Azure Active Directory 代码示例(v1.0 终结点)Azure Active Directory code samples (v1.0 endpoint)


Microsoft 标识平台 (v2.0)Azure Active Directory (Azure AD) 开发人员平台 (v1.0) 演变而来。Microsoft identity platform (v2.0) is an evolution of the Azure Active Directory (Azure AD) developer platform (v1.0). 开发人员可以通过它来生成应用程序,从而可以采用所有 Microsoft 标识登录,以及获取令牌来调用 Microsoft Graph 等 Microsoft API 或开发人员生成的 API。It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs such as Microsoft Graph or APIs that developers have built. 本内容适用于版本较旧的 Azure AD v1.0 终结点。This content is for the older, Azure AD v1.0 endpoint. 建议对新项目使用 v2.0 终结点。We recommend that you use the v2.0 endpoint for new projects. 有关详细信息,请参阅为什么要更新到 Microsoft 标识平台 (v2.0)?For more info, read Why update to Microsoft identity platform (v2.0)? 以及 Microsoft 标识平台限制as well as Microsoft identity platform limitations.

可以使用 Azure Active Directory (Azure AD) 向 Web 应用程序和 Web API 添加身份验证和授权。You can use Azure Active Directory (Azure AD) to add authentication and authorization to your web applications and web APIs.

此部分提供可用于详细了解 Azure AD v1.0 终结点的示例链接。This section provides links to samples you can use to learn more about the Azure AD v1.0 endpoint. 这些示例将展示其工作原理以及可以在应用程序中使用的代码片段。These samples show you how it's done along with code snippets that you can use in your applications. 在代码示例页上,可以找到在要求、安装和设置方面提供帮助的详细自述主题。On the code sample page, you'll find detailed read-me topics that help with requirements, installation, and set-up. 并且代码带有注释,可以帮助你理解关键部分。And the code is commented to help you understand the critical sections.


如果对 Azure AD V2 代码示例感兴趣,请参阅按方案分类的 v2.0 代码示例If you are interested in Azure AD V2 code samples, see v2.0 code samples by scenario.

若要了解每种示例类型的基本方案,请参阅 Azure AD 的身份验证方案To understand the basic scenario for each sample type, see Authentication scenarios for Azure AD.

你也可以在 GitHub 上为我们的示例做出补充。You can also contribute to our samples on GitHub. 若要了解如何操作,请参阅 Azure Active Directory 示例和文档To learn how, see Azure Active Directory samples and documentation.

单页应用程序Single-page applications

此示例展示了如何编写受 Azure AD 保护的单页应用程序。This sample shows how to write a single-page application secured with Azure AD.

平台Platform 调用自身的 APICalls its own API 调用其他 Web APICalls another Web API
此图显示了 JavaScript 徽标 javascript-singlepageappjavascript-singlepageapp
此图显示了 Angular JS 徽标 angularjs-singlepageappangularjs-singlepageapp angularjs-singlepageapp-corsangularjs-singlepageapp-cors

Web 应用程序Web Applications

可让用户登录、使用用户标识调用 Microsoft Graph 或 Web API 的 Web 应用程序Web Applications signing in users, calling Microsoft Graph, or a Web API with the user's identity

以下示例说明了 Web 应用程序签名用户。The following samples illustrate Web applications signing users. 其中一些应用程序还以已登录用户的名义调用 Microsoft Graph 或你自己的 Web API。Some of these applications also call the Microsoft Graph or your own Web API, in the name of the signed-in user.

平台Platform 仅让用户登录Only signs in users 调用 Microsoft GraphCalls Microsoft Graph 调用另一个 ASP.NET 或 ASP.NET Core 2.0 Web APICalls another ASP.NET or ASP.NET Core 2.0 Web API
此图显示了 ASP.NET 徽标

ASP.NET Core 2.0ASP.NET Core 2.0
dotnet-webapp-openidconnect-aspnetcoredotnet-webapp-openidconnect-aspnetcore webapp-webapi-multitenant-openidconnect-aspnetcorewebapp-webapi-multitenant-openidconnect-aspnetcore

(AAD Graph)(AAD Graph)
此图显示了 ASP.NET 徽标




(AAD Graph)(AAD Graph)
此图显示了 Python 徽标 python-webapp-graphapipython-webapp-graphapi
此图显示了 Java 徽标 java-webapp-openidconnectjava-webapp-openidconnect
此图显示了 PHP 徽标 php-graphapi-webphp-graphapi-web

演示基于角色的访问控制(授权)的 Web 应用程序Web applications demonstrating role-based access control (authorization)

以下示例演示如何实现基于角色的访问控制 (RBAC)。The following samples show how to implement role-based access control (RBAC). RBAC 用于将 Web 应用中某些功能的权限限制为某些用户。RBAC is used to restrict the permissions of certain features in a web application to certain users. 系统将根据用户是属于 Azure AD 组还是拥有一个给定的应用程序角色,对其进行授权。The users are authorized depending on whether they belong to an Azure AD group or have a given application role.

平台Platform 示例Sample
此图显示了 ASP.NET 徽标


使用 Azure AD 角色进行授权的 .NET 4.5 MVC Web 应用A .NET 4.5 MVC web app that uses Azure AD roles for authorization

调用 Microsoft Graph 或 Web API 的桌面和移动公共客户端应用程序Desktop and mobile public client applications calling Microsoft Graph or a Web API

以下示例演示了以用户身份访问 Microsoft Graph 或 Web API 的公共客户端应用程序(桌面/移动应用程序)。The following samples illustrate public client applications (deskto/pmobile applications) that access the Microsoft Graph or a Web API in the name of a user. 根据设备和平台,应用程序可以用不同方式(流/授权)让用户登录:Depending on the devices and platforms, applications can sign in users in different ways (flows/grants):

  • 交互式Interactively
  • 无提示方式(使用 Windows 上的集成 Windows 身份验证,或用户名/密码)Silently (with Integrated Windows Authentication on Windows, or username/password)
  • 通过将交互式登录委托给另一设备(在不提供 Web 控件的设备上使用的设备代码流)By delegating the interactive sign-in to another device (device code flow used on devices which don't provide web controls)
客户端应用程序Client application 平台Platform 流/授权Flow/Grant 调用 Microsoft GraphCalls Microsoft Graph 调用 ASP.NET 或 ASP.NET Core 2.x Web APICalls an ASP.NET or ASP.NET Core 2.x Web API
桌面 (WPF)Desktop (WPF) 此图显示了 .NET/C# 徽标 交互Interactive dotnet-native-multitarget 的一部分Part of dotnet-native-multitarget Dotnet-native-desktopDotnet-native-desktop


移动 (UWP)Mobile (UWP) .此图显示了 .NET/C#/UWP 交互Interactive dotnet-native-uwp-wamdotnet-native-uwp-wam

此示例使用 WAM,而不是 ADAL.NETThis sample uses WAM, not ADAL.NET
dotnet-windows-store(使用 ADAL.NET 调用单租户 Web API 的 UWP 应用程序)dotnet-windows-store (UWP application using ADAL.NET to call a single tenant Web API)

dotnet-webapi-multite nant-windows-store(使用 ADAL.NET 调用多租户 Web API 的 UWP 应用程序)dotnet-webapi-multitenant-windows-store (UWP application using ADAL.NET to call a multi-tenant Web API)
移动(Android、iOS、UWP)Mobile (Android, iOS, UWP) 此图显示了 .NET/C# (Xamarin) 交互Interactive dotnet-native-multitargetdotnet-native-multitarget
移动 (Android)Mobile (Android) 此图显示了 Android 徽标 交互Interactive androidandroid
移动 (iOS)Mobile (iOS) 此图显示了 iOS/Objective C 或 Swift 交互Interactive nativeClient-iOSnativeClient-iOS
桌面(控制台)Desktop (Console) 此图显示了 .NET/C# 徽标 用户名/密码Username / Password

Windows 集成身份验证Integrated Windows Authentication
桌面(控制台)Desktop (Console) 此图显示了 Java 徽标 用户名/密码Username / Password java-native-headlessjava-native-headless
桌面(控制台)Desktop (Console) 此图显示了 .NET Core/C# 徽标 设备代码流Device code flow dotnet-deviceprofiledotnet-deviceprofile

守护程序应用程序(使用应用程序的标识访问 Web API)Daemon applications (accessing web APIs with the application's identity)

以下示例展示了可在无用户的情况下(使用应用程序标识)访问 Microsoft Graph 或 Web API 的桌面或 Web 应用程序。The following samples show desktop or web applications that access the Microsoft Graph or a web API with no user (with the application identity).

客户端应用程序Client application 平台Platform 流/授权Flow/Grant 调用 ASP.NET 或 ASP.NET Core 2.0 Web APICalls an ASP.NET or ASP.NET Core 2.0 Web API
守护程序应用(控制台)Daemon app (Console) 此图显示了 .NET 徽标 使用应用密码或证书的客户端凭据Client Credentials with app secret or certificate dotnet-daemondotnet-daemon

守护程序应用(控制台)Daemon app (Console) 此图显示了 .NET 徽标 使用证书的客户端凭据Client Credentials with certificate dotnetcore-daemon-certificate-credentialdotnetcore-daemon-certificate-credential
ASP.NET Web 应用ASP.NET Web App 此图显示了 .NET 徽标 客户端凭据Client credentials dotnet-webapp-webapi-oauth2-appidentitydotnet-webapp-webapi-oauth2-appidentity


受 Azure Active Directory 保护的 Web APIWeb API protected by Azure Active Directory

以下示例展示了如何使用 Azure AD 保护 node.js Web API。The following sample shows how to protect a node.js web API with Azure AD.

在本文的前几部分中,还可以找到其他示例,这些示例演示了一个调用 ASP.NET 或 ASP.NET Core Web API 的客户端应用程序。In the previous sections of this article, you can also find other samples illustrating a client application calling an ASP.NET or ASP.NET Core Web API. 本部分不再提及这些示例,但你可以在上表或下表的最后一列中找到它们These samples are not mentioned again in this section, but you will find them in the last column of the tables above or below

平台Platform 示例Sample
此图显示了 Node.js 徽标 node-webapinode-webapi

调用 Microsoft Graph 或另一个 Web API 的 Web APIWeb API calling Microsoft Graph or another Web API

以下示例展示了调用另一个 Web API 的 Web API。The following samples demonstrate a web API that calls another web API. 第二个示例展示了如何处理条件访问。The second sample shows how to handle Conditional Access.

平台Platform 调用 Microsoft GraphCalls Microsoft Graph 调用另一个 ASP.NET 或 ASP.NET Core 2.0 Web APICalls another ASP.NET or ASP.NET Core 2.0 Web API
此图显示了 ASP.NET 徽标




其他 Microsoft Graph 示例Other Microsoft Graph samples

有关演示 Microsoft Graph API 的各种使用模式(包括向 Azure AD 进行身份验证)的示例和教程,请参阅 Microsoft Graph Community Samples & Tutorials(Microsoft Graph 社区示例和教程)。For samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community Samples & Tutorials.

另请参阅See also