Microsoft launches the preview of its authentication software from Azure AD

Microsoft has added another component to the Developer Preview of Windows Azure Active Directory. The component was added last week, and it will hopefully open up the cloud-based identity management service to .NET developers according to a Microsoft spokesperson.

The new Azure Authentication Library (AAL) will enable native client developers to authenticate users against Windows Azure Active Directory and other identity providers. It will additionally provide the necessary logic to secure native client and service application programming interfaces (APIs), according to Microsoft. Windows Azure Active Directory is an extension of Windows Server Active Directory, and is used in several Microsoft cloud-based services such as Office 365, Dynamics CRM Online and Windows Intune.

Microsoft had previously released a Developer Preview of Windows Azure Active Directory in mid-July, as part of its overall plan to extend the identity management service to developers for use in third-party applications and services. The principal components of the AAL include Web single sign-on (SSO) capability, and a REST-based Graph API that allows programme users to connect to the Windows Azure Active Directory and access data. The AAL Developer Preview has been described as an early preview of how Microsoft is planning to approach the issues of native client and API protection in the longer term.

Microsoft’s director of Program Management in the Active Directory Division, Alex Simons, explained what AAL enables in native client applications in the Windows Azure team blog. AAL will:

  • Prompt the user to authenticate against Windows Azure AD directory tenants, AD FS 2.0 servers and all the identity providers supported by Azure AD Access Control (Windows Live ID, Facebook, Google, Yahoo!, any OpenID provider, any WS-Federation provider)
  • Take advantage of username/password or the Kerberos ticket of the current workstation user for obtaining tokens automatically
  • Leverage service principal credentials for obtaining tokens for server to server service calls

Simons also outlined how AAL might be used with service APIs:

“On the service side, the library offers you the ability to validate incoming tokens and return the identity of the caller in the form of ClaimsPrincipal, consistent with the behaviour of the rest of our development platform.”

The current preview contains client and service-side capabilities. Future versions of AAL will be native client only. The service-side features will become extensions to Windows Identity Foundation, according to Simons. The AAL Developer Preview is available via a NuGet package (assemblies and references) that can be added to your project from within Visual Studio. Microsoft is also providing sample libraries and documentation.

Microsoft is not limiting its authentification work solely to the .NET platform, it is also ‘working on’ developing Azure Authentication Libraries for WinRT, Android and iOS, according to Simons. Also under consideration is support for multiple languages on the service side. At some point in the not too distant future, Microsoft expects to open source AAL so that developers can extend the code.