UWP, Azure App Service, Converged App (v2, OAuth2.0), WebAuthenticationCoreManager and Microsoft acccounts
Closed this issue ยท 13 comments
How do I make all of these things work? UWP, Azure App Service, Converged App (v2, OAuth2.0), WebAuthenticationCoreManager and Microsoft accounts.
I have had a hard time getting a cohesive documentation on this.
I want to maintain the sign-in experience that one gets using apps like the Microsoft Store so I've been using WebAuthenticationCoreManager. However I've been pushed over the edge because I mistakenly deleted an entry in the Application Registration Portal that broke auth on my UWP app. Apparently the entry cannot be manually created--only if a new app is created through the Dev Center. I created a converged app entry instead, but it seems I can't get it to authenticate properly with my Azure App Service.
Is there specific documentation that uses what I listed above?
Hi @myokeeh,
Can you elaborate on the exact sign in experience you want to deliver? Also, what type of accounts do you want to sign in?
There's a few tools you can use to accomplish similar things. The primary difference is feature set and level of abstraction (App Services is a PaaS tool for example and handles much of the complexity). Based on the description above, I think a few have been conflated that are not intended to do so.
We definitely have specific docs, but based on your journey I want to make sure to send you to the 1 right place. In general, a good place to check is https://aka.ms/aaddev if you're trying to sign in Azure AD or Microsoft Accounts, and https://aka.ms/aadb2c if you're trying to sign in local or social accounts (Facebook, Microsoft accounts, Google, etc). We can be more specific once I have an idea of your answers to the earlier questions.
I really want to use the native Windows 10 sign-in experience in my UWP app like what's shown below. (WebAuthenticationCoreManager?)
I currently have users signing into my UWP app with an App Service backend (MobileServiceClient.LoginAsync()) using Microsoft accounts. This currently opens a web browser which isn't the best experience.
So at the very least, I want to have native sign-in experience and continue using Microsoft accounts, but possibly add Azure AD sign-in, too.
What I noticed with my previous attempts with MSAL.NET is that it really just opens a browsers in a small window (it doesn't "remember passwords" or things of that sort).
I think I can rule out AAD B2C.
@danieldobalian, thoughts?
@myokeeh - agreed, MSAL now uses the Web Auth Broker on UWP to interact with the system. This is quite old and does not provide a good experience on UWP - i.e. the "web view" does not show users already connected to windows etc. We are looking at using a newer technology for this.
We are also looking at adding support for Win Integrated Auth, i.e. have MSAL use the identify of the logged in user. This will most likely work with AD and AAD joined accounts and no user interaction will be required.
@bgavrilMS That sounds great. I suppose there's no interim solution? Is there a roadmap or schedule to look forward to?
@jmprieur can comment on the roadmap, Win Integrated Auth is very much requested so it will likely come first / soon.
@myokeeh : we are working on bringing MSAL;NET on parity with ADAL.NET (adding missing flows like Windows Integrated Authentication, Username/Password and Device code flow). When this is done we'll work on integrating with WAM.
The roadmap is here: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki#roadmap
@myokeeh : We are putting the final touches on Integrated Windows Authentication for MSAL and it will be included in our next release coming out very soon.
Will corresponding documentation come out with that update? Is it already in the MSAL 2.1.0-preview released yesterday?
@myokeeh - It's in the current release, MSAL 2.1.0-preview, and here is a link to the wiki
Will Microsoft accounts be supported in some future release?