Microsoft.Identity.Web Sneak Peek

About a year ago, I posted about Microsoft Authentication Graph Helpers. While it set an example on how to standardize identity setup in ASP.NET Core projects, Microsoft has done a way better job - by creating Microsoft.Identity.Web.

Microsoft.Identity.Web has been around for quite a while (roughly 7 months at the time of writing) as part of samples. Recently, it has been moved to a separate repository and the commit messages in the sample actually hint that it is soon to be released as a NuGet package which we all can make use of easily.

Generally, it focuses on the following issues:

• Easily add authentication via Azure AD or B2C to your application
• Easily protect your API with Azure AD or B2C
• Streamlined token caching (includes in-memory, session and distributed memory cache implementations which is super cool)
• Fully built on top of MSAL
• They include scope based authentication attributes which can be used in controllers
• Shortcuts for calling the On-Behalf-Of flow
• Support for conditional access from down stream APIs (yay, this is super cool too!)

What I love about this the most is that it covers most of the scenarios which you can encounter with Azure AD authentication in your web app.

Once it gets released as NuGet, I plan to port some of the functionality which I had in the Graph Helpers (the AzureAdAuthorization attribute for group-based/role-based authentication and MicrosoftGraphFactory) and try to have it as an extension to the Microsoft’s package, since for example in our apps, we use group-based authorization quite heavily.

I really can’t wait to see how this will evolve, especially if there are any plans to make the entire flow more friendly with Azure Functions.

Once Microsoft releases it as a NuGet package (v1), I plan to cover this library more deeply and post some experiences I had with moving existing applications to it.