Edit

Microsoft identity web scenarios

  • Article

Introduction

Microsoft.Identity.Web proposes a higher level API, over MSAL.NET, to protect web APIs, and acquire tokens in web apps, web APIs and services/daemon apps. You can choose to describe your application through a configuration file, or programmatically, or use a combination of both approaches.

The Scenarios

Microsoft identity web is focused on services, and confidential client applications.

Web app that signs in users and calls a web API on behalf of the user

To protect a web app (signing in the user) you'll use ASP.NET or ASP.NET Core with the ASP.NET Open ID Connect middleware. You'll reference the Microsoft.Identity.Web NuGet package if you use ASP.NET Core, and Microsoft.Identity.Web.OWIN if you are still using ASP.NET (OWIN).

If moreover, your web apps call web APIs in the name of the user (or as itself), you'll add the following NuGet packages:

Desktop or service daemon app that calls a web API as itself (in its own name)

You can write a daemon app that acquires a token using its own identity with a few lines of code, using the Microsoft.Identity.Web.TokenAcquisition Nuget package.

Web API calling another downstream Web API in the name of the user for whom it was called, or in its own name

To protect a web API you'll use ASP.NET or ASP.NET Core. You'll reference the Microsoft.Identity.Web NuGet package if you use ASP.NET Core, and Microsoft.Identity.Web.OWIN if you are still using ASP.NET (OWIN).

If moreover, your web apps calls web APIs in the name of the user (or in its own name), you'll add the following NuGet packages: