Azure Active Directory 代码示例(v1.0 终结点)Azure Active Directory code samples (v1.0 endpoint)

适用于:Applies to:
  • Azure AD v1.0 终结点Azure AD v1.0 endpoint
  • Azure Active Directory Authentication Library (ADAL)Azure Active Directory Authentication Library (ADAL)

可以使用 Azure Active Directory (Azure AD) 向 Web 应用程序和 Web API 添加身份验证和授权。You can use Azure Active Directory (Azure AD) to add authentication and authorization to your web applications and web APIs.

此部分提供可用于详细了解 Azure AD v1.0 终结点的示例链接。This section provides links to samples you can use to learn more about the Azure AD v1.0 endpoint. 这些示例将展示其工作原理以及可以在应用程序中使用的代码片段。These samples show you how it's done along with code snippets that you can use in your applications. 在代码示例页上,可以找到在要求、安装和设置方面提供帮助的详细自述主题。On the code sample page, you'll find detailed read-me topics that help with requirements, installation, and set-up. 并且代码带有注释,可以帮助你理解关键部分。And the code is commented to help you understand the critical sections.

若要了解每种示例类型的基本方案,请参阅 Azure AD 的身份验证方案To understand the basic scenario for each sample type, see Authentication scenarios for Azure AD.

你也可以在 GitHub 上为我们的示例做出补充。You can also contribute to our samples on GitHub. 若要了解如何操作,请参阅 Azure Active Directory 示例和文档To learn how, see Azure Active Directory samples and documentation.

单页应用程序Single-page applications

此示例展示了如何编写受 Azure AD 保护的单页应用程序。This sample shows how to write a single-page application secured with Azure AD.

平台Platform 调用自身的 APICalls its own API 调用其他 Web APICalls another Web API
Javascript javascript-singlepageappjavascript-singlepageapp
Angular JS angularjs-singlepageappangularjs-singlepageapp angularjs-singlepageapp-corsangularjs-singlepageapp-cors

Web 应用程序Web Applications

可让用户登录、使用用户标识调用 Microsoft Graph 或 Web API 的 Web 应用程序Web Applications signing in users, calling Microsoft Graph, or a Web API with the user's identity

以下示例说明了 Web 应用程序签名用户。The following samples illustrate Web applications signing users. 其中一些应用程序还以已登录用户的名义调用 Microsoft Graph 或你自己的 Web API。Some of these applications also call the Microsoft Graph or your own Web API, in the name of the signed-in user.

平台Platform 仅让用户登录Only signs in users 调用 Microsoft Graph 或 AAD GraphCalls Microsoft Graph or AAD Graph 调用另一个 ASP.NET 或 ASP.NET Core 2.0 Web APICalls another ASP.NET or ASP.NET Core 2.0 Web API
ASP.NET

ASP.NET Core 2.0ASP.NET Core 2.0

dotnet-webapp-openidconnect-aspnetcoredotnet-webapp-openidconnect-aspnetcore webapp-webapi-multitenant-openidconnect-aspnetcorewebapp-webapi-multitenant-openidconnect-aspnetcore

(AAD Graph)(AAD Graph)

dotnet-webapp-webapi-openidconnect-aspnetcoredotnet-webapp-webapi-openidconnect-aspnetcore
ASP.NET 4.5

ASP.NET 4.5ASP.NET 4.5

webApp-openidconnect-dotnetwebApp-openidconnect-dotnet

webapp-WSFederation-dotNetwebapp-WSFederation-dotNet

dotnet-webapp-webapi-oauth2-useridentitydotnet-webapp-webapi-oauth2-useridentity

dotnet-webapp-multitenant-openidconnectdotnet-webapp-multitenant-openidconnect

(AAD Graph)(AAD Graph)

Python python-webapp-graphapipython-webapp-graphapi
Java java-webapp-openidconnectjava-webapp-openidconnect
Php php-graphapi-webphp-graphapi-web

演示基于角色的访问控制(授权)的 Web 应用程序Web applications demonstrating role-based access control (authorization)

以下示例演示如何实现基于角色的访问控制 (RBAC)。The following samples show how to implement role-based access control (RBAC). RBAC 用于将 Web 应用中某些功能的权限限制为某些用户。RBAC is used to restrict the permissions of certain features in a web application to certain users. 系统将根据用户是属于 Azure AD 组还是拥有一个给定的应用程序角色,对其进行授权。The users are authorized depending on whether they belong to an Azure AD group or have a given application role.

平台Platform 示例Sample
ASP.NET 4.5

ASP.NET 4.5ASP.NET 4.5

dotnet-webapp-groupclaimsdotnet-webapp-groupclaims

dotnet-webapp-roleclaimsdotnet-webapp-roleclaims

调用 Microsoft Graph 或 Web API 的桌面和移动公共客户端应用程序Desktop and mobile public client applications calling Microsoft Graph or a Web API

以下示例演示了以用户身份访问 Microsoft Graph 或 Web API 的公共客户端应用程序(桌面/移动应用程序)。The following samples illustrate public client applications (desktop/mobile applications) that access the Microsoft Graph or a Web API in the name of a user. 根据设备和平台,应用程序可以用不同方式(流/授权)让用户登录:Depending on the devices and platforms, applications can sign in users in different ways (flows/grants):

  • 交互方式、interactively,
  • 无提示方式(使用 Windows 上集成的 Windows 身份验证或用户名/密码),silently (with Integrated Windows Authentication on Windows, or Username/Password),
  • 或者甚至通过将交互式登录委托给另一个设备(在不提供 Web 控件的设备上使用的设备代码流)。or even by delegating the interactive sign-in to another device (device code flow used on devices which don't provide web controls).
客户端应用程序Client application 平台Platform 流/授权Flow/Grant 调用 Microsoft GraphCalls Microsoft Graph 调用 ASP.NET 或 ASP.NET Core 2.x Web APICalls an ASP.NET or ASP.NET Core 2.x Web API
桌面 (WPF)Desktop (WPF) .NET/C# 交互Interactive dotnet-native-multitarget 的一部分Part of dotnet-native-multitarget Dotnet-native-desktopDotnet-native-desktop

dotnet-native-aspnetcoredotnet-native-aspnetcore

dotnet-webapi-manual-jwt-validationdotnet-webapi-manual-jwt-validation
移动 (UWP)Mobile (UWP) 上获取。..NET/C#/UWP 交互Interactive dotnet-native-uwp-wamdotnet-native-uwp-wam

此示例使用 WAM,而不是 ADAL.NETThis sample uses WAM, not ADAL.NET

dotnet-windows-store(使用 ADAL.NET 调用单租户 Web API 的 UWP 应用程序)dotnet-windows-store (UWP application using ADAL.NET to call a single tenant Web API)

dotnet-webapi-multite nant-windows-store(使用 ADAL.NET 调用多租户 Web API 的 UWP 应用程序)dotnet-webapi-multitenant-windows-store (UWP application using ADAL.NET to call a multi-tenant Web API)

移动(Android、iOS、UWP)Mobile (Android, iOS, UWP) .NET/C# (Xamarin) 交互Interactive dotnet-native-multitargetdotnet-native-multitarget
移动 (Android)Mobile (Android) Android / Java 交互Interactive androidandroid
移动 (iOS)Mobile (iOS) iOS / Objective C 或 swift 交互Interactive nativeClient-iOSnativeClient-iOS
桌面(控制台)Desktop (Console) .NET/C# 用户名/密码Username / Password

Windows 集成身份验证Integrated Windows Authentication

dotnet-native-headlessdotnet-native-headless
桌面(控制台)Desktop (Console) Java 控制台 用户名/密码Username / Password java-native-headlessjava-native-headless
桌面(控制台)Desktop (Console) .NET Core/C# 设备代码流Device code flow dotnet-deviceprofiledotnet-deviceprofile

守护程序应用程序(使用应用程序标识访问 Web API)Daemon applications (accessing Web APIs with the application's identity)

以下示例展示了可在无用户的情况下(使用应用程序标识)访问 Microsoft Graph 或 Web API 的桌面或 Web 应用程序。The following samples show desktop or web applications that access the Microsoft Graph or a web API with no user (with the application identity).

客户端应用程序Client application 平台Platform 流/授权Flow/Grant 调用 ASP.NET 或 ASP.NET Core 2.0 Web APICalls an ASP.NET or ASP.NET Core 2.0 Web API
守护程序应用(控制台)Daemon app (Console) .NET 使用应用密码或证书的客户端凭据Client Credentials with app secret or certificate dotnet-daemondotnet-daemon

dotnet-daemon-certificate-credentialdotnet-daemon-certificate-credential

守护程序应用(控制台)Daemon app (Console) .NET 使用证书的客户端凭据Client Credentials with certificate dotnetcore-daemon-certificate-credentialdotnetcore-daemon-certificate-credential
ASP.NET Web 应用ASP.NET Web App .NET 客户端凭据Client credentials dotnet-webapp-webapi-oauth2-appidentitydotnet-webapp-webapi-oauth2-appidentity

Web APIWeb APIs

受 Azure Active Directory 保护的 Web APIWeb API protected by Azure Active Directory

以下示例展示了如何使用 Azure AD 保护 node.js Web API。The following sample shows how to protect a node.js web API with Azure AD.

在本文的前几部分中,还可以找到其他示例,这些示例演示了一个调用 ASP.NET 或 ASP.NET Core Web API 的客户端应用程序。In the previous sections of this article, you can also find other samples illustrating a client application calling an ASP.NET or ASP.NET Core Web API. 本部分不再提及这些示例,但你可以在上表或下表的最后一列中找到它们These samples are not mentioned again in this section, but you will find them in the last column of the tables above or below

平台Platform 示例Sample
Php node-webapinode-webapi

调用 Microsoft Graph 或另一个 Web API 的 Web APIWeb API calling Microsoft Graph or another Web API

以下示例展示了调用另一个 Web API 的 Web API。The following sample demonstrates a web API that calls another web API.

平台Platform 调用 Microsoft GraphCalls Microsoft Graph 调用另一个 ASP.NET 或 ASP.NET Core 2.0 Web APICalls another ASP.NET or ASP.NET Core 2.0 Web API
ASP.NET 4.5

ASP.NET 4.5ASP.NET 4.5

dotnet-webapi-onbehalfofdotnet-webapi-onbehalfof

dotnet-webapi-onbehalfofdotnet-webapi-onbehalfof

其他 Microsoft Graph 示例Other Microsoft Graph samples

有关演示 Microsoft Graph API 的各种使用模式(包括向 Azure AD 进行身份验证)的示例和教程,请参阅 Microsoft Graph Community Samples & Tutorials(Microsoft Graph 社区示例和教程)。For samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community Samples & Tutorials.

另请参阅See also

Azure Active Directory 开发人员指南Azure Active Directory Developer's Guide

Azure Active Directory 身份验证库Azure Active Directory Authentication libraries

Azure AD 图形 API 概念和参考Azure AD Graph API Conceptual and Reference

Azure AD 图形 API 帮助程序库Azure AD Graph API Helper Library