{"id":123,"date":"2014-11-18T10:30:00","date_gmt":"2014-11-18T10:30:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/visualstudio\/2014\/11\/18\/improving-the-visual-studio-account-management-experience\/"},"modified":"2022-09-30T09:44:42","modified_gmt":"2022-09-30T16:44:42","slug":"improving-the-visual-studio-account-management-experience","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/visualstudio\/improving-the-visual-studio-account-management-experience\/","title":{"rendered":"Improving the Visual Studio Account Management Experience"},"content":{"rendered":"<p>Anyone who has built an application in Visual Studio that uses several services (e.g. roaming Visual Studio settings, accessing Azure services in Server Explorer, or using Windows Store) has probably experienced what we\u2019ve come to call \u201csign-in <a href=\"http:\/\/en.wikipedia.org\/wiki\/Whac-A-Mole\">Whack-A-Mole<\/a>,\u201d with prompts popping up when you least expect them to. In Visual Studio 2015 we introduced an account manager to reduce how often Visual Studio needs to prompt for credentials and to make it easier for you to switch among different user accounts within the IDE.<\/p>\n<p>You\u2019ll see the account manager utilized in various places inside the Visual Studio 2015 user interface, but the central place of account management resides In File -&gt; Account Settings.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-content\/uploads\/sites\/4\/2014\/11\/4338.2014FallAccountSettingsDialog_75DE9911.png\"><img decoding=\"async\" style=\"float: none; margin-left: auto; margin-right: auto; border-width: 0px;\" title=\"Account Settings Dialog\" src=\"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-content\/uploads\/sites\/4\/2014\/11\/4338.2014FallAccountSettingsDialog_75DE9911.png\" alt=\"Account Settings Dialog\" width=\"640\" height=\"396\" border=\"0\" \/><\/a><\/p>\n<p>Let\u2019s take a deeper look at how the account manager works.<\/p>\n<h2>Many Services, Many User Accounts<\/h2>\n<p>There were two general types of authentication workflows we saw in Visual Studio 2013 and earlier:<\/p>\n<ul>\n<li><strong>Multiple Services. <\/strong>Online services such as Azure, Office 365, and Visual Studio Online managed their users\u2019 authentication tokens separately. Additionally, re-entering your credentials only refreshed the token for that one feature, leaving other features unauthenticated. This meant that the number of times you had to sign in grew with the number of different services you used, even if you were signing in with the same account.<\/li>\n<li><strong>Multiple Accounts. <\/strong>If you used multiple user accounts (e.g. separate accounts for work and home, or for development and testing), it could be even more complex, and switching between these user accounts required signing out and signing back in.<\/li>\n<\/ul>\n<p><strong>Visual Studio 2015 helps with both. <\/strong><\/p>\n<p>First, it unifies the sign-in experience so that authenticating with an account once enables access to all services you use with that user account. For example, if you signed into the IDE with your Microsoft account, which is also an admin for an Azure subscription, Visual Studio will simultaneously authenticate you to use the Azure services inside Server Explorer. Additionally, if you recently refreshed your credentials for one service (e.g. your Azure subscription), they\u2019re refreshed for all. This statement applies to adding Application Insights from the New Project dialog, or to adding Mobile Services or Storage from the new Connected Services dialog. What\u2019s even better is that this single sign-on feature works across the Visual Studio family of applications including Blend. Visual Studio manages the access tokens across applications, so once you authenticate an account in one app, the tokens across apps refresh in unison.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-content\/uploads\/sites\/4\/2014\/11\/4341.2014FallConnectedServicesDialog_6395D24F.png\"><img decoding=\"async\" style=\"float: none; margin-left: auto; margin-right: auto; border-width: 0px;\" title=\"Connected Services Dialog\" src=\"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-content\/uploads\/sites\/4\/2014\/11\/4341.2014FallConnectedServicesDialog_6395D24F.png\" alt=\"Connected Services Dialog\" width=\"640\" height=\"440\" border=\"0\" \/><\/a><\/p>\n<p>Second, we added a system for managing your accounts centrally in Visual Studio so that you have one place to view, add, or remove the multiple accounts the IDE knows about. You can view the managed accounts in the Account Settings dialog, under the File menu. All the account-related features in Visual Studio use this same account manager, even if they are showing it in different places in the UI. Using the new UI, you can easily switch between different accounts or add new accounts in situ, as you use online services such as Application Insights or Azure Mobile Services.<\/p>\n<p>It\u2019s important to note: Visual Studio isn\u2019t storing your raw credentials. <a href=\"https:\/\/channel9.msdn.com\/Events\/Visual-Studio\/Connect-event-2014\/411\">This quick intro to AAD<\/a> is a good reference on how Azure Active Directory and the <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/azure\/dn151135.aspx\">Active Directory Authentication Library (ADAL)<\/a> works which make up the building blocks for Visual Studio\u2019s new account manager. In short, what\u2019s happening looks like this: when you sign in to an account inside Visual Studio, you are authenticating against a web-based identity provider (probably Azure Active Directory or the Microsoft Account provider). If the authentication is successful, the identity provider passes down delegated authentication tokens. The Visual Studio 2015 account management system simply facilitates secure handling and storing of these delegated tokens.<\/p>\n<h2>Improvements Still to Come<\/h2>\n<p>We\u2019re not done yet. For example, you\u2019ll see in some cases that Visual Studio will ask you to re-authenticate your Microsoft accounts after as little as 12 hours. We want to improve this, but in the meantime, there are some workarounds. If, for example, you create a \u201cWork or School account\u201d (formerly known as Organizational account) and make that account an administrator of your Azure subscription to access Azure resources, you\u2019ll get a better single sign-on experience in Visual Studio. Unfortunately, you can\u2019t sign in to the IDE (for example, to roam settings and to personalize the IDE) with an organizational ID yet. We\u2019re working on addressing this issue, too.<\/p>\n<p>Beyond Preview, more features such as Team Explorer, Office 365, and ASP.NET project creation will use the new shared account storage and management services.<\/p>\n<p>We also plan to roam the list of user accounts (but not passwords or authentication tokens) with your personalization account to help you get started quickly on new devices. We\u2019ll also touch up the account picker and make it behave more consistently across the product.<\/p>\n<p>As always, we\u2019re grateful for your feedback, suggestions, and any ideas you share on <a href=\"http:\/\/visualstudio.uservoice.com\/forums\/121579-visual-studio\">UserVoice<\/a> and through the in-product Send-a-Smile UI. We\u2019ll monitor comments on this post for a couple weeks but if you find a bug its best to log it directly on the <a href=\"https:\/\/connect.microsoft.com\/VisualStudio\">Connect site<\/a> or try out the new Send-a-Frown UI <a href=\"https:\/\/devblogs.microsoft.com\/visualstudio\/visual-studio-2015-preview-visual-studio-community-2013-visual-studio-2013-update-4-and-more\/\">John mentioned<\/a> to log a bug directly from the IDE.<\/p>\n<p>Thank you!<\/p>\n<p>Ji Eun Kwon<\/p>\n<table style=\"width: 698px;\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"112\"><a href=\"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-content\/uploads\/sites\/4\/2014\/11\/4212.JiEunKwon_thumb_15571D6F.png\"><img decoding=\"async\" style=\"border: 0px;\" title=\"Ji Eun Kwon\" src=\"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-content\/uploads\/sites\/4\/2014\/11\/4212.JiEunKwon_thumb_15571D6F.png\" alt=\"Ji Eun Kwon\" width=\"103\" height=\"131\" border=\"0\" \/><\/a><\/td>\n<td valign=\"top\" width=\"584\"><strong>Ji Eun Kwon<\/strong>, Program Manager, Visual Studio Platform<\/p>\n<p>Ji Eun Kwon is a Program Manager on the Visual Studio Platform IDE team. She joined Microsoft a year ago, and since then has focused on identity and licensing experiences in Visual Studio.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Anyone who has built an application in Visual Studio that uses several services (e.g. roaming Visual Studio settings, accessing Azure services in Server Explorer, or using Windows Store) has probably experienced what we\u2019ve come to call \u201csign-in Whack-A-Mole,\u201d with prompts popping up when you least expect them to. In Visual Studio 2015 we introduced an [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":255385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[155,1029],"tags":[237,85,310,12],"class_list":["post-123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-visual-studio","category-web","tag-net","tag-asp-net","tag-identity","tag-visual-studio"],"acf":[],"blog_post_summary":"<p>Anyone who has built an application in Visual Studio that uses several services (e.g. roaming Visual Studio settings, accessing Azure services in Server Explorer, or using Windows Store) has probably experienced what we\u2019ve come to call \u201csign-in Whack-A-Mole,\u201d with prompts popping up when you least expect them to. In Visual Studio 2015 we introduced an [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/comments?post=123"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/123\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media\/255385"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media?parent=123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/categories?post=123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/tags?post=123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}