Why use ADAL.NET ?
ADAL.NET V3 (Active Directory Authentication Library for .NET) enables developers of .NET applications to acquire tokens in order to call secured Web APIs. These Web APIs can be the Microsoft Graph, or 3rd party Web APIs.
ADAL.NET Supports multiple application architectures
It supports all the possible application topologies except the User-agent based client (which is only supported in JavaScript):
- native client (mobile/desktop applications) calling a Web API in the name of the user,
- daemons/services or web clients (Web Apps/ Web APIs) calling a Web API in the name of a user, or without a user.
ADAL.NET Supports multiple platforms
ADAL.NET supports several platforms:
- .NET Framework,
- .NET Core,
- Xamarin Android,
- Xamarin iOS,
- UWP,
- Windows 8.1 (WinRT). The last version of ADAL supporting Windows 8.1 and Windows Phone 8.1 is ADAL 3.19.8. Support for these platform was dropped in ADAL 4.x
Important
Not all the authentication features are available in all platforms, mostly because:
- they would not make sense in those platforms (for instance iOS and Android applications don't support confidential client flows as these platforms cannot guarantee that application secrets would be safe),
- or because of limitations of the platform itself (for instance .NET Core does not provide UI, and therefore acquisition of tokens requiring user interaction through a Web browser is not possible in .NET Core).
Most of the pages in the wiki describe the most complete platform (.NET Framework), but, topic by topic, it also occasionally calls out differences between platforms.
ADAL.NET is about acquiring tokens, not protecting an API
ADAL.NET is used to acquire tokens. It's not used to protect a Web API. If you are interested in protecting a Web API with Azure AD, you might want to check out:
- Azure Active Directory with ASP.NET Core. Note that some of these examples present Web Apps which also call a Web API with ADAL.Net
- Developing ASP.NET Apps with Azure Active Directory
- The IdentityModel extensions for .Net open source library providing middleware used by ASP.NET and ASP.NET Core to protect APIs
Protecting the app itself with Intune
Your mobile app (written in Xamarin.iOS or Xamarin.Android) can have app protection policies applied to it, so that it can be managed by Intune and recognized by Intune as a managed app. The Intune SDK is separate from ADAL, and it talks to AAD on its own.
No comments:
Post a Comment