles Include="..\..\stylecop.json" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <None Include="..\..\LICENSE">
       <Pack>True</Pack>
@@ -49,6 +53,7 @@
     <AddRazorSupportForMvc>true</AddRazorSupportForMvc>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <Nullable>enable</Nullable>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <DocumentationFile>Microsoft.Identity.Web.UI.xml</DocumentationFile>
diff --git a/src/Microsoft.Identity.Web/ClaimsPrincipalExtensions.cs b/src/Microsoft.Identity.Web/ClaimsPrincipalExtensions.cs
index b2e00b236..df530c345 100644
--- a/src/Microsoft.Identity.Web/ClaimsPrincipalExtensions.cs
+++ b/src/Microsoft.Identity.Web/ClaimsPrincipalExtensions.cs
@@ -102,10 +102,10 @@ public static class ClaimsPrincipalExtensions
                 throw new ArgumentNullException(nameof(claimsPrincipal));
             }
 
-            var tenantId = GetTenantId(claimsPrincipal);
+            string? tenantId = GetTenantId(claimsPrincipal);
             string? domainHint = string.IsNullOrWhiteSpace(tenantId)
                 ? null
-                : tenantId.Equals(Constants.MsaTenantId, StringComparison.OrdinalIgnoreCase) ? Constants.Consumers : Constants.Organizations;
+                : tenantId!.Equals(Constants.MsaTenantId, StringComparison.OrdinalIgnoreCase) ? Constants.Consumers : Constants.Organizations;
 
             return domainHint;
         }
diff --git a/src/Microsoft.Identity.Web/Constants/Constants.cs b/src/Microsoft.Identity.Web/Constants/Constants.cs
index 9bcf828d6..be5beca66 100644
--- a/src/Microsoft.Identity.Web/Constants/Constants.cs
+++ b/src/Microsoft.Identity.Web/Constants/Constants.cs
@@ -60,7 +60,9 @@ public static class Constants
         internal const string Aliases = "aliases";
 
         // AadIssuerValidator
+#pragma warning disable S1075 // URIs should not be hardcoded
         internal const string AzureADIssuerMetadataUrl = "https://login.microsoftonline.com/common/discovery/instance?authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize&api-version=1.1";
+#pragma warning restore S1075 // URIs should not be hardcoded
         internal const string FallbackAuthority = "https://login.microsoftonline.com/";
 
         // RegisterValidAudience
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
index b37a51d08..e3c6fbfb0 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
@@ -21,10 +21,6 @@ public class DownstreamWebApi : IDownstreamWebApi
         private readonly HttpClient _httpClient;
         private readonly IOptionsMonitor<DownstreamWebApiOptions> _namedDownstreamWebApiOptions;
         private readonly MicrosoftIdentityOptions _microsoftIdentityOptions;
-        private readonly JsonSerializerOptions _jsonOptions = new JsonSerializerOptions
-        {
-            PropertyNameCaseInsensitive = true,
-        };
 
         /// <summary>
         /// Constructor.
@@ -49,12 +45,12 @@ public DownstreamWebApi(
 
         /// <inheritdoc/>
         public async Task<HttpResponseMessage> CallWebApiForUserAsync(
-            string optionsInstanceName,
-            Action<DownstreamWebApiOptions>? calledDownstreamApiOptionsOverride = null,
+            string serviceName,
+            Action<DownstreamWebApiOptions>? calledDownstreamWebApiOptionsOverride = null,
             ClaimsPrincipal? user = null,
-            StringContent? requestContent = null)
+            StringContent? content = null)
         {
-            DownstreamWebApiOptions effectiveOptions = MergeOptions(optionsInstanceName, calledDownstreamApiOptionsOverride);
+            DownstreamWebApiOptions effectiveOptions = MergeOptions(serviceName, calledDownstreamWebApiOptionsOverride);
 
             if (string.IsNullOrEmpty(effectiveOptions.Scopes))
             {
@@ -84,9 +80,9 @@ public async Task<HttpResponseMessage> CallWebApiForUserAsync(
                 effectiveOptions.HttpMethod,
                 effectiveOptions.GetApiUrl()))
             {
-                if (requestContent != null)
+                if (content != null)
                 {
-                    httpRequestMessage.Content = requestContent;
+                    httpRequestMessage.Content = content;
                 }
 
                 httpRequestMessage.Headers.Add(
@@ -129,14 +125,14 @@ public async Task<HttpResponseMessage> CallWebApiForUserAsync(
 
         /// <inheritdoc/>
         public async Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
-            string optionsInstanceName,
+            string serviceName,
             TInput input,
             Action<DownstreamWebApiOptions>? downstreamWebApiOptionsOverride = null,
             ClaimsPrincipal? user = null)
             where TOutput : class
         {
             HttpResponseMessage response = await CallWebApiForUserAsync(
-                optionsInstanceName,
+                serviceName,
                 downstreamWebApiOptionsOverride,
                 user,
                 new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json")).ConfigureAwait(false);
@@ -164,11 +160,11 @@ public async Task<HttpResponseMessage> CallWebApiForUserAsync(
 
         /// <inheritdoc/>
         public async Task<HttpResponseMessage> CallWebApiForAppAsync(
-            string optionsInstanceName,
-            Action<DownstreamWebApiOptions>? downstreamApiOptionsOverride = null,
-            StringContent? requestContent = null)
+            string serviceName,
+            Action<DownstreamWebApiOptions>? downstreamWebApiOptionsOverride = null,
+            StringContent? content = null)
         {
-            DownstreamWebApiOptions effectiveOptions = MergeOptions(optionsInstanceName, downstreamApiOptionsOverride);
+            DownstreamWebApiOptions effectiveOptions = MergeOptions(serviceName, downstreamWebApiOptionsOverride);
 
             if (effectiveOptions.Scopes == null)
             {
@@ -186,9 +182,9 @@ public async Task<HttpResponseMessage> CallWebApiForAppAsync(
                 effectiveOptions.HttpMethod,
                 effectiveOptions.GetApiUrl()))
             {
-                if (requestContent != null)
+                if (content != null)
                 {
-                    httpRequestMessage.Content = requestContent;
+                    httpRequestMessage.Content = content;
                 }
 
                 httpRequestMessage.Headers.Add(
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
index 7c0712eb7..c771bc0c5 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
@@ -52,11 +52,11 @@ public Task<HttpResponseMessage> CallWebApiForUserAsync(
         /// will find the user from the HttpContext.</param>
         /// <returns>The value returned by the downstream web API.</returns>
         /// <example>
-        /// A list method that returns an IEnumerable&lt;Todo&gt;&gt;.
+        /// A list method that returns an IEnumerable&lt;MyItem&gt;&gt;.
         /// <code>
-        /// public async Task&lt;IEnumerable&lt;Todo&gt;&gt; GetAsync()
+        /// public async Task&lt;IEnumerable&lt;MyItem&gt;&gt; GetAsync()
         /// {
-        ///  return await _downstreamWebApi.CallWebApiForUserAsync&lt;object, IEnumerable&lt;Todo&gt;&gt;(
+        ///  return await _downstreamWebApi.CallWebApiForUserAsync&lt;object, IEnumerable&lt;MyItem&gt;&gt;(
         ///         ServiceName,
         ///         null,
         ///         options =>
@@ -68,15 +68,15 @@ public Task<HttpResponseMessage> CallWebApiForUserAsync(
         ///
         /// Example of editing.
         /// <code>
-        /// public async Task&lt;Todo&gt; EditAsync(Todo todo)
+        /// public async Task&lt;MyItem&gt; EditAsync(MyItem myItem)
         /// {
-        ///   return await _downstreamWebApi.CallWebApiForUserAsync&lt;Todo, Todo&gt;(
+        ///   return await _downstreamWebApi.CallWebApiForUserAsync&lt;MyItem, MyItem&gt;(
         ///         ServiceName,
-        ///         todo,
+        ///         nyItem,
         ///         options =>
         ///         {
         ///            options.HttpMethod = HttpMethod.Patch;
-        ///            options.RelativePath = $"api/todolist/{todo.Id}";
+        ///            options.RelativePath = $"api/todolist/{myItem.Id}";
         ///         });
         /// }
         /// </code>
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index c3f442c98..b2020421f 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -37,6 +37,10 @@
     <AdditionalFiles Include="..\..\stylecop.json" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <None Include="..\..\LICENSE">
       <Pack>True</Pack>
@@ -68,6 +72,7 @@
   <PropertyGroup>
     <!-- The MSAL.snk has both private and public keys -->
     <DelaySign>false</DelaySign>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -85,7 +90,7 @@
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net472' ">
-    <Compile Remove="*.cs"/>
+    <Compile Remove="*.cs" />
     <Compile Include="ClaimsPrincipalExtensions.cs" />
     <Compile Remove="AppServicesAuth\**" />
     <Compile Remove="CertificateManagement\**" />
@@ -112,10 +117,6 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.Identity.Client" Version="4.22.0" />
-    <PackageReference Include="SonarAnalyzer.CSharp" Version="8.14.0.22654">
-      <PrivateAssets>all</PrivateAssets>
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-    </PackageReference>
 
     <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.205">
       <PrivateAssets>all</PrivateAssets>
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
index 75e3f0c1a..513930656 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
@@ -757,6 +757,24 @@
             will find the user from the HttpContext.</param>
             <returns>A strongly typed response from the web API.</returns>
         </member>
+        <member name="M:Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.GetForUserAsync``1(Microsoft.Identity.Web.IDownstreamWebApi,System.String,``0,System.Action{Microsoft.Identity.Web.DownstreamWebApiOptions},System.Security.Claims.ClaimsPrincipal)">
+            <summary>
+            Call a web API with a strongly typed input, with an HttpGet.
+            </summary>
+            <typeparam name="TInput">Input type.</typeparam>
+            <param name="downstreamWebApi">The downstream web API.</param>
+            <param name="serviceName">Name of the service describing the downstream web API. There can
+            be several configuration named sections mapped to a <see cref="T:Microsoft.Identity.Web.DownstreamWebApiOptions"/>,
+            each for one downstream web API. You can pass-in null, but in that case <paramref name="downstreamWebApiOptionsOverride"/>
+            needs to be set.</param>
+            <param name="inputData">Input data.</param>
+            <param name="downstreamWebApiOptionsOverride">Overrides the options proposed in the configuration described
+            by <paramref name="serviceName"/>.</param>
+            <param name="user">[Optional] Claims representing a user. This is useful in platforms like Blazor
+            or Azure Signal R, where the HttpContext is not available. In other platforms, the library
+            will find the user from the HttpContext.</param>
+            <returns>The value returned by the downstream web API.</returns>
+        </member>
         <member name="M:Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.PostForUserAsync``2(Microsoft.Identity.Web.IDownstreamWebApi,System.String,System.String,``1,System.Action{Microsoft.Identity.Web.DownstreamWebApiOptions},System.Security.Claims.ClaimsPrincipal)">
             <summary>
             Calls the web API with an HttpPost, providing strongly typed input and getting
@@ -836,24 +854,6 @@
             will find the user from the HttpContext.</param>
             <returns>The value returned by the downstream web API.</returns>
         </member>
-        <member name="M:Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.GetForUserAsync``1(Microsoft.Identity.Web.IDownstreamWebApi,System.String,``0,System.Action{Microsoft.Identity.Web.DownstreamWebApiOptions},System.Security.Claims.ClaimsPrincipal)">
-            <summary>
-            Call a web API with a strongly typed input, with an HttpGet.
-            </summary>
-            <typeparam name="TInput">Input type.</typeparam>
-            <param name="downstreamWebApi">The downstream web API.</param>
-            <param name="serviceName">Name of the service describing the downstream web API. There can
-            be several configuration named sections mapped to a <see cref="T:Microsoft.Identity.Web.DownstreamWebApiOptions"/>,
-            each for one downstream web API. You can pass-in null, but in that case <paramref name="downstreamWebApiOptionsOverride"/>
-            needs to be set.</param>
-            <param name="inputData">Input data.</param>
-            <param name="downstreamWebApiOptionsOverride">Overrides the options proposed in the configuration described
-            by <paramref name="serviceName"/>.</param>
-            <param name="user">[Optional] Claims representing a user. This is useful in platforms like Blazor
-            or Azure Signal R, where the HttpContext is not available. In other platforms, the library
-            will find the user from the HttpContext.</param>
-            <returns>The value returned by the downstream web API.</returns>
-        </member>
         <member name="T:Microsoft.Identity.Web.DownstreamWebApiOptions">
             <summary>
             Options passed-in to call downstream web APIs. To call Microsoft Graph, see rather
@@ -959,11 +959,11 @@
              will find the user from the HttpContext.</param>
              <returns>The value returned by the downstream web API.</returns>
              <example>
-             A list method that returns an IEnumerable&lt;Todo&gt;&gt;.
+             A list method that returns an IEnumerable&lt;MyItem&gt;&gt;.
              <code>
-             public async Task&lt;IEnumerable&lt;Todo&gt;&gt; GetAsync()
+             public async Task&lt;IEnumerable&lt;MyItem&gt;&gt; GetAsync()
              {
-              return await _downstreamWebApi.CallWebApiForUserAsync&lt;object, IEnumerable&lt;Todo&gt;&gt;(
+              return await _downstreamWebApi.CallWebApiForUserAsync&lt;object, IEnumerable&lt;MyItem&gt;&gt;(
                      ServiceName,
                      null,
                      options =>
@@ -975,15 +975,15 @@
             
              Example of editing.
              <code>
-             public async Task&lt;Todo&gt; EditAsync(Todo todo)
+             public async Task&lt;MyItem&gt; EditAsync(MyItem myItem)
              {
-               return await _downstreamWebApi.CallWebApiForUserAsync&lt;Todo, Todo&gt;(
+               return await _downstreamWebApi.CallWebApiForUserAsync&lt;MyItem, MyItem&gt;(
                      ServiceName,
-                     todo,
+                     nyItem,
                      options =>
                      {
                         options.HttpMethod = HttpMethod.Patch;
-                        options.RelativePath = $"api/todolist/{todo.Id}";
+                        options.RelativePath = $"api/todolist/{myItem.Id}";
                      });
              }
              </code>
@@ -1811,7 +1811,7 @@
             instance of the current HttpContext.
             </summary>
             <param name="scopes">Scopes to request for the downstream API to call.</param>
-            <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
+            <param name="tenantId">Enables overriding of the tenant/account for the same identity. This is useful in the
             cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest.</param>
             <param name="userFlow">Azure AD B2C user flow to target.</param>
             <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
@@ -1850,7 +1850,7 @@
             instance of the current HttpContext.
             </summary>
             <param name="scopes">Scopes to request for the downstream API to call.</param>
-            <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
+            <param name="tenantId">Enables overriding of the tenant/account for the same identity. This is useful in the
             cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant.</param>
             <param name="userFlow">Azure AD B2C user flow to target.</param>
             <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
diff --git a/src/Microsoft.Identity.Web/MicrosoftIdentityCircuitHandler.cs b/src/Microsoft.Identity.Web/MicrosoftIdentityCircuitHandler.cs
index 93bf15d8d..586e1a109 100644
--- a/src/Microsoft.Identity.Web/MicrosoftIdentityCircuitHandler.cs
+++ b/src/Microsoft.Identity.Web/MicrosoftIdentityCircuitHandler.cs
@@ -53,7 +53,7 @@ public class MicrosoftIdentityConsentAndConditionalAccessHandler
         private ClaimsPrincipal? _user;
         private string? _baseUri;
 #pragma warning disable CS8602 // Dereference of a possibly null reference. HttpContext will not be null in this case.
-        private IHttpContextAccessor? _httpContextAccessor;
+        private readonly IHttpContextAccessor? _httpContextAccessor;
 #pragma warning restore CS8602 // Dereference of a possibly null reference. HttpContext will not be null in this case.
 
         /// <summary>
diff --git a/src/Microsoft.Identity.Web/MsalAspNetCoreHttpClientFactory.cs b/src/Microsoft.Identity.Web/MsalAspNetCoreHttpClientFactory.cs
index 9b97fa890..a97e683c4 100644
--- a/src/Microsoft.Identity.Web/MsalAspNetCoreHttpClientFactory.cs
+++ b/src/Microsoft.Identity.Web/MsalAspNetCoreHttpClientFactory.cs
@@ -8,7 +8,7 @@ namespace Microsoft.Identity.Web
 {
     internal class MsalAspNetCoreHttpClientFactory : IMsalHttpClientFactory
     {
-        private IHttpClientFactory _httpClientFactory;
+        private readonly IHttpClientFactory _httpClientFactory;
 
         public MsalAspNetCoreHttpClientFactory(IHttpClientFactory httpClientFactory)
         {
diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs
index 2229d5309..b01513cbe 100644
--- a/src/Microsoft.Identity.Web/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs
@@ -176,7 +176,7 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
         /// instance of the current HttpContext.
         /// </summary>
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
-        /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
+        /// <param name="tenantId">Enables overriding of the tenant/account for the same identity. This is useful in the
         /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest.</param>
         /// <param name="userFlow">Azure AD B2C user flow to target.</param>
         /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
@@ -191,7 +191,7 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
         /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived.</remarks>
         public async Task<AuthenticationResult> GetAuthenticationResultForUserAsync(
             IEnumerable<string> scopes,
-            string? tenant = null,
+            string? tenantId = null,
             string? userFlow = null,
             ClaimsPrincipal? user = null,
             TokenAcquisitionOptions? tokenAcquisitionOptions = null)
@@ -205,7 +205,7 @@ public async Task<AuthenticationResult> GetAuthenticationResultForUserAsync(
 
             _application = await GetOrBuildConfidentialClientApplicationAsync().ConfigureAwait(false);
 
-            string authority = CreateAuthorityBasedOnTenantIfProvided(_application, tenant);
+            string authority = CreateAuthorityBasedOnTenantIfProvided(_application, tenantId);
 
             AuthenticationResult? authenticationResult;
 
@@ -309,7 +309,7 @@ public async Task<string> GetAccessTokenForAppAsync(
         /// instance of the current HttpContext.
         /// </summary>
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
-        /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
+        /// <param name="tenantId">Enables overriding of the tenant/account for the same identity. This is useful in the
         /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant.</param>
         /// <param name="userFlow">Azure AD B2C user flow to target.</param>
         /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
@@ -324,7 +324,7 @@ public async Task<string> GetAccessTokenForAppAsync(
         /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived.</remarks>
         public async Task<string> GetAccessTokenForUserAsync(
             IEnumerable<string> scopes,
-            string? tenant = null,
+            string? tenantId = null,
             string? userFlow = null,
             ClaimsPrincipal? user = null,
             TokenAcquisitionOptions? tokenAcquisitionOptions = null)
@@ -332,7 +332,7 @@ public async Task<string> GetAccessTokenForUserAsync(
             AuthenticationResult result =
                 await GetAuthenticationResultForUserAsync(
                 scopes,
-                tenant,
+                tenantId,
                 userFlow,
                 user,
                 tokenAcquisitionOptions).ConfigureAwait(false);
@@ -352,12 +352,9 @@ public async Task ReplyForbiddenWithWwwAuthenticateHeaderAsync(IEnumerable<strin
         {
             // A user interaction is required, but we are in a web API, and therefore, we need to report back to the client through a 'WWW-Authenticate' header https://tools.ietf.org/html/rfc6750#section-3.1
             string proposedAction = Constants.Consent;
-            if (msalServiceException.ErrorCode == MsalError.InvalidGrantError)
+            if (msalServiceException.ErrorCode == MsalError.InvalidGrantError && AcceptedTokenVersionMismatch(msalServiceException))
             {
-                if (AcceptedTokenVersionMismatch(msalServiceException))
-                {
-                    throw msalServiceException;
-                }
+                throw msalServiceException;
             }
 
             _application = await GetOrBuildConfidentialClientApplicationAsync().ConfigureAwait(false);
@@ -685,6 +682,7 @@ private static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalSer
                 }
                 catch
                 {
+                    // do nothing.
                 }
             }
 
diff --git a/tests/.editorconfig b/tests/.editorconfig
index 075789f3f..6d565b82b 100644
--- a/tests/.editorconfig
+++ b/tests/.editorconfig
@@ -37,3 +37,9 @@ dotnet_diagnostic.SA1611.severity = none
 
 # SA1604: Element documentation should have summary
 dotnet_diagnostic.SA1604.severity = none
+
+# S4457: Parameter validation in "async"/"await" methods should be wrapped
+dotnet_diagnostic.S4457.severity = none
+
+# S3358: Ternary operators should not be nested
+dotnet_diagnostic.S3358.severity = none
diff --git a/tests/AjaxCallActionsWithDynamicConsent/AjaxCallActionsWithDynamicConsent.csproj b/tests/AjaxCallActionsWithDynamicConsent/AjaxCallActionsWithDynamicConsent.csproj
index e63829a95..af4dc6059 100644
--- a/tests/AjaxCallActionsWithDynamicConsent/AjaxCallActionsWithDynamicConsent.csproj
+++ b/tests/AjaxCallActionsWithDynamicConsent/AjaxCallActionsWithDynamicConsent.csproj
@@ -3,8 +3,14 @@
   <PropertyGroup>
     <TargetFramework>netcoreapp3.1</TargetFramework>
     <NoWarn>NU1605</NoWarn>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.Identity.Web.UI\Microsoft.Identity.Web.UI.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
diff --git a/tests/B2CWebAppCallsWebApi/Client/TodoListClient.csproj b/tests/B2CWebAppCallsWebApi/Client/TodoListClient.csproj
index 58fd87996..af4a40e57 100644
--- a/tests/B2CWebAppCallsWebApi/Client/TodoListClient.csproj
+++ b/tests/B2CWebAppCallsWebApi/Client/TodoListClient.csproj
@@ -4,6 +4,8 @@
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
     <UserSecretsId>aspnet-WebApp_OpenIDConnect_DotNet-81EA87AD-E64D-4755-A1CC-5EA47F49B5D9</UserSecretsId>
     <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
   <ItemGroup>
@@ -21,6 +23,10 @@
     <Compile Include="..\TodoListService\Models\TodoItem.cs" Link="Models\TodoItem.cs" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="3.1.1" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.3" />
diff --git a/tests/B2CWebAppCallsWebApi/TodoListService/TodoListService.csproj b/tests/B2CWebAppCallsWebApi/TodoListService/TodoListService.csproj
index fb0389417..ae469b87b 100644
--- a/tests/B2CWebAppCallsWebApi/TodoListService/TodoListService.csproj
+++ b/tests/B2CWebAppCallsWebApi/TodoListService/TodoListService.csproj
@@ -4,8 +4,14 @@
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
     <UserSecretsId>aspnet-TodoListService-03230DB1-5145-408C-A48B-BE3DAFC56C30</UserSecretsId>
     <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
   </ItemGroup>
diff --git a/tests/BlazorServerCallsGraph/blazor.csproj b/tests/BlazorServerCallsGraph/blazor.csproj
index d78cf8ea2..d306a7238 100644
--- a/tests/BlazorServerCallsGraph/blazor.csproj
+++ b/tests/BlazorServerCallsGraph/blazor.csproj
@@ -2,7 +2,12 @@
   <PropertyGroup>
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
      <UserSecretsId>66e5c3c7-f757-4032-bfcf-68bd81948618</UserSecretsId>
+     <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+     <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.SignalR" Version="1.5.1" />
   </ItemGroup>
diff --git a/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Benchmark/Microsoft.Identity.Web.Perf.Benchmark.csproj b/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Benchmark/Microsoft.Identity.Web.Perf.Benchmark.csproj
index c5a582e28..23b0130a2 100644
--- a/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Benchmark/Microsoft.Identity.Web.Perf.Benchmark.csproj
+++ b/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Benchmark/Microsoft.Identity.Web.Perf.Benchmark.csproj
@@ -3,8 +3,13 @@
   <PropertyGroup>
     <OutputType>Exe</OutputType>
     <TargetFramework>netcoreapp3.1</TargetFramework>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="BenchmarkDotNet" Version="0.12.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="3.1.8" />
diff --git a/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Client/Microsoft.Identity.Web.Perf.Client.csproj b/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Client/Microsoft.Identity.Web.Perf.Client.csproj
index ab5d4ca8f..3f03f49f4 100644
--- a/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Client/Microsoft.Identity.Web.Perf.Client.csproj
+++ b/tests/PerformanceTests/Microsoft.Identity.Web.Perf.Client/Microsoft.Identity.Web.Perf.Client.csproj
@@ -3,8 +3,13 @@
   <PropertyGroup>
     <OutputType>Exe</OutputType>
     <TargetFramework>netcoreapp3.1</TargetFramework>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="3.1.8" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.8" />
diff --git a/tests/WebAppCallsMicrosoftGraph/WebAppCallsMicrosoftGraph.csproj b/tests/WebAppCallsMicrosoftGraph/WebAppCallsMicrosoftGraph.csproj
index 2a3d90149..25207d78e 100644
--- a/tests/WebAppCallsMicrosoftGraph/WebAppCallsMicrosoftGraph.csproj
+++ b/tests/WebAppCallsMicrosoftGraph/WebAppCallsMicrosoftGraph.csproj
@@ -2,7 +2,12 @@
   <PropertyGroup>
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
     <UserSecretsId>aspnet-WebApp_OpenIDConnect_DotNet-81EA87AD-E64D-4755-A1CC-5EA47F49B5D8</UserSecretsId>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.Identity.Web.MicrosoftGraph\Microsoft.Identity.Web.MicrosoftGraph.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Identity.Web.UI\Microsoft.Identity.Web.UI.csproj" />
diff --git a/tests/WebAppCallsWebApiCallsGraph/Client/TodoListClient.csproj b/tests/WebAppCallsWebApiCallsGraph/Client/TodoListClient.csproj
index a5d48f1dd..0931d2eb9 100644
--- a/tests/WebAppCallsWebApiCallsGraph/Client/TodoListClient.csproj
+++ b/tests/WebAppCallsWebApiCallsGraph/Client/TodoListClient.csproj
@@ -4,6 +4,8 @@
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
     <UserSecretsId>aspnet-WebApp_OpenIDConnect_DotNet-81EA87AD-E64D-4755-A1CC-5EA47F49B5D0</UserSecretsId>
     <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
   <ItemGroup>
@@ -21,6 +23,10 @@
     <Compile Include="..\TodoListService\Models\TodoItem.cs" Link="Models\TodoItem.cs" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="3.1.1" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.3" />
diff --git a/tests/WebAppCallsWebApiCallsGraph/TodoListService/TodoListService.csproj b/tests/WebAppCallsWebApiCallsGraph/TodoListService/TodoListService.csproj
index 50014080b..b4fbf27ef 100644
--- a/tests/WebAppCallsWebApiCallsGraph/TodoListService/TodoListService.csproj
+++ b/tests/WebAppCallsWebApiCallsGraph/TodoListService/TodoListService.csproj
@@ -4,8 +4,14 @@
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
     <UserSecretsId>aspnet-TodoListService-03230DB1-5145-408C-A48B-BE3DAFC56C30</UserSecretsId>
     <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web.MicrosoftGraph\Microsoft.Identity.Web.MicrosoftGraph.csproj" />
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
diff --git a/tests/blazorserver2-b2c-callswebapi/blazor.csproj b/tests/blazorserver2-b2c-callswebapi/blazor.csproj
index 6f39697f6..78b89255c 100644
--- a/tests/blazorserver2-b2c-callswebapi/blazor.csproj
+++ b/tests/blazorserver2-b2c-callswebapi/blazor.csproj
@@ -2,7 +2,12 @@
   <PropertyGroup>
      <TargetFrameworks>netcoreapp3.1; net5.0</TargetFrameworks>
      <UserSecretsId>66e5c3c7-f757-4032-bfcf-68bd81948618</UserSecretsId>
+     <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+     <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.Identity.Web.UI\Microsoft.Identity.Web.UI.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
diff --git a/tests/blazorwasm-b2c/blazorwasm2-b2c.csproj b/tests/blazorwasm-b2c/blazorwasm2-b2c.csproj
index b23107a50..3e2cbf3d5 100644
--- a/tests/blazorwasm-b2c/blazorwasm2-b2c.csproj
+++ b/tests/blazorwasm-b2c/blazorwasm2-b2c.csproj
@@ -4,6 +4,8 @@
     <RuntimeIdentifier>browser-wasm</RuntimeIdentifier>
     <UseBlazorWebAssembly>true</UseBlazorWebAssembly>
     <RazorLangVersion>3.0</RazorLangVersion>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1' ">
@@ -22,5 +24,9 @@
     <PackageReference Include="System.Net.Http.Json" Version="5.0.0-*" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
 
 </Project>
diff --git a/tests/blazorwasm2-b2c-hosted/Client/blazorwasm2-b2c-hosted.Client.csproj b/tests/blazorwasm2-b2c-hosted/Client/blazorwasm2-b2c-hosted.Client.csproj
index c6c336d88..947bfd289 100644
--- a/tests/blazorwasm2-b2c-hosted/Client/blazorwasm2-b2c-hosted.Client.csproj
+++ b/tests/blazorwasm2-b2c-hosted/Client/blazorwasm2-b2c-hosted.Client.csproj
@@ -2,7 +2,12 @@
   <PropertyGroup>
     <TargetFramework>netstandard2.1</TargetFramework>
     <RazorLangVersion>3.0</RazorLangVersion>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.0" />
diff --git a/tests/blazorwasm2-b2c-hosted/Server/blazorwasm2-b2c-hosted.Server.csproj b/tests/blazorwasm2-b2c-hosted/Server/blazorwasm2-b2c-hosted.Server.csproj
index 121a4a44d..f6339553f 100644
--- a/tests/blazorwasm2-b2c-hosted/Server/blazorwasm2-b2c-hosted.Server.csproj
+++ b/tests/blazorwasm2-b2c-hosted/Server/blazorwasm2-b2c-hosted.Server.csproj
@@ -2,12 +2,17 @@
   <PropertyGroup>
      <TargetFrameworks>netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="3.2.0" />
   </ItemGroup>
 
   <PropertyGroup>
      <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
+     <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+     <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/tests/blazorwasm2-b2c-hosted/Shared/blazorwasm2-b2c-hosted.Shared.csproj b/tests/blazorwasm2-b2c-hosted/Shared/blazorwasm2-b2c-hosted.Shared.csproj
index d4c395e8c..f8c812e41 100644
--- a/tests/blazorwasm2-b2c-hosted/Shared/blazorwasm2-b2c-hosted.Shared.csproj
+++ b/tests/blazorwasm2-b2c-hosted/Shared/blazorwasm2-b2c-hosted.Shared.csproj
@@ -2,6 +2,12 @@
 
   <PropertyGroup>
     <TargetFramework>netstandard2.1</TargetFramework>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
 </Project>
diff --git a/tests/blazorwasm2/Client/blazorwasm2-singleOrg-hosted4.Client.csproj b/tests/blazorwasm2/Client/blazorwasm2-singleOrg-hosted4.Client.csproj
index 2da372ba4..8eac0051b 100644
--- a/tests/blazorwasm2/Client/blazorwasm2-singleOrg-hosted4.Client.csproj
+++ b/tests/blazorwasm2/Client/blazorwasm2-singleOrg-hosted4.Client.csproj
@@ -3,8 +3,14 @@
   <PropertyGroup>
     <TargetFramework>netstandard2.1</TargetFramework>
     <RazorLangVersion>3.0</RazorLangVersion>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.0" />
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.0" PrivateAssets="all" />
diff --git a/tests/blazorwasm2/Server/blazorwasm2-singleOrg-hosted4.Server.csproj b/tests/blazorwasm2/Server/blazorwasm2-singleOrg-hosted4.Server.csproj
index 2adbf52c6..90ede4291 100644
--- a/tests/blazorwasm2/Server/blazorwasm2-singleOrg-hosted4.Server.csproj
+++ b/tests/blazorwasm2/Server/blazorwasm2-singleOrg-hosted4.Server.csproj
@@ -2,12 +2,17 @@
   <PropertyGroup>
      <TargetFrameworks>netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="3.2.0" />
   </ItemGroup>
 
   <PropertyGroup>
      <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
+     <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+     <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/tests/blazorwasm2/Shared/blazorwasm2-singleOrg-hosted4.Shared.csproj b/tests/blazorwasm2/Shared/blazorwasm2-singleOrg-hosted4.Shared.csproj
index 3e2a547e1..0bca2a6c6 100644
--- a/tests/blazorwasm2/Shared/blazorwasm2-singleOrg-hosted4.Shared.csproj
+++ b/tests/blazorwasm2/Shared/blazorwasm2-singleOrg-hosted4.Shared.csproj
@@ -2,6 +2,12 @@
 
   <PropertyGroup>
     <TargetFrameworks>netstandard2.1</TargetFrameworks>
+    <CodeAnalysisRuleSet>..\..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
 </Project>
diff --git a/tools/ConfigureGeneratedApplications/ConfigureGeneratedApplications.csproj b/tools/ConfigureGeneratedApplications/ConfigureGeneratedApplications.csproj
index 8fcdd55e3..c669fc0df 100644
--- a/tools/ConfigureGeneratedApplications/ConfigureGeneratedApplications.csproj
+++ b/tools/ConfigureGeneratedApplications/ConfigureGeneratedApplications.csproj
@@ -3,8 +3,14 @@
   <PropertyGroup>
     <OutputType>Exe</OutputType>
     <TargetFramework>netcoreapp3.1</TargetFramework>
+    <CodeAnalysisRuleSet>..\..\.sonarlint\azuread_microsoft-identity-webcsharp.ruleset</CodeAnalysisRuleSet>
+    <SonarQubeExclude>True</SonarQubeExclude>
   </PropertyGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\.sonarlint\azuread_microsoft-identity-web\CSharp\SonarLint.xml" Link="SonarLint.xml" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="System.Text.Json" Version="4.7.2" />
   </ItemGroup>