1.9.0

Microsoft.Identity.Web 1.9.0

Performance improvements and consequence on async methods

In Microsoft.Identity.Web 1.9.0, we've done a lot of performance improvement. Part of these improvements, we've removed async to methods when they don't need to be async. Most are internal to Microsoft.Identity.Web and if you are using ASP.NET core, you should not be impacted. If you use ASP.NET, however, with MSAL.NET in hybrid scenarios, you'll see a new obsolete warning.

See for instance in: https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/00bac85bd7215c44fef89a9b61ced744d06f9503/WebApp/Utils/MsalAppBuilder.cs#L68-L69

 IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer();
 await memoryTokenCacheProvider.InitializeAsync(clientapp.UserTokenCache);

you now want to use:

 IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer();
 memoryTokenCacheProvider.Initialize(clientapp.UserTokenCache);

In the same way, in web APIs, you'd want to use ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader instead of ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync

Support for .NET Framework 4.6.2

Microsoft.Identity.Web now supports .NET Framework 4.6.2 in addition to .NET Framework 4.7.2.

Add support for Azure SDKs

The Azure SDKs use the notion TokenCredential. Microsoft.Identity.Web now exposes a TokenAcquisitionTokenCredential which can be used with the Azure SDKs. For instance, to access storage from a controller, you can inject a ITokenAcquisition and new-up a TokenAcquisitionTokenCredential.

See https://github.com/tamram/storage-dotnet-azure-ad-msal/tree/tamram-0818

        [AuthorizeForScopes(Scopes = new string[] { "https://storage.azure.com/user_impersonation" })]
        public async Task<IActionResult> Blob()
        {
            var scopes = new string[] { "https://storage.azure.com/user_impersonation" }; // I guess the Blob SDK knows already?
            ViewData["Message"] = await CreateBlob(new TokenAcquisitionTokenCredential(_tokenAcquisition),);
            return View();
        }

        private static async Task<string> CreateBlob(TokenAcquisitionTokenCredential tokenCredential)
        {
            // Replace the URL below with the URL to your blob.
            Uri blobUri = new Uri("https://storagesamples.blob.core.windows.net/sample-container/blob1.txt");
            BlobClient blobClient = new BlobClient(blobUri, tokenCredential);

            // Create a blob on behalf of the user.
            string blobContents = "Blob created by Azure AD authenticated user.";
            byte[] byteArray = Encoding.ASCII.GetBytes(blobContents);

            using (MemoryStream stream = new MemoryStream(byteArray))
            {
                await blobClient.UploadAsync(stream);
            }
            return "Blob successfully created";
        }

Enable client capabilities - support for CAE

When you want to use Conditional access evaluation, you need to express client capabilities

The ConfidentialClientApplicationOptions expose the ClientCapabilities property

Therefore you can express them in the appsettings.json:

"AzureAD" : 
{
 // usual members
 "ClientCapabilities" : [  "cp1" ]
}

or, programmatically, through the options you set in .EnableTokenAcquisitionToCallDownstreamApis