1.9.0 - mattchenderson/microsoft-identity-web GitHub Wiki
In Microsoft.Identity.Web 1.9.0, we've done a lot of performance improvement. Part of these improvements, we've removed async to methods when they don't need to be async. Most are internal to Microsoft.Identity.Web and if you are using ASP.NET core, you should not be impacted. If you use ASP.NET, however, with MSAL.NET in hybrid scenarios, you'll see a new obsolete warning.
See for instance in: https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/00bac85bd7215c44fef89a9b61ced744d06f9503/WebApp/Utils/MsalAppBuilder.cs#L68-L69
IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer();
await memoryTokenCacheProvider.InitializeAsync(clientapp.UserTokenCache);
you now want to use:
IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer();
memoryTokenCacheProvider.Initialize(clientapp.UserTokenCache);
In the same way, in web APIs, you'd want to use ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader
instead of ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync
Microsoft.Identity.Web now supports .NET Framework 4.6.2 in addition to .NET Framework 4.7.2.
The Azure SDKs use the notion TokenCredential
. Microsoft.Identity.Web now exposes a TokenAcquisitionTokenCredential
which can be used with the Azure SDKs. For instance, to access storage from a controller, you can inject a ITokenAcquisition
and new-up a TokenAcquisitionTokenCredential
.
See https://github.com/tamram/storage-dotnet-azure-ad-msal/tree/tamram-0818
[AuthorizeForScopes(Scopes = new string[] { "https://storage.azure.com/user_impersonation" })]
public async Task<IActionResult> Blob()
{
var scopes = new string[] { "https://storage.azure.com/user_impersonation" }; // I guess the Blob SDK knows already?
ViewData["Message"] = await CreateBlob(new TokenAcquisitionTokenCredential(_tokenAcquisition),);
return View();
}
private static async Task<string> CreateBlob(TokenAcquisitionTokenCredential tokenCredential)
{
// Replace the URL below with the URL to your blob.
Uri blobUri = new Uri("https://storagesamples.blob.core.windows.net/sample-container/blob1.txt");
BlobClient blobClient = new BlobClient(blobUri, tokenCredential);
// Create a blob on behalf of the user.
string blobContents = "Blob created by Azure AD authenticated user.";
byte[] byteArray = Encoding.ASCII.GetBytes(blobContents);
using (MemoryStream stream = new MemoryStream(byteArray))
{
await blobClient.UploadAsync(stream);
}
return "Blob successfully created";
}
When you want to use Conditional access evaluation, you need to express client capabilities
The ConfidentialClientApplicationOptions
expose the ClientCapabilities
property
Therefore you can express them in the appsettings.json:
"AzureAD" :
{
// usual members
"ClientCapabilities" : [ "cp1" ]
}
or, programmatically, through the options you set in .EnableTokenAcquisitionToCallDownstreamApis