Is MSAL.NET right for me
Follow the decision tree to see if MSAL.NET alone is enough, or if you need Microsoft Identity Web, or both.
You're building a desktop or mobile app. Use MSAL.NET directly and start acquiring tokens for your public client application. For details see:
Use hybrid model MSAL.NET and Microsoft Identity Web
You're building a web app or a web API, or a daemon application (a confidential client application) running on .NET Framework or pure .NET Core (not ASP.NET Core). In MSAL.NET, an in-memory token cache is provided by default, however, in the case of web apps or web APIs, caching should be handled differently than for public client applications (desktop or mobile apps) as it requires to be partitioned correctly. It's highly recommended to leverage a token cache serializer, which can be a distributed cache, (e.g. Redis, Cosmos, or SQL Server, distributed in memory cache), or a correctly partitioned in memory cache.
By using token cache serializers you partition the token caches depending on the cache key that is used because the cache is swapped between the storage and MSAL's memory. This cache key is computed by MSAL.NET as a function of the flow you use
Microsoft Identity Web provides token cache serialization for you. See Token cache serialization for details.
Another example of leveraging Microsoft Identity Web from .NET classic (MVC) can be found in that ConfidentialClientTokenCache sample.
Examples of how to use token caches for web apps and web APIs are available in the ASP.NET Core web app tutorial in the phase 2-2 Token Cache. For implementations have a look at the TokenCacheProviders folder in the Microsoft.Identity.Web repository.
Microsoft Identity Web also helps with certificate loading.
I'm using ASP.NET Core. See what Microsoft Identity Web has to offer:
Use the Project Templates and the msidentity-app-sync tool. We have web app templates for web MVC, Razor, Blazor server, Blazorwasm hosted and not hosted. All for Azure AD or Azure AD B2C.
We have web API templates for gRPC and Azure Functions.
Here's information on how to run the msidentity-app-sync-tool which is a command line tool which creates Microsoft identity platform applications in a tenant (Azure AD or Azure AD B2C) and updates the configuration code of your ASP.NET Core applications. The tool can also be used to update code from an existing Azure AD/Azure AD B2C application.
It's available on NuGet.
Just take the code you need from Microsoft Identity Web to update your app. Here's an example:
