Using the Microsoft Authentication Library with the Windows authentication broker

Introduction

This article introduces and explains the use of authentication brokers, specifically the Web Account Manager (WAM) built into Windows, which simplifies the authentication process for developers and customers using Microsoft or organizational accounts.

Using the Windows authentication broker

To obtain user credentials for a Windows desktop application, developers can use the Microsoft Authentication Library (MSAL) for .NET. However, this approach requires the user to enter their credentials or select from cached accounts in a separate browser window. Additionally, users cannot take advantage of streamlined Windows credentials such as Windows Hello. With WAM, developers can provide context and access to existing accounts, making the authentication process more efficient and user-friendly.

Code examples

A code snippet for accessing WAM through MSAL for .NET is provided, along with custom broker options and the requirement to provide a window handle for the broker to "bind" to. The code can also be accessed through other library versions, such as MSAL for Python.

Conclusion

Using the built-in Windows authentication broker simplifies the process of connecting applications to existing accounts and new accounts automatically integrated with Windows. References to MSAL.NET documentation are provided for further information.