将应用程序迁移到 Microsoft 身份验证库 (MSAL)Migrate applications to the Microsoft Authentication Library (MSAL)

许多开发人员都使用 Azure Active Directory 身份验证库 (ADAL) 来构建和部署应用程序。Many developers have built and deployed applications using the Azure Active Directory Authentication Library (ADAL). 我们现在建议使用 Microsoft 身份验证库 (MSAL) 对 Azure AD 实体进行身份验证和授权。We now recommend using the Microsoft Authentication Library (MSAL) for authentication and authorization of Azure AD entities.

通过使用 MSAL 而不是 ADAL:By using MSAL instead of ADAL:

  • 你可以对一组更广泛的标识进行身份验证:You can authenticate a broader set of identities:
    • Azure AD 标识Azure AD identities
    • 使用 Azure AD B2C 的社交和本地帐户Social and local accounts by using Azure AD B2C
  • 用户将获得最佳单一登录体验。Your users will get the best single-sign-on experience.
  • 应用程序可以启用增量许可。Your application can enable incremental consent.
  • 可以更轻松地支持条件访问。Supporting Conditional Access is easier.
  • 你将从创新中受益。You benefit from innovation. 因为 Microsoft 所有的开发工作现在都集中在 MSAL 上,所以不会在 ADAL 中实现新功能。Because all Microsoft development efforts are now focused on MSAL, no new features will be implemented in ADAL.

MSAL 现在是建议用于 Microsoft 标识平台的身份验证库MSAL is now the recommended authentication library for use with the Microsoft identity platform.

迁移指南Migration guidance

可参考以下文章迁移到 MSAL:The following articles can help you migrate to MSAL:

常见问题 (FAQ)Frequently asked questions (FAQ)

问:是否要弃用 ADAL?Q: Is ADAL being deprecated?
答:是的。A: Yes. 从 2020 年 6 月 30 日开始,我们将不再为 ADAL 添加新功能。Starting June 30th, 2020, we will no longer add new features to ADAL. 在 2022 年 6 月 30 日之前,我们将继续为 ADAL 添加关键的安全修复程序。We'll continue adding critical security fixes to ADAL until June 30th, 2022. 在此日期之后,使用 ADAL 的应用将继续工作,但我们建议升级到 MSAL,以利用最新功能并保持安全。After this date, your apps using ADAL will continue to work, but we recommend upgrading to MSAL to take advantage of the latest features and to stay secure.

问:我的现有 ADAL 应用是否会停止工作?Q: Will my existing ADAL apps stop working?
答:不是。A: No. 你的现有应用将继续正常运行,不会进行修改。Your existing apps will continue working without modification. 如果计划在 2022 年 6 月 30 日之后继续使用它们,则应考虑将应用更新到 MSAL 以确保其安全性,但如果要维持现有功能,则无需迁移到 MSAL。If you're planning to keep them beyond June 30th, 2022, you should consider updating your apps to MSAL to keep them secure, but migrating to MSAL isn't required to maintain existing functionality.

问:如何知道哪些应用正在使用 ADAL?Q: How do I know which of my apps are using ADAL?
答:如果你有应用程序的源代码,可以参考上述迁移指南来确定应用使用的库和了解如何将其迁移到 MSAL。A: If you have the source code for the application, you can reference the above migration guides to help determine which library the app uses and how to migrate it to MSAL. 如果你与 ISV 合作,则建议你直接与他们联系,以了解其迁移到 MSAL 的历程。If you partnered with an ISV, we suggest you reach out to them directly to understand their migration journey to MSAL.

问:为什么应设法迁移到 MSAL?Q: Why should I invest in moving to MSAL?
答:MSAL 包含 ADAL 中没有的新功能,包括增量许可、单一登录和令牌缓存管理。A: MSAL contains new features not in ADAL including incremental consent, single sign-on, and token cache management. 此外,与 ADAL 不同,MSAL 在 2022 年 6 月 30 日之后会继续接收安全补丁。Also, unlike ADAL, MSAL will continue to receive security patches beyond June 30th, 2022. 了解详细信息Learn more.

问:Microsoft 是否会将其自己的应用更新到 MSAL?Q: Will Microsoft update its own apps to MSAL?
是。Yes. 在支持结束截止时间之前,Microsoft 正在将其应用程序迁移到 MSAL,从而确保它们可从 MSAL 的持续安全和功能改进中受益。Microsoft is in the process of migrating its applications to MSAL by the end-of-support deadline, ensuring they'll benefit from MSAL's ongoing security and feature improvements.

问:是否会发布一种工具,来帮助我将应用从 ADAL 迁移到 MSAL?Q: Will you release a tool that helps me move my apps from ADAL to MSAL?
答:否。A: No. 由于库之间存在差异,需要专门投入资源来开发和维护这个工具,而这些资源本可用于改进 MSAL。Differences between the libraries would require dedicating resources to development and maintenance of the tool that would otherwise be spent improving MSAL. 但是,我们在前面提供了一组迁移指南,可帮助你对应用程序进行所需的更改。However, we do provide the preceding set of migration guides to help you make the required changes in your application.

问:MSAL 如何与 AD FS 配合工作?Q: How does MSAL work with AD FS?
答:MSAL.NET 支持针对 AD FS 2019 进行身份验证的特定方案。A: MSAL.NET supports certain scenarios to authenticate against AD FS 2019. 如果你的应用需要直接从 AD FS 的早期版本获取令牌,应继续使用 ADAL。If your app needs to acquire tokens directly from earlier version of AD FS, you should remain on ADAL. 了解详细信息Learn more.

问:如何获取有关迁移应用程序的帮助?Q: How do I get help migrating my application?
答:请参阅本文的迁移指南部分。A: See the Migration guidance section of this article. 如果在阅读了应用平台的指南后,你还有其他问题,可以使用标记 [azure-ad-adal-deprecation]Microsoft Q&A 上发布问题,或者在库的 GitHub 存储库中创建问题。If, after reading the guide for your app's platform, you have additional questions, you can post on Microsoft Q&A with the tag [azure-ad-adal-deprecation] or open an issue in library's GitHub repository. 请参阅 MSAL 概述文章的语言和框架部分,获取指向每个库的存储库的链接。See the Languages and frameworks section of the MSAL overview article for links to each library's repo.

后续步骤Next steps