Microsoft identity web scenarios
Introduction
Microsoft.Identity.Web proposes a higher level API, over MSAL.NET, to protect web APIs, and acquire tokens in web apps, web APIs and services/daemon apps. You can choose to describe your application through a configuration file, or programmatically, or use a combination of both approaches.
The Scenarios
Microsoft identity web is focused on services, and confidential client applications.
Web app that signs in users and calls a web API on behalf of the user
To protect a web app (signing in the user) you'll use ASP.NET or ASP.NET Core with the ASP.NET Open ID Connect middleware. You'll reference the Microsoft.Identity.Web NuGet package if you use ASP.NET Core, and Microsoft.Identity.Web.OWIN if you are still using ASP.NET (OWIN).
If moreover, your web apps call web APIs in the name of the user (or as itself), you'll add the following NuGet packages:
- Microsoft.Identity.Web.MicrosoftGraph if you want to call Microsoft Graph
- Microsoft.Identity.Web.Azure if you want to access an Azure resource with one of the Azure SDKs (Storage, etc ...)
- Microsoft.Identity.Web.DownstreamApi if you want to call a downstream web API
Desktop or service daemon app that calls a web API as itself (in its own name)
You can write a daemon app that acquires a token using its own identity with a few lines of code, using the Microsoft.Identity.Web.TokenAcquisition Nuget package.
Web API calling another downstream Web API in the name of the user for whom it was called, or in its own name
To protect a web API you'll use ASP.NET or ASP.NET Core. You'll reference the Microsoft.Identity.Web NuGet package if you use ASP.NET Core, and Microsoft.Identity.Web.OWIN if you are still using ASP.NET (OWIN).
If moreover, your web apps calls web APIs in the name of the user (or in its own name), you'll add the following NuGet packages:
- Microsoft.Identity.Web.MicrosoftGraph if you want to call Microsoft Graph
- Microsoft.Identity.Web.Azure if you want to access an Azure resource with one of the Azure SDKs (Storage, etc ...)
- Microsoft.Identity.Web.DownstreamApi if you want to call a downstream web API
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應