The Windows Azure Authentication Library (AAL), a new capability in the Developer Preview of Windows Azure Active Directory (Windows Azure AD) introduced today, "gives .NET developers a fast and easy way to take advantage of Windows Azure AD in additional, high value scenarios, including the ability to secure access to your application's APIs and the ability to expose your service APIs for use in other native client or service based applications."
The AAL Developer Preview consists of a set of NuGet packages containing the library bits, a set of samples which will work right out of the box against pre-provisioned tenants, and essential documentation to get started.
On the service side, "the library offers you the ability to validate incoming tokens and return the identity of the caller in form of ClaimsPrincipal, consistent with the behavior of the rest of our development platform," Microsoft informed.
AAL contains features for both .NET client applications and services. On the client, the library enables you to:
- Prompt the user to authenticate against Windows Azure AD directory tenants, AD FS 2.0 servers and all the identity providers supported by Azure AD Access Control (Windows Live ID, Facebook, Google, Yahoo!, any OpenID provider, any WS-Federation provider)
- Take advantage of username/password or the Kerberos ticket of the current workstation user for obtaining tokens programmatically
- Leverage service principal credentials for obtaining tokens for server to server service calls
Together with the library, Microsoft also released a set of samples which demonstrate the main scenarios you can implement with the AAL.
"To make it easy to try these samples, all are configured to work against pre-provisioned tenants. They are complemented by comprehensive readme documents, which detail how you can reconfigure Visual Studio solutions to take advantage of your own Directory tenants and Windows Azure AD Access Control namespaces," Microsoft adds.