In my last post,Azure AD & ASP.NET MVC - Understanding ADAL & OWIN, I talked a little about how theAzure AD Authentication Library(aka: ADAL) relates to theOpen Web Interface for .NET(aka: OWIN). In this post I am going to walk you through creating an ASP.NET MVC application that leverages these to offload the authentication support to Azure AD for your web apps. This is the crux of how you must authenticate and obtain an OAuth 2.0 access token for use in theOffice 365 APIs.
Furthermore, I'm going to take advantage of the protocolOpenID ConnectwhichAzure AD supports in preview modetoday. This is going to give you the ability to enable single sign-on in your applications. OpenID Connect is an extension of OAuth 2.0 (which is an authorization protocol,aka AuthZ) in that it makes it also act as anauthenticationprotocol (akaAuthN). It does this by returning an id token which can be used to authentication the user.
Before I dive into this, I have a fully working sample of what I'm working through in this post in GitHub. Check my projectAzure AD Authentication using ADAL & OWIN in an ASP.NET MVC project for use with the Office 365 APIs. Look at theREADME.mdfor information on how to get it working on your machine. Each step along the way (indicated by the headings in this post) reference the specific commit's in the GitHub project.
This is a fairly long post with lots of code snippets, so I elected to post it as an article on my blog. Check it out:Azure AD & ASP.NET MVC - Walkthrough Implementing ADAL & OWIN