| title | description | author | manager | ms.service | ms.subservice | ms.topic | ms.workload | ms.date | ms.author | ms.reviewer | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|
Migrating to MSAL.NET and Microsoft.Identity.Web |
Learn why and how to migrate from Azure AD Authentication Library for .NET (ADAL.NET) to Microsoft Authentication Library for .NET (MSAL.NET) or Microsoft.Identity.Web |
Dickson-Mwendia |
CelesteDG |
msal |
msal-dotnet |
conceptual |
identity |
06/04/2024 |
dmwendia |
jmprieur, saeeda |
devx-track-csharp, aaddev, has-adal-ref, engagement-fy23, devx-track-dotnet |
[!INCLUDE ADAL migration note]
Both the Microsoft Authentication Library for .NET (MSAL.NET) and Azure AD Authentication Library for .NET (ADAL.NET) are used to authenticate Microsoft Entra entities and request tokens from Microsoft Entra ID.
Up until now, most developers have requested tokens from Microsoft Entra ID for developers platform (v1.0) using Azure AD Authentication Library (ADAL). These tokens are used to authenticate Microsoft Entra identities (work and school accounts).
Because ADAL is deprecated, we strongly advise our customers to migrate to MSAL or higher-level libraries that are based on MSAL, such as Microsoft.Identity.Web. MSAL offers several key benefits:
- You can authenticate a broader set of Microsoft identities: work or school accounts, personal Microsoft accounts, and social or local accounts with Azure AD B2C and Microsoft Entra External ID.
- Your users get the best single-sign-on (SSO) experience.
- Your application can enable incremental consent, Conditional Access, and other emerging security capabilities.
- You benefit from continuous innovation in terms of security and resilience,
Important
MSAL.NET or Microsoft.Identity.Web are now the recommended auth libraries to use with the Microsoft identity platform. No new features will be implemented in ADAL. For details see the announcement: Update your applications from ADAL to MSAL.
Before digging in the details of MSAL.NET vs ADAL.NET, you might want to check if you want to use MSAL.NET or a higher-level library like Microsoft.Identity.Web.
For details about the decision tree below, read MSAL.NET or Microsoft.Identity.Web.
[!INCLUDE importance-of-logging]
You might unknowingly consume ADAL dependencies from other Azure SDKs. Below are few of the deprecated packages and their MSAL alternatives. For more detailed migration information, see AppAuthentication to Azure.Identity Migration Guidance and Migration guide links in the specific Azure SDK for .NET library pages.
| Legacy Package (ADAL-dependent, deprecated) | Supported Package (MSAL-dependent, current) |
|---|---|
Microsoft.Azure.KeyVault |
Azure.Security.KeyVault.Secrets, Azure.Security.KeyVault.Keys, Azure.Security.KeyVault.Certificates |
Microsoft.Azure.Management.Compute |
Azure.ResourceManager.Compute |
Microsoft.Azure.Services.AppAuthentication |
Azure.Identity |
Microsoft.Azure.Management.StorageSync |
Azure.ResourceManager.StorageSync |
Microsoft.Azure.Management.Fluent |
Azure.ResourceManager |
Microsoft.Azure.Management.EventGrid |
Azure.ResourceManager.EventGrid |
Microsoft.Azure.Management.Automation |
Azure.ResourceManager.Automation |
Microsoft.Azure.Management.Compute.Fluent |
Azure.ResourceManager.Compute |
Microsoft.Azure.Management.MachineLearning.Fluent |
Azure.ResourceManager.MachineLearningCompute |
Microsoft.Azure.Management.Media, windowsazure.mediaservices |
Azure.ResourceManager.Media |
- Learn about public client and confidential client applications.
- Learn how to migrate confidential client applications built on top of ASP.NET MVC or .NET classic from ADAL.NET to MSAL.NET.
- Learn how to migrate public client applications built on top of .NET or .NET classic from ADAL.NET to MSAL.NET.
- Learn more about the Differences between ADAL.NET and MSAL.NET apps.
- Learn how to migrate confidential client applications built on top of ASP.NET Core from ADAL.NET to Microsoft.Identity.Web: