You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: msal-dotnet-articles/advanced/managed-identity.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.date: 03/17/2025
9
9
>[!NOTE]
10
10
>This feature is available starting with [MSAL.NET](https://www.nuget.org/packages/Microsoft.Identity.Client/) version 4.54.0.
11
11
12
-
A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. [Managed identities](/azure/active-directory/managed-identities-azure-resources/overview) in Azure eliminate the need for developers to handle these credentials manually. MSAL.NET supports acquiring tokens through the managed identity service when used with applications running inside Azure infrastructure, such as:
12
+
A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communications between services. [Managed identities](/azure/active-directory/managed-identities-azure-resources/overview) in Azure eliminate the need for developers to handle these credentials manually. MSAL.NET supports acquiring tokens through the managed identity service when used with applications running inside Azure infrastructure, such as:
13
13
14
14
*[Azure App Service](https://azure.microsoft.com/products/app-service/) (API version `2019-08-01` and above)
@@ -22,16 +22,16 @@ A common challenge for developers is the management of secrets, credentials, cer
22
22
23
23
For a complete list, refer to [Azure services that can use managed identities to access other services](/azure/active-directory/managed-identities-azure-resources/managed-identities-status).
24
24
25
-
## Which SDK to use - Azure SDK or MSAL?
25
+
## Which SDK to use - Azure Identity library or MSAL?
26
26
27
-
MSAL libraries provide lowerlevel APIs that are closer to the OAuth2 and OIDC protocols.
27
+
MSAL libraries provide lower-level APIs that are closer to the OAuth2 and OIDC protocols.
28
28
29
-
Both MSAL.NET and [Azure SDK](/dotnet/api/overview/azure/identity-readme?view=azure-dotnet&preserve-view=true) allow to acquire tokens via managed identity. Internally, Azure SDK uses MSAL.NET, and it provides a higher-level API via its `DefaultAzureCredential` and `ManagedIdentityCredential` abstractions.
29
+
Both MSAL.NET and the [Azure Identity library for .NET](/dotnet/api/overview/azure/identity-readme?view=azure-dotnet&preserve-view=true) allow you to acquire tokens via managed identity. Internally, the Azure Identity library uses MSAL.NET, and it provides a higher-level API via its `DefaultAzureCredential` and [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential?view=azure-dotnet&preserve-view=true) abstractions.
30
30
31
-
If your application already uses one of the SDKs, continue using the same SDK. Use Azure SDK, if you are writing a new application and plan to call other Azure resources, as this SDK provides a better developer experience by allowing the app to run on private developer machines where managed identity doesn't exist. Consider using MSAL if you need to call other downstream web APIs like Microsoft Graph or your own web API.
31
+
If your application already uses MSAL .NET or the Azure Identity library, continue using that same library. Use the Azure Identity library if you're writing a new application and plan to call other Azure resources, as this library provides a better developer experience by allowing the app to run on private developer machines where managed identity doesn't exist. Consider using MSAL if you need to call other downstream web APIs like Microsoft Graph or your own web API.
32
32
33
33
>[!NOTE]
34
-
>[Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) is a higher-level API that offers integration with ASP.NET Core and ASP.NET Classic, while using MSAL under the hood. The library also provides a way to load credentials (certificates, signed assertions) used by MSAL.NET as client credentials. For certificates it uses the `DefaultAzureCredentials` to fetch certificates from KeyVault. It also offers workload identity federation with managed identity credentials. For details see [CredentialDescription](/dotnet/api/microsoft.identity.abstractions.credentialdescription.keyvaulturl?view=msal-model-dotnet-latest#microsoft-identity-abstractions-credentialdescription-keyvaulturl&preserve-view=true).
34
+
>[Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) is a higher-level API that offers integration with ASP.NET Core and ASP.NET Classic, while using MSAL under the hood. The library also provides a way to load credentials (certificates, signed assertions) used by MSAL.NET as client credentials. For certificates, it uses the `DefaultAzureCredential` to fetch certificates from KeyVault. It also offers workload identity federation with managed identity credentials. For details, see [CredentialDescription](/dotnet/api/microsoft.identity.abstractions.credentialdescription.keyvaulturl?view=msal-model-dotnet-latest#microsoft-identity-abstractions-credentialdescription-keyvaulturl&preserve-view=true).
0 commit comments