Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article provides an index of development features that are related to scenarios involving security and identity in Windows apps.
Windows OS features
Windows provides a wide variety of APIs related to security and identity scenarios for apps. These features are available via a combination of Windows App SDK, Windows Runtime (WinRT), and Win32 (C++ and COM) APIs provided by the Windows SDK.
Windows App SDK APIs
The Windows App SDK provides APIs related to OAuth 2.0 authorization flows. There are also a few helper APIs in the Microsoft.Windows.Security.AccessControl namespace. These APIs are related to named object sharing between packaged apps and Win32 applications.
| Article | Description |
|---|---|
| Implement OAuth 2.0 functionality in Windows apps | The new OAuth2Manager in Windows App SDK enables desktop applications such as WinUI to seamlessly perform OAuth 2.0 authentication in Windows apps. This article describes how to implement OAuth 2.0 with the Windows App SDK. |
Sign in with Microsoft (MSAL.NET + Web Account Manager)
For apps that need users to sign in with a Microsoft account or Microsoft Entra ID (work/school) account, the recommended approach is MSAL.NET with the Web Account Manager (WAM) broker. WAM provides silent SSO using the account already signed in to Windows, Windows Hello support, and device-bound refresh tokens — without launching a browser.
| Article | Description |
|---|---|
| Acquire tokens using Web Account Manager (WAM) | Learn how to use MSAL.NET with the WAM broker to acquire tokens for Microsoft and Microsoft Entra ID accounts in desktop apps including WPF, WinForms, and WinUI 3. |
| MSAL.NET overview | Overview of the Microsoft Authentication Library for .NET — the recommended library for authentication with Microsoft identity in desktop apps. |
| Register an application with the Microsoft identity platform | How to register your app in the Azure portal to get a client ID, which is required before using MSAL. |
| Web Account Manager (WinRT API) | The underlying WinRT API that WAM is built on (Windows.Security.Authentication.Web.Core). Reference this if you need low-level token broker access without MSAL.NET. |
| Retrieve a window handle (HWND) | Web Account Manager requires your app's window handle (HWND) to display authentication UI. This article shows how to retrieve it in WPF, WinForms, and WinUI 3. |
Note
Web Account Manager supports Microsoft accounts and Microsoft Entra ID accounts only. If you need to authenticate with a third-party identity provider (Google, GitHub, etc.) or Azure AD B2C, use OAuth2Manager or another general-purpose OAuth 2.0 library instead.
WinRT APIs
The following articles provide information about features available via WinRT APIs provided by the Windows SDK.
| Article | Description |
|---|---|
| Security | Learn about the breadth of security features for Windows apps. |
| Authentication and user identity | Windows apps have several options for user authentication, ranging from simple single sign-on (SSO) using Web authentication broker to highly secure two-factor authentication. |
| Credential locker | This article describes how Windows apps can use the Credential Locker to securely store and retrieve user credentials, and roam them between devices with the user's Microsoft account. |
| Cryptography | Learn about cryptography features available to Windows apps. |
| Fingerprint biometrics | This article explains how to add fingerprint biometrics to your Windows app, including a request for fingerprint authentication when the user must consent to a particular action increases the security of your app. |
| Share certificates between apps | This article shows how you can authenticate multiple Windows apps using the same certificate, and how you can provide a method for users to import a certificate that was provided for access to secured web services. |
| Smart cards | This topic explains how packaged Windows apps can use smart cards to connect users to secure network services. |
| Windows Hello | This article describes the Windows Hello technology and discusses how developers can implement this technology to protect their apps and backend services. It highlights specific capabilities of Windows Hello that help mitigate threats from conventional credentials and provides guidance about designing and deploying these technologies as part of your packaged Windows apps. |
| Create a Windows Hello login app | Part 1 of a complete walkthrough on how to create a packaged Windows app that uses Windows Hello as an alternative to traditional username and password authentication systems. |
| Create a Microsoft Passport login service | Part 2 of a complete walkthrough on how to use Windows Hello as an alternative to traditional username and password authentication systems in packaged Windows apps. |
Win32 (C++ and COM) APIs
The following articles provide information about features available via Win32 (C++ and COM) APIs provided by the Windows SDK.
| Article | Description |
|---|---|
| Security and identity | Learn about the breadth of security features available to Windows apps via Win32 APIs. |
| Authentication | Learn about authentication features available via Win32 APIs. |
| Cryptography | Learn about cryptography features available via Win32 APIs. |
.NET features
The .NET SDK also provides APIs related to security and identity scenarios for WPF and Windows Forms apps. The security and cryptography APIs in .NET can also be used in C# WinUI 3 apps.
| Article | Description |
|---|---|
| Security in .NET | Learn about security concepts and features for all .NET apps. |
| Security (WPF) | Learn about security concepts and features for WPF apps. |
| Windows Forms Security | Learn about security concepts and features for Windows Forms apps. |
Other features
The following articles provide information about features related to security and identity scenarios with passkeys for Windows apps.
| Topic | Description |
|---|---|
| Intro to passkeys | Passkeys are simpler, stronger, passwordless sign-ins. |
| Implement passkeys | Describes how to implement passkey sign-ins across online, enterprise, and government applications, and for payments. |
| Design guidelines for passkeys | There are 14 design patterns for passkeys. You can get started with two essential patterns, and then add optional patterns to your passkeys deployment based on your unique business needs. |
| Use cases for passkeys | This topic describes some use cases for passkeys. |
| Tools and libraries for passkeys | This topic contains info about tools and libraries to help you implement passkeys. |
| Reference for passkeys | This topic offers some reference info, demos, and examples. |
Related content
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Windows developer