asp net

Support for ASP.NET classic and more generally .NET 4.7.2

Microsoft.Identity.Web is mostly aimed at ASP.NET Core. However, some of its classes are also available for ASP.NET. These are:

• Token cache serializers and adapters for MSAL.NET
• Constants
• ClaimsPrincipalExtension which add extensions methods to a ClaimsPrincipal
• Helper methods to load certificates

Token cache serialization for MSAL.NET

This PR shows how an ASP.NET MVC application was modified to leverage the token cache serializers.

The principle is the same, except that ASP.NET will probably not use dependency injection. You'd probably instantiate the classes yourself in your code.

 public static async Task<IConfidentialClientApplication> BuildConfidentialClientApplication()
 {
  IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(AuthenticationConfig.ClientId)
     .WithClientSecret(AuthenticationConfig.ClientSecret)
     .WithRedirectUri(AuthenticationConfig.RedirectUri)
     .WithAuthority(new Uri(AuthenticationConfig.Authority))
     .Build();

     // After the ConfidentialClientApplication is created, we overwrite its default UserTokenCache serialization with our implementation
     IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer();
     await memoryTokenCacheProvider.InitializeAsync(clientapp.UserTokenCache);
     return clientapp;
  }

with

private static IServiceProvider serviceProvider;

private static IMsalTokenCacheProvider CreateTokenCacheSerializer()
{
 if (serviceProvider == null)
 {
  // In memory token cache. Other forms of serialization are possible.
  // See https://github.com/AzureAD/microsoft-identity-web/wiki/asp-net 
  IServiceCollection services = new ServiceCollection();
  services.AddInMemoryTokenCaches();

  serviceProvider = services.BuildServiceProvider();
 }
 IMsalTokenCacheProvider msalTokenCacheProvider = serviceProvider.GetRequiredService<IMsalTokenCacheProvider>();
 return msalTokenCacheProvider;
}

See Token cache serialization for details on the other token cache providers/serializers

Sample

• Using this cache in a .NET Framework and .NET Core (not ASP.NET) application is showed-cased in this sample ConfidentialClientTokenCache
• The following sample is an ASP.NET web app using the same technics: https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect (See WebApp/Utils/MsalAppBuilder.cs

Help loading certificates

Microsoft.Identity.Web 1.6.0 and later expose the DefaultCertificateLoader class to .NET framework.

 // Certificate
 string keyVaultContainer = "https://WebAppsApisTests.vault.azure.net";
 string keyVaultReference = "MsIdWebScenarioTestCert";
 CertificateDescription certDescription = CertificateDescription.FromKeyVault(keyVaultContainer, keyVaultReference);
 ICertificateLoader certificateLoader = new DefaultCertificateLoader();
 certificateLoader.LoadIfNeeded(certDescription);

 // Create the confidential client application
 IConfidentialClientApplication app;
 app = ConfidentialClientApplicationBuilder.Create(clientId)
        .WithCertificate(certDescription.Certificate)
        .WithTenantId(tenant)
        .Build();

For details, see:

• the Using certicates article for details.
• the ConfidentialClientTokenCache which showcases loading a certificate from KeyVault.

Some of the samples illustrating token cache serialization in .NET Framework apps

Sample	Platform	Description
active-directory-dotnet-v1-to-v2	Desktop (Console)	Visual Studio solution illustrating the migration of Azure AD v1.0 applications (using ADAL.NET) to Azure AD v2.0 applications, also named converged applications (using MSAL.NET), in particular ConfidentialClientTokenCache
ms-identity-aspnet-webapp-openidconnect	ASP.NET (net472)	Example of token cache serialization in an ASP.NET MVC application (using MSAL.NET). See in particular MsalAppBuilder
active-directory-dotnetcore-daemon-v2	.NET Core (Console)	Part of the daemon tutorial, this chapter shows how to have a daemon using certificates acquired from KeyVault.