首页 > 其他分享 >Authentication scenarios and recommendations MSAL vs Microsoft.Identity.Web

Authentication scenarios and recommendations MSAL vs Microsoft.Identity.Web

时间:2024-08-26 10:05:11浏览次数:8  
标签:Web web app authentication sign scenarios Authentication need Microsoft

Authentication scenarios and recommendations

If you have a web app or an API running in Azure App Service, you can restrict access to it based on the identity of the users or applications that request it. App Service offers several authentication solutions to help you achieve this goal. In this article, you will learn about the different authentication options, their benefits and drawbacks, and which authentication solution to use for specific scenarios.

Authentication solutions

  • Azure App Service built-in authentication - Allows you to sign users in and access data by writing minimal or no code in your web app, RESTful API, or mobile back end. It’s built directly into the platform and doesn’t require any particular language, library, security expertise, or even any code to use.
  • Microsoft Authentication Library (MSAL) - Enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. Available for multiple supported platforms and frameworks, these are general purpose libraries that can be used in various hosted environments. Developers can also integrate with multiple sign-in providers, like Microsoft Entra, Facebook, Google, X.
  • Microsoft.Identity.Web - A higher-level library wrapping MSAL.NET, it provides a set of ASP.NET Core abstractions that simplify adding authentication support to web apps and web APIs integrating with the Microsoft identity platform. It provides a single-surface API convenience layer that ties together ASP.NET Core, its authentication middleware, and MSAL.NET. This library can be used in apps in various hosted environments. You can integrate with multiple sign-in providers, like Microsoft Entra, Facebook, Google, X.

Scenario recommendations

The following table lists each authentication solution and some important factors for when you would use it.

Authentication method When to use
Built-in App Service authentication * You want less code to own and manage.
* Your app's language and SDKs don't provide user sign-in or authorization.
* You don't have the ability to modify your app code (for example, when migrating legacy apps).
* You need to handle authentication through configuration and not code.
* You need to sign in external or social users.
Microsoft Authentication Library (MSAL) * You need a code solution in one of several different languages
* You need to add custom authorization logic.
* You need to support incremental consent.
* You need information about the signed-in user in your code.
* You need to sign in external or social users.
* Your app needs to handle the access token expiring without making the user sign in again.
Microsoft.Identity.Web * You have an ASP.NET Core app.
* You need single sign-on support in your IDE during local development.
* You need to add custom authorization logic.
* You need to support incremental consent.
* You need conditional access in your web app.
* You need information about the signed-in user in your code.
* You need to sign in external or social users.
* Your app needs to handle the access token expiring without making the user sign in again.

The following table lists authentication scenarios and the authentication solution(s) you would use.

Scenario App Service built-in auth Microsoft Authentication Library Microsoft.Identity.Web
Need a fast and simple way to limit access to users in your organization?
Unable to modify the application code (app migration scenario)?
Your app's language and libraries support user sign-in/authorization?
Even if you can use a code solution, would you rather not use libraries? Don't want the maintenance burden?
Does your web app need to provide incremental consent?
Do you need conditional access in your web app?
Your app need to handle the access token expiring without making the user sign in again (use a refresh token)?
Need custom authorization logic or info about the signed-in user?
Need to sign in users from external or social identity providers?
You have an ASP.NET Core app?
You have a single page app or static web app?
Want Visual Studio integration?
Need single sign-on support in your IDE during local development?

Next steps

To get started with built-in App Service authentication, read:

To get started with Microsoft Authentication Library (MSAL), read:

To get started with Microsoft.Identity.Web, read:

Learn more about App Service built-in authentication and authorization

 

标签:Web,web,app,authentication,sign,scenarios,Authentication,need,Microsoft
From: https://www.cnblogs.com/chucklu/p/18380146

相关文章

  • 基于javaweb+jsp的鲜花商城系统
    基于javaweb+jsp的鲜花商城系统的设计与实现~开发语言:Java数据库:MySQL技术:Spring+SpringMVC+MyBatis+JSP工具:IDEA/Ecilpse、Navicat、Maven系统展示前台后台摘要  当下,正处于信息化的时代,许多行业顺应时代的变化,结合使用计算机技术向数字化、信息化建设迈......
  • 从0到1:React项目中的Webpack配置实战
    公司项目一般都是使用集团封装好的脚手架,脚手架内部实现咱看不到也摸不着,好不容易组内推行新的UI框架,需要自行定义webpack配置,这可是个绝佳的好机会,我对配置过程进行了梳理,把商业项目的成熟配置小跑着送上。初始化首先新建一个空文件夹,执行npminit初始化生成package.json......
  • 【计算机网络】WebSocket协议
    目录一、WebSocket协议概述二、WebSocket协议基本特点三、WebSocket协议代码实现3.1 WebSocket协议python实现3.2 WebSocket协议JAVA实现3.3 WebSocket协议C++实现四、WebSocket协议发展趋势一、WebSocket协议概述        WebSocket协议是一种在单个TCP......
  • html模板之动漫主题《熊出没》 web期末大作业
    一、......
  • 【python】Python中小巧的异步web框架Sanic快速上手实战
    ✨✨欢迎大家来到景天科技苑✨✨......
  • SpringbootWeb请求响应和分层解耦
    目录前言一、请求(学会使用postman和接收请求参数)1.后端接口测试工具Postman(1)引入(2)介绍(3)安装和使用 2.简单参数 (1)postman发送请求测试 (2)原始方式接收(3)SpringBoot方式(4)Spingboot方式参数名不一致问题3.实体参数(1)简单实体(2)复杂实体4.数组集合参数 (1)数组(2)集......
  • 基于python+flask框架的基于WEB的咖啡销售系统(开题+程序+论文) 计算机毕设
    本系统(程序+源码+数据库+调试部署+开发环境)带论文文档1万字以上,文末可获取,系统界面在最后面。系统程序文件列表开题报告内容研究背景在快节奏的现代生活中,咖啡已成为许多人日常生活中不可或缺的饮品,不仅因为其独特的口感和提神醒脑的功效,更因其承载了社交、休闲等多种文化......
  • WEB开发技术演变
    什么是web开发Web开发指的是网页系统开发,一说到网页,我想大概大部分人都会熟悉www,每次在浏览器中输入网址时,总会先输入www,这里其实是WorldWideWeb的简称,现在也简称Web,web技术发展静态网页时代1994年,网景公司(Netscape)发布了Navigator浏览器0.9版。这是历史上第一个比较成熟的......
  • 基于python+flask框架的基于web的物流管理系统(开题+程序+论文) 计算机毕设
    本系统(程序+源码+数据库+调试部署+开发环境)带论文文档1万字以上,文末可获取,系统界面在最后面。系统程序文件列表开题报告内容研究背景随着全球经济的飞速发展和电子商务的蓬勃兴起,物流行业作为连接生产与消费的关键环节,其重要性日益凸显。传统物流管理模式在应对海量数据处......
  • 现代Web开发中AJAX请求的运作原理
    ajax的请求过程1、新建ajax对象:    IE6不兼容newXMLHttpRequest();    IE6下,ajax对象的兼容方法:        try判断的方法:          varxhr=null;            try{    xhr=newXMLHttpRequest();    }      ......