Entra ID and ASP.NET MVC - Understanding ADAL and OWIN

Learn from my experience as I share tips & insights on how to authenticate and obtain access tokens for Office 365 APIs.

By Last Updated: December 17, 2014 2 minutes read

This post is part of a few other posts I’ve published this week about the authentication part of working with the Office 365 APIs. Specifically, the process of authenticating and obtaining an access token that you have to include on every request to the Office 365 APIs is tricky. Maybe the base process isn’t so hard for folks, but everything around it is confusing to some. So I’m sharing stuff I’ve picked up along the way.

When calling the Office 365 APIs you have to pass along an OAuth2 access token in each request. You get this token from Microsoft Entra ID by authenticating the user within the context of an app. If you’re building an application with .NET, you are likely going to use the Microsoft Entra ID Authentication Library to simplify your life. Specifically, within your project you’ll likely add the NuGet package Microsoft.IdentityModel.Clients.ActiveDirectory. This contains all the stuff you’ll use to authenticate with Microsoft Entra ID to obtain the access tokens. There are also ADAL NuGet packages for iOS & Android apps that take advantage of Xamarin.

So what’s all this talk about OWIN? The Open Web Internet Interface for .NET or OWIN as it’s better known, is an open & standard interface that is supposed to make the links between web servers and web applications less coupled. How does it play into the Office 365 APIs? Actually they don’t… the idea is to make the authentication process within a web application a bit simpler. Microsoft clearly wants us to use OWIN to take advantage of this architecture in our authentication in web applications and other ways that it makes sense down the road.

OK, so how do you use this? For instance, this is going to help by pushing the authentication process deeper into what we used to know as the ASP.NET pipeline. If you haven’t done this before it can be a bit confusing… but I’ve got a process that I follow that makes it easy to set up. In the next post I’ll show you how to can do this in a custom ASP.NET MVC application.

Branded horizontal divider.