Microsoft Identity Web basics
Microsoft Identity Web provides the glue between the ASP.NET Core middleware and MSAL .NET to bring a clearer, more robust developer experience, which also leverages the power of the Microsoft identity platform and leverages OpenId Connect middleware, which means developers can develop applications which allow several identity providers, including integration with Microsoft Entra ID, Microsoft Azure AD B2C, and Microsoft Entra External IDs.
Microsoft Identity Web leverages Microsoft Authentication Library (MSAL), which fetches the tokens and provides token cache extensibility.
When you run:
dotnet new webapp --auth or dotnet new webapi --auth
the ASP.NET Core application that is produced uses Microsoft.Identity.Web
Microsoft.Identity.Web is a simpler way to use Azure AD in ASP.NET Core web apps and web APIs. It doesn't replace ASP.NET Identity in any way, it doesn't replace AddOpenIdConnect, AddJwtBearer or AddCookie or any of the lower level primitives, but it uses and configure them correctly for Azure AD. It doesn't work with non-Azure identity providers. It replaces AzureAD.UI and AzureADB2C.UI which are obsolete in .NET 5.0
Microsoft.Identity.Web project templates bring many features that were not available in ASP.NET Core 3.1 project templates
Here are the available project templates:
Microsoft identity web is a library that provides a higher-level API and coordinates:
- ASP.Net Core and its authentication and authorization middleware,
- Identity.Model (validates tokens),
- MSAL.NET (acquires tokens),
- The Azure SDK (used to fetch certificates from KeyVault using Managed Identity when deployed to Azure, or your developer credentials when run on your local dev box)
