CODEWITHSUNDEEP
c#.netasp.net-core.net-core
Jams
Jams

Reputation: 503

AddMicrosoftIdentityWebApp vs AddAzureADBearer

The quick-start documentation has changed recently and I can't see what this changed:

What is the difference between:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
        .AddMicrosoftIdentityWebApp(options =>
        {
            options.Instance = azureSecurity.Instance;
            options.Domain = azureSecurity.Domain;
            options.TenantId = azureSecurity.TenantId;
            options.ClientId = azureSecurity.ClientId;
        });

And:

services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
        .AddAzureADBearer(options =>
        {
            options.Instance = azureSecurity.Instance;
            options.Domain = azureSecurity.Domain;
            options.TenantId = azureSecurity.TenantId;
            options.ClientId = azureSecurity.ClientId;
        });

Upvotes: 8

Views: 6496

Answers (1)

UncooleBen
UncooleBen

Reputation: 121

Microsoft is migrating Azure Active Directory authentication for apps from ADAL to MSAL.

The new Microsoft Authentication Library (MSAL) supports authentication methods not only with AAD, but also other token providers such as Facebook, Google, and LinkedIn.

enter image description here

Details can be seen here.

So the difference between these two code segments is just a migration from an obsolete API to a newly introduced one. Since the sample is still using AAD as its authentication token provider, I would say there is not many functional differences between them.

One thing to mention when migrating from ADAL to MSAL is don't forget to append /v2.0 to your Issuer URL. e.g. https://login.microsoftonline.com/common/v2.0. I spent days to realize it when trying to configure request authentication in an Azure App Service.

(You can see that old AAD Auth extension methods are marked with obsolete attribute in the .Net Core source code)

[Obsolete("This is obsolete and will be removed in a future version. Use Microsoft.Identity.Web instead. See https://aka.ms/ms-identity-web.")]
public static class AzureADAuthenticationBuilderExtensions
{
    /// <summary>
    /// Adds JWT Bearer authentication to your app for Azure Active Directory Applications.
    /// </summary>
    /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
    /// <param name="configureOptions">The <see cref="Action{AzureADOptions}"/> to configure the
    /// <see cref="AzureADOptions"/>.
    /// </param>
    /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
    [Obsolete("This is obsolete and will be removed in a future version. Use AddMicrosoftWebApiAuthentication from Microsoft.Identity.Web instead. See https://aka.ms/ms-identity-web.")]
    public static AuthenticationBuilder AddAzureADBearer(this AuthenticationBuilder builder, Action<AzureADOptions> configureOptions) =>
        builder.AddAzureADBearer(
            AzureADDefaults.BearerAuthenticationScheme,
            AzureADDefaults.JwtBearerAuthenticationScheme,
            configureOptions);
    
    ...

Upvotes: 7

Related Questions