Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Warning
Azure Active Directory Authentication Library (ADAL) has been deprecated. While existing apps that use ADAL will continue to work, Microsoft will no longer release security fixes on ADAL. Use the Microsoft Authentication Library (MSAL) to avoid putting your app's security at risk.
Why migrate
Azure AD Authentication Library for .NET (ADAL.NET) has been deprecated and no new features or bug fixes, including security bugs will be implemented. Application using ADAL will continue to work.
Migration guide for apps using ADAL directly
Before digging in the details of MSAL.NET vs ADAL.NET, you might want to check if you want to use MSAL.NET or a higher-level library like Microsoft.Identity.Web. For details about the decision tree below, read MSAL.NET or Microsoft.Identity.Web.
- Learn how to migrate confidential client applications built on top of ASP.NET MVC or .NET classic from ADAL.NET to MSAL.NET.
- Learn how to migrate public client applications built on top of .NET or .NET classic from ADAL.NET to MSAL.NET.
- Learn how to migrate confidential client applications built on top of ASP.NET Core from ADAL.NET to Microsoft.Identity.Web:
Migration guide for apps using ADAL indirectly
You might unknowingly consume ADAL dependencies from other SDKs. In other words, ADAL is a transitive depdendency. This still represents a risk to your application, as your application cannot upgrade ADAL to fix a potential security issue or to benefit from a security improvement.
To migrate, you first have to identify the root dependency that consumes ADAL. In most cases, the root dependency is itself deprecated. To identify the root dependency, you can get use Visual Studio nuget interface or the dotnet nuget why command
Below are the most common deprecated packages and their MSAL alternatives. For more detailed migration information, see AppAuthentication to Azure.Identity Migration Guidance and Migration guide links in the specific Azure SDK for .NET library pages.
| Legacy Package (ADAL-dependent, deprecated) | Supported Package (MSAL-dependent, current) |
|---|---|
Microsoft.Azure.KeyVault |
Azure.Security.KeyVault.Secrets, Azure.Security.KeyVault.Keys, Azure.Security.KeyVault.Certificates |
Microsoft.Azure.Management.Compute |
Azure.ResourceManager.Compute |
Microsoft.Azure.Services.AppAuthentication |
Azure.Identity |
Microsoft.Azure.Management.StorageSync |
Azure.ResourceManager.StorageSync |
Microsoft.Azure.Management.Fluent |
Azure.ResourceManager |
Microsoft.Azure.Management.EventGrid |
Azure.ResourceManager.EventGrid |
Microsoft.Azure.Management.Automation |
Azure.ResourceManager.Automation |
Microsoft.Azure.Management.Compute.Fluent |
Azure.ResourceManager.Compute |
Microsoft.Azure.Management.MachineLearning.Fluent |
Azure.ResourceManager.MachineLearningCompute |
Microsoft.Azure.Management.Media, windowsazure.mediaservices |
Azure.ResourceManager.Media |
Microsoft.Kusto.Client |
Microsoft.Azure.Kusto.Data |
Microsoft.Kusto.Ingest |
Microsoft.Azure.Kusto.Ingest |
Next steps
- Learn about public client and confidential client applications.
- Learn how to migrate confidential client applications built on top of ASP.NET MVC or .NET classic from ADAL.NET to MSAL.NET.
- Learn how to migrate public client applications built on top of .NET or .NET classic from ADAL.NET to MSAL.NET.
- Learn more about the Differences between ADAL.NET and MSAL.NET apps.
- Learn how to migrate confidential client applications built on top of ASP.NET Core from ADAL.NET to Microsoft.Identity.Web: