skip to Main Content

I have followed Adrian Halls book to create a cross platform app with a Mobile Service API backend. I have successfully got unsecured access to the backend working from Android, iOS and Desktop (WPF) clients. I am moving on to adding security to the API using the Authorise attribute. I would like to add social authentication using MicrosoftAccount (formerly passport/Live ID).

Since Adrian wrote his book the Microsoft.Azure.Mobile.Client and the authentication and authorisation landscape seem to have moved on. The samples given in the book no longer build and Microsoft’s social authentication and AAD authentication seem to have been rolled into one API.

I have spent days searching for up to date and relevant information but there seems to be lots of stuff on the internet that is either out of date or only shows examples of authenticating using Facebook or Google from Xamarin clients or authenticating against Azure AD.

I am using .NET 4.7 and WPF for the desktop app. I am also using Microsoft.Azure.Mobile.Client V4.0.1. and my questions are:

  1. Should I be using the Microsoft.Identity.Client to authenticate users from my desktop client; and,

  2. If so can someone point me to an example of the client flow that I need to follow, specifically how do I get the authorisation token that I need to pass to the new MobileServiceClient.LoginAsync() function that uses the identification provider and token parameters?

2

Answers


  1. I was in a similar boat – and here is summary from the top of my head – There two security libraries currently in play for authorization- ADAL, and MSAL.

    ADAL
    This is the first library that came out, and services like B2C must each be handle separately using this library.

    MSAL
    One security framework to rule them all!
    https://github.com/Azure-Samples/active-directory-xamarin-native-v2
    This library has a go live license, but technically it’s still in Beta.

    Head to Mobile.azure.com for the last info in creating a mobile application, and this article on a V2 endpoint.

    When you register an application for Authorization – there are two categories a “Converged” application, and a “Live SDK application” ( see https://apps.dev.microsoft.com/#/appList) – why they would choose these names is beyond me to understand. IMPORTANT Translation – Converged application ONLY work with MSAL, the other ONLY works with ADAL. THAT will go a long way for you to get the authentication working, as the Application / Client ID must match the correct SDK, and hence endpoint.

    In the end, we chose to stay with ADAL for now as we were having problems with MSAL. MSAL is the future however, as all services will be incorporated, and it should be an easier SDK to use.

    Here are some links that I kept, all of which refer to ADAL or MSAL:

    http://aka.ms/aadv2

    https://azure.microsoft.com/develop/identity

    https://learn.microsoft.com/en-ca/azure/active-directory/develop/active-directory-authentication-scenarios#native-application-to-web-api

    https://github.com/AzureAD

    https://github.com/AzureAD/microsoft-authentication-library-for-dotnet

    These links are about month old – HTH

    Login or Signup to reply.
  2. If so can someone point me to an example of the client flow that I need to follow, specifically how do I get the authorisation token that I need to pass to the new MobileServiceClient.LoginAsync() function that uses the identification provider and token parameters?

    According to your requirement, you want to use client-flow authentication with MSA. As I known, MSA authentication uses the Live SDK for signing users.

    Since Live SDK is deprecated, you could leverage OneDrive SDK for CSharp for logging with MSA, and you could follow the detailed steps for achieving this purpose:

    enter image description here

    • Then you could follow the code below and add to your WPF application as follows:

      enter image description here

    For more details about OneDrive SDK for CSharp, you could refer to here and Authentication Adapter for the OneDrive SDK.

    UPDATE:

    It’s my fault. I did not mention that the above code would automatically open a web browser. Per my test, you could configure the parameter returnUrl to https://login.microsoftonline.com/common/oauth2/nativeclient when constructing your MsaAuthenticationProvider instance.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search