In my last post, Azure AD & ASP.NET MVC - Understanding ADAL & OWIN, I talked a little about how the Azure AD Authentication Library (aka: ADAL) relates to the Open Web Interface for .NET (aka: OWIN). In this post I am going to walk you through creating an ASP.NET MVC application that leverages these to offload the authentication support to Azure AD for your web apps. This is the crux of how you must authenticate and obtain an OAuth 2.0 access token for use in the Office 365 APIs.
Furthermore, I'm going to take advantage of the protocol OpenID Connect which Azure AD supports in preview mode today. This is going to give you the ability to enable single sign-on in your applications. OpenID Connect is an extension of OAuth 2.0 (which is an authorization protocol, aka AuthZ) in that it makes it also act as an authentication protocol (aka AuthN). It does this by returning an id token which can be used to authentication the user.
Before I dive into this, I have a fully working sample of what I'm working through in this post in GitHub. Check my project Azure AD Authentication using ADAL & OWIN in an ASP.NET MVC project for use with the Office 365 APIs. Look at the README.md for information on how to get it working on your machine. Each step along the way (indicated by the headings in this post) reference the specific commit's in the GitHub project.
This is a fairly long post with lots of code snippets, so I elected to post it as an article on my blog. Check it out: Azure AD & ASP.NET MVC - Walkthrough Implementing ADAL & OWINcomments powered by Disqus