购买Buy
1-855-856-7678
支持Support
EN
此内容没有您的语言版本,但有英语版本。
Overview of Windows Azure Authentication Library
Updated: April 5, 2013
Summary
The Windows Azure Authentication Library (AAL) enables client application developers to easily authenticate users to Windows Azure Active Directory or other identity providers, and then obtain access tokens for securing API calls. To duplicate this functionality without AAL, developers must write non-trivial authentication code and understand protocol details. With AAL, a developer can focus on business logic in their application, ignore most protocol details, and easily secure resources without being an expert on security.
Scenarios
AAL enables the key scenarios below. The resource portion of these scenarios can be implemented using any token validation logic. For example, if you are targeting the .NET Framework 4.5 for your REST services, you can use the developer preview of the JSON Web Token Handler for the Microsoft .NET Framework 4.5 to validate JWT tokens obtained via AAL.
-
Authenticating Users of a Client Application to a Remote Resource: In this scenario, a developer has a client application that needs to access a remote resource, such as a REST service. She has a Windows Azure subscription, and therefore can leverage Windows Azure AD to manage user authentication. She also knows how to invoke the downstream service, and knows the Windows Azure AD tenant the service uses. As a result, she can use AAL to facilitate authentication with Windows Azure AD, either by fully delegating the authentication experience to AAL and Windows Azure AD, or by explicitly handling user credentials. Authentication with Windows Azure AD results in a token, and AAL makes it easy to obtain this token and use it to make requests to the REST service.
-
Authenticating a Server Application to a Remote Resource: In this scenario, a developer has an application running on a server that needs to access a remote resource, such as a REST service. She has a Windows Azure subscription, and therefore can leverage Windows Azure AD to manage the application’s identity. She also knows how to invoke the downstream service, and knows the Windows Azure AD tenant the service uses. As a result, she can use AAL to facilitate authentication with Windows Azure AD, by explicitly handling the application’s credentials. Authentication with Windows Azure AD results in a token, and AAL makes it easy to obtain this token and use it to make requests to the REST service.
Features
AAL offers the following features:
-
Token Acquisition: AAL facilitates the process of acquiring tokens from Windows Azure AD by using a variety of identity providers, protocols, and credential types. AAL can manage the entire token acquisition process in just a few lines of code, including the authentication user experience. Alternatively, you can provide raw credentials that represent your user or application and AAL will manage obtaining a token for you.
