From ADAL to MSAL ROPC Flow

Occasional Visitor

I'm not sure if this is the right place for this question, so please let me know if it is not.

 

 

I'm in the process of migrating our .net 4.8 project to .net 6. I recently discovered that Adal is going away soon and need to replace the Adal logic with Msal in the .net 6 project. Our users are stored in Azure Active Directory. The .net 4.8 project is an Api that has Auth/Login endpoint that takes username and password(Resource Owner Password Credential Flow). They really want to keep this flow and do not want to switch to a confidential client flow. I know to enable the username and password flow, you have turn on 'Allow public client flows' in Azure portal in the Authentication blade of App Registration blade. Right now it set to 'No' for our application and I believe if we want to keep the ROPC flow this may need to be enabled. I have setup a POC project and tried to test getting an access token from Msal and passing that token to the Authorization header of the request but it doesn't seem to Authenticate my request via postman/swagger. Is possible to keep the same setup we have in .net 4.8 api project for that endpoint for .net 6 or is there some other way I need to do this? I really would like to use Msal for this because the changes seem minimal.

0 Replies