First published on CloudBlogs on Mar 31, 2016 by the Microsoft Azure Active Directory Team
Hi everyone, happy //build/ week! First a quick introduction. Here in the Identity Division we’re focusing more than ever on making developers successful on our identity platform. From enterprises to startups to hobbyists, whether the software you’re writing is for sale or for use by your team. To further that focus, I've recently joined the team as Director of Program Management for our developer-facing products and programs. I've spent my career either as a developer or working on developer technologies, including work in .NET, Xbox LIVE, and Windows, and I'm thrilled to be a part of the Identity Division. With that in mind, I’m excited to join Alex in blogging about Azure AD and our Identity services. Alex will continue blogging about end-user-facing and IT-facing news and updates while I’ll be blogging about news and updates for developers. Kicking this off, Vittorio (who quite literally wrote the book on AAD for developers) will walk us through what the team has been up to at the //build/ conference. Stay tuned for more from //build/ in the next few days. John Justice Director of Program Management Microsoft Identity Developer Platform ---------- Hello everybody! Two days ago it was my honor and privilege to represent in a //build/breakout session the developer experience team for Microsoft identity. You can catch the recording of the session on Channel9; in this post you’ll find pointers to all the new releases we announced, and a list of ways we can catch up and work together – whether you are attending //build/ or you are looking at engaging with us afterwards.
On Wednesday we announced the first developer preview of MSAL, the brand-new Microsoft Authentication Library. MSAL is a unified library that helps you to develop applications that work with Microsoft Accounts, Azure AD accounts and Azure AD B2C users indifferently – all in a single, streamlined programming model! As you know, few weeks ago we announced the GA of the converged Microsoft Account and Azure Active Directory programming model. The new model brings significant advantages, such as the ability to register applications even if you don’t have an Azure subscription and a brand new portal to do so in fewer, easier steps. Another great advantage of the new model, improved protocol compliance, made it incompatible with our in-market versions of ADAL – which, as the name implies, are tailored to work exclusively with AD (Azure AD or ADFS). During the preview period of the new programming model we offered an experimental version of ADAL, which was modified to accommodate the new protocol. However, we felt that going further in that direction was not going to truly surface the advantages of the new model, while breaking compatibility with existing ADAL-dependent code anyway. Hence, we took all the things that worked well with ADAL, and brought them forward in a new library that is designed to natively support the great new features the new model brings: support for authority-agnostic apps that work just as well with MSA and with any Azure AD tenant, incremental consent, use of standard-defined scopes instead of AD-proprietary resources, and so on. We also took the opportunity to work on the areas that were the source of the most frequent errors in ADAL, such as the difficulty of using the cache in multi-tenant applications, so that the same problems do not arise in MSAL. I will write more in depth about MSAL in the coming months. For now, here there’s a list of the most salient features.
As we make additional previews of MSAL available, we will retire the experimental versions of ADAL you’ve been using to play with the new model. Please note that this does not mean that we are retiring the in-market, released versions of ADAL! Quite the contrary, in fact – as you will see in the next section. To make it easy for you to learn the ropes of MSAL and the new programing model, today we are also releasing three new samples:
Are you excited yet? We are!
Now, I hope that all this talk about MSAL didn’t make you think that we are abandoning ADAL – we aren’t! ADAL is and remains the main means you have to work with the original Azure AD and with ADFS, which aren’t supported by MSAL. If you need a token for a service that today accepts only tokens from the original Azure AD, such as the Azure ARM API, you’ll want to keep using ADAL. Not only is ADAL fully supported: we are about to release ADAL .NET v3 to general availability! That means that in few days you’ll be able to use ADAL v3 in production to build apps that work on
Note: the ADAL v3 NuGet supports developing for .NET core, but that part of the library should not be considered part of the imminent GA release. Once .NET Core itself will reach GA, we will work on updating ADAL accordingly: but until now, you should treat any .NET core related features as preview quality, not eligible for production use. Our ever vigilant Danny has been updating ALL Azure AD samples that use ADAL to use ADAL v3. We’ll provide all the links to the samples when we will announce GA. Almost there!
I am sure those announcements filled you with the intense desire to discuss identity matters with some like-minded expert, or to get your hands dirty with some code. If you happen to be attending //build/, you are in luck! This year the identity team sent a substantial delegation of people all eager to chat with you, hear your feedback and help you with any question you might have. There are tons of ways you can engage with us while at the conference.
If you are not at //build/, bummer – but don’t worry! You can get in touch with us through the usual channels:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.