Azure Active Directory Authentication Libraries

The Azure AD authentication Library (ADAL) enables client application developers to easily authenticate users to cloud or on-premises Active Directory (AD), and then obtain access tokens for securing API calls. ADAL has many features that make authentication easier for developers, such as asynchronous support, a configurable token cache that stores access tokens and refresh tokens, automatic token refresh when an access token expires and a refresh token is available, and more. By handling most of the complexity, ADAL can help a developer focus on business logic in their application and easily secure resources without being an expert on security.

ADAL is available on a variety of platforms.

Client Libraries

Platform Library Download Source Code Sample Reference
.NET Client, Windows Store, UWP, Xamarin iOS and Android ADAL .NET v3 NuGet GitHub Desktop App Reference
.NET Client, Windows Store, Windows Phone 8.1 ADAL .NET v2 NuGet GitHub Desktop App Reference
JavaScript ADAL.js GitHub GitHub Single Page App
iOS, macOS ADAL CocoaPods GitHub iOS App Reference
Android ADAL The Central Repository GitHub Android App JavaDocs
Node.js ADAL npm GitHub
Java ADAL4J GitHub GitHub Java Web App

Server Libraries

Platform Library Download Source Code Sample Reference
.NET OWIN for AzureAD NuGet CodePlex MVC App
.NET OWIN for OpenIDConnect NuGet CodePlex Web App
Node.js Azure AD Passport npm GitHub Web API
.NET OWIN for WS-Federation NuGet CodePlex MVC Web App
.NET Identity Protocol Extensions for .NET 4.5 NuGet GitHub
.NET JWT Handler for .NET 4.5 NuGet GitHub

Scenarios

Here are three common scenarios in which ADAL can be used for authentication.

Authenticating Users of a Client Application to a Remote Resource

In this scenario, a developer has a client, such as a WPF application, that needs to access a remote resource secured by Azure AD, such as a web API. He has an Azure subscription, knows how to invoke the downstream web API, and knows the Azure AD tenant that the web API uses. As a result, he can use ADAL to facilitate authentication with Azure AD, either by fully delegating the authentication experience to ADAL or by explicitly handling user credentials. ADAL makes it easy to authenticate the user, obtain an access token and refresh token from Azure AD, and then use the access token to make requests to the web API.

For a code sample that demonstrates this scenario using authentication to Azure AD, see Native Client WPF Application to Web API.

Authenticating a Server Application to a Remote Resource

In this scenario, a developer has an application running on a server that needs to access a remote resource secured by Azure AD, such as a web API. He has an Azure subscription, knows how to invoke the downstream service, and knows the Azure AD tenant the web API uses. As a result, he can use ADAL to facilitate authentication with Azure AD by explicitly handling the application’s credentials. ADAL makes it easy to retrieve a token from Azure AD by using the application’s client credential and then use that token to make requests to the web API. ADAL also handles managing the lifetime of the access token by caching it and renewing it as necessary. For a code sample that demonstrates this scenario, see Console Application to Web API.

Authenticating a Server Application on Behalf of a User to Access a Remote Resource

In this scenario, a developer has an application running on a server that needs to access a remote resource secured by Azure AD, such as a web API. The request also needs to be made on behalf of a user in Azure AD. He has an Azure subscription, knows how to invoke the downstream web API, and knows the Azure AD tenant the service uses. Once the user is authenticated to the web application, the application can get an authorization code for the user from Azure AD. The web application can then use ADAL to obtain an access token and refresh token on behalf of a user using the authorization code and client credentials associated with the application from Azure AD. Once the web application is in possession of the access token, it can call the web API until the token expires. When the token expires, the web application can use ADAL to get a new access token by using the refresh token that was previously received.

See Also

The Azure Active Directory developer's guide

Authentication scenarios for Azure Active directory

Azure Active Directory code samples