With Microsoft’s announcement to stop adding new features to ADAL from 30th June 2020 and the end of support from 30th June 2022, it's time to start planning or migrating existing applications to start using MSAL instead of ADAL.
This article will help you to migrate step by step to add MSAL authentication in your existing .net 5 based web application.
To keep it simple, I have divided this article into 3 parts for easy to follow.
Part 1: Registering Application on AAD
To start using MSAL Authentication, you have to register your application on Azure Active Directory.
Search Azure Active Directory on the Azure portal and click on View.
From the Manage section on the left navigation menu, click on ‘App registration’
As shown above, give appropriate name, in our case I gave MSALDemo.
Keep other things to default, we will visit later and just click on ‘Register’.
Once you register your application, open registered application, click on ‘Authentication’, in Platform configuration, click on ‘Add a platform’ and click on Web
In Configure Web section, add ‘https://localhost:5001/signin-oidc’ as Redirect URI and select ID Tokens checkbox and click on ‘Configure’
Redirect URI is nothing but your application URI with apended ‘/signin-oidc’ route.
signin-oidcis the default value used by the OIDC client middleware. You can change it viaOpenIdConnectOptions.CallbackPath
Now we are ready with application registration, you can view all your app registration details as below.
Part 2: Code Changes
First of all, let's add configuration to our application. You can use environment-specific details, for demo purpose I am using ‘appsettings.Development.json’
In the real world, you can expect 2 or 3 registration of your application per environment, Development, Test, Production.
Now, install below NuGet packages on your application.
Install-Package Microsoft.Identity.Web -Version 1.14.0
Install-Package Microsoft.Identity.Web.UI -Version 1.14.0
Now Open your startup.cs file and add the below code to ConfigureServices method.
Make sure that you have enabled Authentication in your application.
If not already done, add the below code in Configure method in Startup.cs file
We are ready to use MSAL for authentication in our application. lets Hit F5
As you can see above, the application will ask for authentication first, authenticate with your credentials and we are ready.
Part 3: User Information(Optional)
We managed to log in and migrate to MSAL but as you can see it's not visible who logged in and no way to log out. Let's do this and make our demo more meaningful.
Add new Partial view in ‘/Shared’ folder as ’_Login.cshtml’ as below
Add below code to Empty _Login.cshtml file.
here we have added a partial view that will show who logged in and an option for the user to log out.
Let's add this Partial view on ’_Layout.cshtml’ in the Header section as below.
<partial name=”_Login” />
Now, let's hit F5 again and here we go.
You can download this demo code from the Git repo here
If you have any questions, feel free to comment.
Thank you!
