UWP-Using WebAccountManager API to connect your Windows 10 to Microsoft Account
Prior to Windows 10 UWP the recommendation for federated authentication in Windows was (and still is) to use ADAL.net.
If you have a Windows 10 UWP application you have a new platform capability available to you called the WebAccountManager. This is the recommended approach going forward from Windows 10.
The Windows 10 UWP samples available on github https://github.com/Microsoft/Windows-universal-samples contain a sample WebAccountManagement which shows you how to integrate your app with Azure AD, Live connect, Local, and other identity providers.
I’ve been through the sample and distilled the key points for Microsoft Account integration.
- Provide a handler for AccountsSettingsPane.GetForCurrentView().AccountCommandsRequested. This is the method that windows will execute when the ‘login’ dialog is shown in your app. At this stage you add the identity providers you want users to be able to log in with.
- Per provider, provide a handler for WebAccountProviderCommand. This is the method that windows will execute when the user has selected the identity provider from the list defined at stage 1. At this stage, you will be physically issuing a login request using the WebAuthenticationCoreManager. At the end of this handler, you should have a login result (success/fail) and a token which you can use in downstream processing.
- From your client (UWP app), tell the app to show the action settings page using Windows.UI.ApplicationSettings.AccountsSettingsPane.Show(). This will start the login process, and accordingly trigger the above handlers when users have interacted with the account settings pane.
Below is the code to implement steps 1 and 2. Note in this example I am using MVVM light dispatcher (Messenger.Default.Send) to deliver an event based message to subscribers. You can use something like event aggregator or your flavour of pub/sub framework to achieve the same result:
public class Authenticator
{
public Authenticator()
{
AccountsSettingsPane.GetForCurrentView().AccountCommandsRequested += Authenticator_AccountCommandsRequested;
}
private async void Authenticator_AccountCommandsRequested(AccountsSettingsPane sender, AccountsSettingsPaneCommandsRequestedEventArgs e)
{
AccountsSettingsPaneEventDeferral deferral = e.GetDeferral();
var provider =
await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", "consumers");
WebAccountProviderCommand providerCommand = new WebAccountProviderCommand(provider, WebAccountProviderCommandInvoked);
e.WebAccountProviderCommands.Add(providerCommand);
e.HeaderText = "Please select an account to log in with";
deferral.Complete();
}
private async void WebAccountProviderCommandInvoked(WebAccountProviderCommand command)
{
WebTokenRequest webTokenRequest = new WebTokenRequest(command.WebAccountProvider, "wl.basic", "none");
WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest);
var token = webTokenRequestResult.ResponseData[0].Token;
// sends a message with MVVM Light messenger. This is solution specific, typically you want to use the token to
// query a service (for example live connect)
Messenger.Default.Send(new AuthenticatedMessage() { Token = token});
}
}
And below is the code to implement step 3:
Windows.UI.ApplicationSettings.AccountsSettingsPane.Show();
Further reading
I’d encourage you to have a good look at the WebAccountManagement sample in https://github.com/Microsoft/Windows-universal-samples. This samples contains more detail and different usage scenarios for reference.
Also have a look at Vittorio Bertocci’s post at https://blogs.technet.microsoft.com/ad/2015/08/03/develop-windows-universal-apps-with-azure-ad-and-the-windows-10-identity-api/ which gives a bit of background, explains when you should use ADAL.NET vs WebAccountmanager and has example of integrating with Azure AD.