question

NewbieDev-4631 avatar image
0 Votes"
NewbieDev-4631 asked JessieZhang-2116 commented

Xamarin.Essentials' WebAuthenticator vs MSAL?

Being a newbie to Xamarin I am not sure if these can be compared.

I am looking at ways to authenticate a user through Xamarin app.

We use Azure AD and my Xamarin app wants to authenticate the staff of our organization. It then needs to access an Azure AD authenticated API.

The 2 options I found:

  1. Xamarin.Essenials' WebAuthenticator, looks like a good option. But I feel like it is for a B2C applications(because it mentions about social authentication).

    The site mentions this is more secure as there is a middle layer to do the authentication. But when I checked the source code for middle layer(Startup.cs) there were Clientid and client secrets.

    https://devblogs.microsoft.com/xamarin/authentication-xamarin-essentials-aspnet/?WT.mc_id=DT-MVP-5003277

  2. I also read about MSAL for authenticating users. It is a nuget (and so is the above one) and just takes ClientId(and not the client secret).

    https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview



So I am wondering which would be best in my case: WebAuthenticator or MSAL?

Which is more secure,if it can be compared?

Is there any disadvantage of using either?

Is there a better way to do authentication securely?

Thanks in advance.


dotnet-xamarinformsdotnet-xamarinessentialsazure-ad-msal
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JessieZhang-2116 avatar image
0 Votes"
JessieZhang-2116 answered JessieZhang-2116 commented

Hello,


Welcome to our Microsoft Q&A platform!

Many apps require adding user authentication, and this often means enabling your users to sign in their existing Microsoft, Facebook, Google, and now Apple Sign In accounts.

Microsoft Authentication Library (MSAL) provides an excellent turn-key solution to adding authentication to your app. There's even support for Xamarin apps in their client NuGet package.

If you're interested in using your own web service for authentication, it's possible to use WebAuthenticator to implement the client side functionality.

Refer :Xamarin.Essentials: Web Authenticator

You can choose according to your needs. Both Web Authenticator and Microsoft Authentication Library (MSAL) are maintained by microsoft. Microsoft has taken all kinds of security considerations into account, so feel free to use it.


Best Regards,

Jessie Zhang


If the response is helpful, please click "Accept Answer" and upvote it.


Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your reply Jessie.

So are the both doing the same thing(authenticating user of organisation).
I am a bit confused, if they both are same why do we have two ways to achieve the same thing.

In our case we want only the Azure AD as the identity provider.

Also we want the access token to call our downstream APIs.

Can both be used to achieve the above?

0 Votes 0 ·

So are the both doing the same thing(authenticating user of organisation).

The WebAuthenticator class lets you initiate browser based flows which listen for a callback to a specific URL registered to the app.If you're interested in using your own web service for authentication, it's possible to use WebAuthenticator to implement the client side functionality. And MSAL enables developers to acquire tokens from the Microsoft identity platform in order to authenticate users and access secured web APIs. For more details, you can check: Web Authenticator and Microsoft Authentication Library.


0 Votes 0 ·

Does Web authenticator manage the token life cycle?
I believe MSAL does that?

0 Votes 0 ·