Review feedbacks from Stephen Toub + Added a verification test

Commit migrated from 0cf8f7d095

src/libraries/System.Data.SqlClient/src/System/Data/SqlClient/SqlConnection.cs

@@ -231,7 +231,7 @@ namespace System.Data.SqlClient
                     {
                         CheckAndThrowOnInvalidCombinationOfConnectionStringAndSqlCredential(connectionOptions);
                     }
-                    else if (_accessToken != null)
+                    else
                     {
                         CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessToken(connectionOptions);
                     }
@@ -260,11 +260,7 @@ namespace System.Data.SqlClient
                 // When a connection is connecting or is ever opened, make AccessToken available only if "Persist Security Info" is set to true
                 // otherwise, return null
                 SqlConnectionString connectionOptions = (SqlConnectionString)UserConnectionOptions;
-                if (InnerConnection.ShouldHidePassword && connectionOptions != null && !connectionOptions.PersistSecurityInfo)
-                {
-                    result = null;
-                }
-                return result;
+                return InnerConnection.ShouldHidePassword && connectionOptions != null && !connectionOptions.PersistSecurityInfo ? null : _accessToken;
             }
             set
             {
@@ -280,9 +276,9 @@ namespace System.Data.SqlClient
                     CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessToken((SqlConnectionString)ConnectionOptions);
                 }
 
-                _accessToken = value;
                 // Need to call ConnectionString_Set to do proper pool group check
-                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: _accessToken));
+                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: value));
+                _accessToken = value;
             }
         }
 

src/libraries/System.Data.SqlClient/src/System/Data/SqlClient/TdsEnums.cs

@@ -86,7 +86,7 @@ namespace System.Data.SqlClient
         public const byte MT_BINARY = 5;    // Unformatted binary response data (UNUSED)
         public const byte MT_ATTN = 6;    // Attention (break) signal
         public const byte MT_BULK = 7;    // Bulk load data
-        public const byte MT_FEDAUTH = 8;    // Authentication token for federated authentication
+        public const byte MT_OPEN = 8;    // Set up subchannel   (UNUSED)
         public const byte MT_CLOSE = 9;    // Close subchannel   (UNUSED)
         public const byte MT_ERROR = 10;   // Protocol error detected
         public const byte MT_ACK = 11;   // Protocol acknowledgement   (UNUSED)

src/libraries/System.Data.SqlClient/src/System/Data/SqlClient/TdsParser.cs

@@ -6047,7 +6047,7 @@ namespace System.Data.SqlClient
                         _physicalStateObj.WriteByteArray(fedAuthFeatureData.accessToken, fedAuthFeatureData.accessToken.Length, 0);
                         break;
                     default:
-                        Debug.Assert(false, "Unrecognized FedAuthLibrary type for feature extension request");
+                        Debug.Fail("Unrecognized FedAuthLibrary type for feature extension request");
                         break;
                 }
             }

src/libraries/System.Data.SqlClient/tests/FunctionalTests/AADAccessTokenTest.cs

@@ -0,0 +1,53 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Xunit;
+
+namespace System.Data.SqlClient.Tests
+{
+    public class AADAccessTokenTest
+    {
+        SqlConnectionStringBuilder _builder;
+
+        [Fact]
+        public void InvalidCombinationOfAccessToken()
+        {
+            _builder = new SqlConnectionStringBuilder
+            {
+                ["Data Source"] = "sample.database.windows.net",
+                ["Integrated Security"] = true
+            };
+            InvalidCombinationCheck(null);
+
+            _builder = new SqlConnectionStringBuilder
+            {
+                ["UID"] = "test"
+            };
+            InvalidCombinationCheck(null);
+
+            _builder = new SqlConnectionStringBuilder
+            {
+                ["PWD"] = "test"
+            };
+            InvalidCombinationCheck(null);
+
+            _builder = new SqlConnectionStringBuilder
+            {
+                ["Data Source"] = "sample.database.windows.net",
+            };
+            Security.SecureString password = new Security.SecureString();
+            password.MakeReadOnly();
+            SqlCredential credential = new SqlCredential("userID", password);
+            InvalidCombinationCheck(credential);
+        }
+
+        private void InvalidCombinationCheck(SqlCredential credential)
+        {
+            using (SqlConnection connection = new SqlConnection(_builder.ConnectionString, credential))
+            {
+                Assert.Throws<InvalidOperationException>(() => connection.AccessToken = "SampleAccessToken");
+            }
+        }
+    }
+}

src/libraries/System.Data.SqlClient/tests/FunctionalTests/System.Data.SqlClient.Tests.csproj

@@ -9,6 +9,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Windows_NT-Debug|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Windows_NT-Release|AnyCPU'" />
   <ItemGroup>
+    <Compile Include="AADAccessTokenTest.cs" />
     <Compile Include="CloneTests.cs" />
     <Compile Include="BaseProviderAsyncTest\BaseProviderAsyncTest.cs" />
     <Compile Include="BaseProviderAsyncTest\MockCommand.cs" />