| page_type | languages | products | description | urlFragment | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
sample |
|
|
An ASP.Net Core sample that shows how background apps and services can access the MSAL token cache and continue to act on-behalf of users in their absence. |
ms-identity-dotnet-advanced-token-cache |
These ASP.Net Core samples show how background apps, APIs and services can access the MSAL's access token cache and continue to act on-behalf of users in their absence.
The MSAL.NET and the Microsoft.Identity.Web libraries provide various mechanisms for apps that authenticate users with the Microsoft Identity Platform to cache Access Tokens for various resources like Microsoft Graph to a distributed token cache implementations like Sql Server or Redis.
This tutorial explains how by sharing the same app registration in Azure Portal (sharing the same client Id), background processes and services can still continue to work on behalf of the user after the user has exited the frontend web app.
Today, most background processes that need to work with user's data without them being present to authenticate or re-authenticate make use of Application Permissions which often require an admin consent. This requires an elevation of privilege and is often an unnecessary hassle as the developer originally did not intend to obtain a permission over what a user consents to their app.
| File/folder | Description |
|---|---|
1-Integrated-Cache |
The various applications used in this sample. |
CONTRIBUTING.md |
Guidelines for contributing to the sample. |
LICENSE |
The license for the sample. |
- Either Visual Studio or Visual Studio Code and .NET Core SDK
- An Azure AD tenant. For more information, see: How to get an Azure AD tenant
- A user account in your Azure AD tenant. This sample will not work with a personal Microsoft account. If you're signed in to the Azure portal with a personal Microsoft account and have not created a user account in your directory before, you will need to create one before proceeding.
From your shell or command line:
git clone https://github.com/Azure-Samples/ms-identity-dotnet-advanced-token-cache.gitor download and extract the repository .zip file.
⚠️ To avoid path length limitations on Windows, we recommend cloning into a directory near the root of your drive.
Navigate to the Sharing the MSAL token cache between a web app and a background console worker app tutorial where we'll learn about how to share the token cache between a Web App that signs-in users and a background console worker process.
or
Navigate to the Share the MSAL token cache between a web app, its web API and a background console worker app tutorial where we'll learn about how to share the token cache between a Web App that signs-in users, its backed Web API and a background console worker process.
For more information, visit the following links:
- Articles about the Microsoft identity platform
- Learn about Microsoft.Identity.Web
- Learn how to enable distributed caches in token cache serialization
- Use HttpClientFactory to implement resilient HTTP requests used by the Graph custom service
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [msal dotnet azure-active-directory].
If you find a bug in the sample, please raise the issue on GitHub Issues.
To provide a recommendation, visit the following User Voice page.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments