Cheers,

I'm looking for some clarification regarding authentication libraries for use with Azure AD, particularly regarding the differences between Microsoft.AspNetCore and Microsoft.IdentityModel based libraries.

I am implementing an Api in .net core for which authentication will be managed with Azure Active Directory (AAD). Based on the needs of the application I am looking to use the original (v1) endpoint with ADAL rather than the v2 endpoint due to some features not being available with the v2 endpoint at this time (RBAC and groups). All indications are that the ADAL libraries are the way to go, but this does not sync up with the following:

When I create an .net core (v2) API project in Visual Studio 2017 (v15.6.3) and I select Work or School Accounts for authentication, I get the following dialog which indicates that this choice is for

applications that authenticate users with Active Directory, Microsoft Azure Active Directory

Yet when the project is created, ADAL libraries, (nor MSAL for that matter), are not included in the project. In fact, the libraries referenced in the project are

• Microsoft.AspNetCore.Authentication
• Microsoft.AspNetCore.Authentication.JwtBearer

Additionally, the project template builds out a static extension class AzureAdServiceCollectionExtensions for handling the work and school authentication particulars with Azure AD, (note that if you choose a authentication with a personal account, a different extension class is created, but still azure based).

But these are not the ADAL.net classes which are in this package

Microsoft.IdentityModel.Clients.ActiveDirectory

The AspNetCore packages are published by the Asp.Net team, while the ADAL package is published by the AzureAD team.

Finally I get to some questions:

Why are the ADAL (or even the MSAL) libraries not part of the templates for integrating with Azure AD?

Do the templates indicate the preferred approach to integrating with Azure AD, and by implication to use the AspNetCore libraries?

All the documentation I have read so far for integrating with Azure AD involved ADAL or MSAL, have I missed something with the AspNetCore libraries?

Note that I did search for project templates which use ADAL or MSAL, no luck.
Thanks in advance.

ADAL and MSAL are the libraries needed for requesting and managing tokens. If you're building an API that protects it's endpoints and requires an access token to access, you likely only need to use the .NET core middleware (what was included in the template). This middleware accepts and validates incoming access tokens.

The only case you'll need to integrate ADAL or MSAL into your app is if you're interested in doing the On-behalf-of flow from your web API.

Here's a code sample that implements this middleware in an .NET core API.