SALES: 1-800-867-1380
21 out of 40 rated this helpful - Rate this topic

Windows Azure AD Authentication Library for .NET

Updated: October 17, 2013

Summary

The Windows Azure Active Directory Authentication Library (ADAL) for .NET enables client application developers to easily authenticate users to cloud or on-premise Active Directory (AD), and then obtain access tokens for securing API calls. ADAL for .NET currently supports three authorities: Windows Azure AD, Windows Server Active Directory Federation Services (ADFS) for Windows Server 2012 R2, and the Windows Azure Access Control service (ACS). By handling most of the complexity, ADAL can help a developer focus on business logic in their application and easily secure resources without being an expert on security.

In This Section

Scenarios

ADAL for .NET enables the key scenarios below. The resource portion of these scenarios can be implemented using any token validation logic. For example, if you are targeting the .NET Framework 4.5 for your REST services, you can use the developer preview of the JSON Web Token Handler for the Microsoft .NET Framework 4.5 to validate JWT tokens obtained via ADAL.

  • Authenticating Users of a Client Application to a Remote Resource: In this scenario, a developer has a client, such as a WPF application, that needs to access a remote resource secured by Windows Azure AD, such as a REST service. He has a Windows Azure subscription, knows how to invoke the downstream service, and knows the Windows Azure AD tenant that the service uses. As a result, he can use ADAL to facilitate authentication with Windows Azure AD, either by fully delegating the authentication experience to ADAL or by explicitly handling user credentials. ADAL makes it easy to authenticate the user, obtain an access token and refresh token from Windows Azure AD, and then use the access token to make requests to the REST service. ADAL also manages access tokens for multiple users of the application by caching them, and as necessary, using the refresh token to renew the cached access token. This scenario also applies to Windows Server ADFS for Windows Server 2012 R2.

    For a code sample that demonstrates this scenario using authentication to Windows Azure AD, see Native Application to REST Service – Authentication with AAD via Browser Dialog.

  • Authenticating a Server Application to a Remote Resource: In this scenario, a developer has an application running on a server that needs to access a remote resource secured by Windows Azure AD, such as a REST service. He has a Windows Azure subscription, knows how to invoke the downstream service, and knows the Windows Azure AD tenant the service uses. As a result, he can use ADAL to facilitate authentication with Windows Azure AD by explicitly handling the application’s credentials. ADAL makes it easy to authenticate the user, obtain an access token from Windows Azure AD, and then use that token to make requests to the REST service. ADAL also handles managing the lifetime of the access token by caching it and renewing it as necessary.

    For a code sample that demonstrates this scenario, see Server to Server Authentication.

  • Authenticating a Server Application on Behalf of a User to Access a Remote Resource: In this scenario, a developer has an application running on a server that needs to access a remote resource secured by Windows Azure AD, such as a REST service. The request also needs to be made on behalf of a user in Windows Azure AD. He has a Windows Azure subscription, knows how to invoke the downstream service, and knows the Windows Azure AD tenant the service uses. As a result, he can use ADAL to facilitate authentication with Windows Azure AD by explicitly handling the application’s credentials. ADAL makes it easy to authenticate the user, obtain an access token and a user authentication code from Windows Azure AD, and then use both the token and the code to make requests to the REST service.

Features

ADAL for .NET offers the following features:

  • Token Acquisition: ADAL for .NET facilitates the process of acquiring tokens from Windows Azure AD, Windows Server ADFS for Windows Server 2012 R2, and the Windows Azure ACS by using a variety of identity providers, protocols, and credential types. ADAL can manage the entire token acquisition process in just a few lines of code, including the authentication user experience. Alternatively, you can provide raw credentials that represent your user or application and ADAL will manage obtaining a token for you.

  • Persistent Token Cache: ADAL for .NET stores all access tokens in a persistent token cache by default, but you can also write your own cache implementation or disable it entirely.

  • Automatic Token Refresh: In addition to the persistent token cache, ADAL supports automatic refresh of tokens when they expire. ADAL will both query the token cache to check if the token has expired, and then attempt to get a new token using the stored credentials.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.