Today our team is excited to announce the release of Microsoft Authentication Library (MSAL) for .NET version 4.54.0! To get started, you can download the Microsoft.Identity.Client
package from NuGet through one of many ways to add a package dependency to your project:
Using the .NET Command-Line Interface (CLI):
dotnet add package Microsoft.Identity.Client
Using the NuGet Command Line Interface (CLI):
nuget install Microsoft.Identity.Client
Using the Package Manager Console:
Install-Package Microsoft.Identity.Client
Using Visual Studio:
- Open the Solution Explorer.
- Right-click on a project within the solution.
- Click on Manage NuGet Packages…
- Click on the Browse tab and search for
Microsoft.Identity.Client
. - Click on the
Microsoft.Identity.Client
package and click Install.
What’s New
This release introduces a large feature change, as well as multiple stability and performance improvements that make MSAL.NET easier to use in cloud-based and mobile workloads.
New Features
- MSAL will now proactively refresh tokens acquired using
WithAppTokenProvider
API. MsalException
and derived exception classes now have anAdditionalExceptionData
property, which holds extra error information. Currently it is only populated for exceptions coming from the Windows authentication broker (WAM).- For HTTP telemetry, telemetry ID was introduced for long-running on-behalf-of requests.
Bug Fixes
- Fix for a JSON serialization issue in iOS apps that are built in release Ahead-Of-Time (AOT) compilation mode.
- MSAL.NET package now references the correct Microsoft.iOS version.
- The
Microsoft.Identity.Client.Broker
package can now be used in projects which rely on the olderpackage.config
. - Fix for the
user_mismatch
error whenWithAccount
is specified when acquiring tokens interactively and selecting a different account in the account picker.
Most importantly, the latest version of MSAL.NET graduates the Managed Identity APIs into the General Availability mode of support, which means that developers can integrate them safely in production workloads.
Managed Identity General Availability
Managed identities are a part of the Azure infrastructure, simplifying how developers handle credentials and secrets to access cloud resources. With Managed Identities, developers do not need to manually handle credential retrieval and security. Instead, they can rely on an automatically managed set of identities to connect to resources that support Azure Active Directory (AAD) authentication. You can learn more in What are managed identities for Azure resources?
With MSAL.NET 4.54.0, the Managed Identity APIs are now stable. There are a few changes that we added that make them easier to use and integrate that might require tweaking your code if you’ve used our experimental implementation:
- When using Managed Identity APIs, developers will need to specify the identity type when creating an
ManagedIdentityApplication
. - When acquiring tokens with Managed Identity APIs and using the default HTTP client, MSAL will retry the request for certain exception codes.
- We added a new
MsalManagedIdentityException
class that represents any Managed Identity-related exceptions. It includes general exception information, including the Azure source from which the exception originates. - MSAL will now proactively refresh tokens acquired with Managed Identity.
To get started with Managed Identity in MSAL.NET you can use the Microsoft.Identity.Client
package together with the ManagedIdentityApplicationBuilder
class. For example, to use system-assigned managed identities in your application, you can write a snippet such as the one below:
IManagedIdentityApplication mi = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned)
.Build();
AuthenticationResult result = await mi.AcquireTokenForManagedIdentity(resource)
.ExecuteAsync()
.ConfigureAwait(false);
If you have a resource to which a user-assigned identity is attached, you can access it as such:
IManagedIdentityApplication mi = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(clientIdOfUserAssignedManagedIdentity))
.Build();
AuthenticationResult result = await mi.AcquireTokenForManagedIdentity(resource)
.ExecuteAsync()
.ConfigureAwait(false);
To learn more, refer to our documentation.
Feedback
We’d love to hear your thoughts on the Microsoft Authentication Library for .NET! Feel free to open an issue on GitHub if you’d like to report a bug or request a new feature. For questions around the usage of the library, refer to Stack Overflow.
got excited for a second there thought it was about https://devblogs.microsoft.com/dotnet/improvements-auth-identity-aspnetcore-8/