Microsoft 标识平台代码示例(v2.0 终结点)Microsoft identity platform code samples (v2.0 endpoint)

你可以使用 Microsoft 标识平台执行以下操作:You can use the Microsoft identity platform to:

  • 向 Web 应用程序和 Web API 添加身份验证和授权。Add authentication and authorization to your web applications and web APIs.
  • 要求使用访问令牌来访问受保护的 Web API。Require an access token to access a protected web API.

本文简要介绍了 Microsoft 标识平台示例并提供了这些示例的链接。This article briefly describes and provides you with links to samples for the Microsoft identity platform. 这些示例将展示其工作原理,并提供可以在应用程序中使用的代码片段。These samples show you how it's done, and also provide code snippets that you can use in your applications. 在代码示例页上,可以找到在要求、安装和设置方面提供帮助的详细自述主题。On the code sample page, you'll find detailed readme topics that help with requirements, installation, and setup. 代码中的注释可帮助你理解关键部分。Comments within the code help you understand the critical sections.

若要了解每种示例类型的基本方案,请参阅 Microsoft 标识平台的应用类型To understand the basic scenario for each sample type, see App types for the Microsoft identity platform.

你也可以为 GitHub 上的示例做出补充。You can also contribute to the samples on GitHub. 若要了解如何操作,请参阅 Azure Active Directory 示例和文档To learn how, see Azure Active Directory samples and documentation.

单页应用程序Single-page applications

这些示例展示了如何编写由 Microsoft 标识平台保护的单页应用程序。These samples show how to write a single-page application secured with Microsoft identity platform. 这些示例使用下列种类的 MSAL.js 之一。These samples use one of the flavors of MSAL.js.

平台Platform 说明Description 链接Link
此图显示了 JavaScript 徽标 JavaScript (MSAL.js)This image shows the JavaScript logo JavaScript (MSAL.js) SPA 调用 Microsoft GraphSPA calls Microsoft Graph javascript-graphapi-v2javascript-graphapi-v2
此图显示了 JavaScript 徽标 JavaScript (MSAL.js 2.0)This image shows the JavaScript logo JavaScript (MSAL.js 2.0) SPA 使用含 PKCE 的身份验证代码流调用 Microsoft GraphSPA calls Microsoft Graph using Auth Code Flow w/ PKCE javascript-v2javascript-v2
此图显示了 JavaScript 徽标 JavaScript (MSAL.js)This image shows the JavaScript logo JavaScript (MSAL.js) SPA 调用 B2CSPA calls B2C b2c-javascript-msal-singlepageappb2c-javascript-msal-singlepageapp
此图显示了 JavaScript 徽标 JavaScript (MSAL.js 2.0)This image shows the JavaScript logo JavaScript (MSAL.js 2.0) SPA 使用含 PKCE 的身份验证代码流调用 B2CSPA calls B2C using Auth Code Flow w/PKCE b2c-javascript-spab2c-javascript-spa
此图显示了 JavaScript 徽标 JavaScript (MSAL.js 2.0)This image shows the JavaScript logo JavaScript (MSAL.js 2.0) SPA 调用自定义 Web API,后者反过来调用 Microsoft GraphSPA calls custom web API which in turn calls Microsoft Graph ms-identity-javascript-tutorial-chapter4-oboms-identity-javascript-tutorial-chapter4-obo
此图显示了 Angular 徽标 Angular (MSAL Angular)This image shows the Angular logo Angular (MSAL Angular) SPA 调用 Microsoft GraphSPA calls Microsoft Graph active-directory-javascript-singlepageapp-angularactive-directory-javascript-singlepageapp-angular
此图显示了 Angular 徽标 Angular (MSAL Angular 2.0)This image shows the Angular logo Angular (MSAL Angular 2.0) SPA 使用含 PKCE 的身份验证代码流调用 Microsoft GraphSPA calls Microsoft Graph using Auth Code Flow w/ PKCE ms-identity-javascript-angular-spams-identity-javascript-angular-spa
此图显示了 Angular 徽标 Angular (MSAL Angular 2.0)This image shows the Angular logo Angular (MSAL Angular 2.0) SPA 调用自定义 Web APISPA calls custom Web API ms-identity-javascript-angular-spa-aspnetcore-webapims-identity-javascript-angular-spa-aspnetcore-webapi
此图显示了 Angular 徽标 Angular (MSAL Angular)This image shows the Angular logo Angular (MSAL Angular) SPA 调用 B2CSPA calls B2C active-directory-b2c-javascript-angular-spaactive-directory-b2c-javascript-angular-spa
此图显示了 Angular 徽标 Angular (MSAL Angular 2.0)This image shows the Angular logo Angular (MSAL Angular 2.0) SPA 使用应用角色和安全组调用自定义 Web APISPA calls custom Web API with App Roles and Security Groups ms-identity-javascript-angular-spa-dotnetcore-webapi-roles-groupsms-identity-javascript-angular-spa-dotnetcore-webapi-roles-groups
此图显示了 React 徽标 React (MSAL React)This image shows the React logo React (MSAL React) SPA 使用含 PKCE 的身份验证代码流调用 Microsoft GraphSPA calls Microsoft Graph using Auth Code Flow w/ PKCE ms-identity-javascript-react-spams-identity-javascript-react-spa
此图显示了 React 徽标 React (MSAL React)This image shows the React logo React (MSAL React) SPA 调用自定义 Web APISPA calls custom web API ms-identity-javascript-react-tutorialms-identity-javascript-react-tutorial
此图显示了 React 徽标 React (MSAL.js 2.0)This image shows the React logo React (MSAL.js 2.0) SPA 调用自定义 Web API,后者反过来调用 Microsoft GraphSPA calls custom Web API which in turn calls Microsoft Graph ms-identity-javascript-react-spa-dotnetcore-webapi-oboms-identity-javascript-react-spa-dotnetcore-webapi-obo
此图显示了 Blazor 徽标 Blazor WebAssembly (MSAL.js)This image shows the Blazor logo Blazor WebAssembly (MSAL.js) Blazor WebAssembly 教程:通过 Azure Active Directory 让用户登录并调用 APIBlazor WebAssembly Tutorial to sign-in users and call APIs with Azure Active Directory ms-identity-blazor-wasmms-identity-blazor-wasm

Web 应用程序Web applications

以下示例演示了将用户登录的 Web 应用。The following samples illustrate web applications that sign in users. 一些示例还演示了使用用户标识调用 Microsoft Graph 或你自己的 Web API 的应用程序。Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.

平台Platform 仅让用户登录Only signs in users 让用户登录并调用 Microsoft GraphSigns in users and calls Microsoft Graph
此图显示了 ASP.NET Core 徽标

ASP.NET CoreASP.NET Core
ASP.NET Core WebApp 让用户登录教程ASP.NET Core WebApp signs-in users tutorial ASP.NET Core Web 应用调用 Microsoft Graph 阶段中的同一示例Same sample in the ASP.NET Core web app calls Microsoft Graph phase

高级示例:从后台应用、API 和服务访问已登录用户的令牌缓存Advanced sample Accessing the logged-in user's token cache from background apps, APIs and services
此图显示了 ASP.NET Framework 徽标

ASP.NET CoreASP.NET Core
请参阅适用于开发人员的 AD FS 到 Azure AD 应用程序迁移手册了解如何将与 Active Directory 联合身份验证服务 (AD FS) 集成的应用程序安全可靠地迁移到 Azure Active Directory (Azure AD)AD FS to Azure AD application migration playbook for developers to learn how to safely and securely migrate your applications integrated with Active Directory Federation Services (AD FS) to Azure Active Directory (Azure AD)
此图显示了 ASP.NET Framework 徽标

ASP.NETASP.NET
ASP.NET 快速入门ASP.NET Quickstart

dotnet-webapp-openidconnect-v2dotnet-webapp-openidconnect-v2
dotnet-admin-restricted-scopes-v2dotnet-admin-restricted-scopes-v2

msgraph-training-aspnetmvcappmsgraph-training-aspnetmvcapp
此图显示了 Java 徽标 Java Servlet 教程 - 第 1.1 章使用 AAD 登录Java Servlet Tutorial - Chapter 1.1 Sign in with AAD
此图显示了 Java 徽标 Java Servlet 教程 - 第 1.2 章使用 B2C 登录Java Servlet Tutorial - Chapter 1.2 Sign in with B2C
此图显示了 Java 徽标 Java Servlet 教程 - 第 2.1 章使用 AAD 登录并调用 GraphJava Servlet Tutorial - Chapter 2.1 Sign in with AAD and call Graph
此图显示了 Java 徽标 Java Servlet 教程 - 第 3.1 章使用 AAD 登录并使用角色声明控制访问Java Servlet Tutorial - Chapter 3.1 Sign in with AAD and control access with Roles claim
此图显示了 Java 徽标 Java Servlet 教程 - 第 3.2 章使用 AAD 登录并使用组声明控制访问Java Servlet Tutorial - Chapter 3.2 Sign in with AAD and control access with Groups claim
此图显示了 Java 徽标 Java Servlet 教程 - 第 4.1 章部署到 Azure 应用服务Java Servlet Tutorial - Chapter 4.1 Deploy to Azure App Service
此图显示了 Java 徽标 ms-identity-java-webappms-identity-java-webapp
此图显示了 Java 徽标 ms-identity-b2c-java-servlet-webapp-authenticationms-identity-b2c-java-servlet-webapp-authentication
此图显示了 Node.js 徽标

Node.js (MSAL Node)Node.js (MSAL Node)
Express Web 应用登录用户教程Express web app signs-in users tutorial
此图显示了 Python 徽标 Python Flask 教程 - 第 1.1 章使用 AAD 登录Python Flask Tutorial - Chapter 1.1 Sign in with AAD
此图显示了 Python 徽标 Python Flask 教程 - 第 1.2 章使用 B2C 登录Python Flask Tutorial - Chapter 1.2 Sign in with B2C
此图显示了 Python 徽标 Python Flask 教程 - 第 2.1 章使用 AAD 登录并调用 GraphPython Flask Tutorial - Chapter 2.1 Sign in with AAD and Call Graph
此图显示了 Python 徽标 Python Flask 教程 - 第 3.1 章部署到 Azure 应用服务Python Flask Tutorial - Chapter 3.1 Deploy to Azure App Service
此图显示了 Python 徽标 Python Django 教程 - 第 1.1 章使用 AAD 登录Python Django Tutorial - Chapter 1.1 Sign in with AAD
此图显示了 Python 徽标 Python Django 教程 - 第 1.2 章使用 B2C 登录Python Django Tutorial - Chapter 1.2 Sign in with B2C
此图显示了 Python 徽标 Python Django 教程 - 第 2.1 章使用 AAD 登录并调用 GraphPython Django Tutorial - Chapter 2.1 Sign in with AAD and Call Graph
此图显示了 Python 徽标 Python Django 教程 - 第 3.1 章部署到 Azure 应用服务Python Django Tutorial - Chapter 3.1 Deploy to Azure App Service
此图显示了 Python 徽标 Python Flask Web 应用Python Flask web app
此图显示了 Ruby 徽标 msgraph-training-rubyrailsappmsgraph-training-rubyrailsapp
此图显示了 Blazor 徽标

Blazor 服务器Blazor Server
Blazor Server 应用用户登录教程Blazor Server app signs-in users tutorial Blazor Server 应用调用 Microsoft GraphBlazor Server app calls Microsoft Graph

Chapterwise 教程:通过 Azure Active Directory 让用户登录并调用 API 的 Blazor Server 应用Chapterwise Tutorial: Blazor Server app to sign-in users and call APIs with Azure Active Directory

桌面和移动公共客户端应用Desktop and mobile public client apps

以下示例展示了以用户身份访问 Microsoft Graph API 或你自己的 Web API 的公共客户端应用程序(桌面或移动应用程序)。The following samples show public client applications (desktop or mobile applications) that access the Microsoft Graph API, or your own web API in the name of a user. 除了使用 WAM 的桌面(控制台)示例,所有这些客户端应用程序均使用 Microsoft 身份验证库 (MSAL)。Apart from the Desktop (Console) with WAM sample, all these client applications use the Microsoft Authentication Library (MSAL).

客户端应用程序Client application 平台Platform 流/授权Flow/grant 调用 Microsoft GraphCalls Microsoft Graph 调用 ASP.NET Core Web APICalls an ASP.NET Core web API
桌面教程 (.NET Core) - 可选择使用:Desktop tutorial (.NET Core) - Optionally using:

- 跨平台令牌缓存- the cross platform token cache

- 自定义 Web UI- custom web UI
此图显示了 .NET/C# 徽标 授权代码Authorization code ms-identity-dotnet-desktop-tutorialms-identity-dotnet-desktop-tutorial
桌面 (WPF)Desktop (WPF) 此图显示了 .NET 桌面/C# 徽标 授权代码Authorization code dotnet-desktop-msgraph-v2dotnet-desktop-msgraph-v2 dotnet-native-aspnetcore-v2dotnet-native-aspnetcore-v2
桌面(控制台)Desktop (Console) 此图显示了 .NET/C#(桌面)徽标 Windows 集成身份验证Integrated Windows Authentication dotnet-iwa-v2dotnet-iwa-v2
桌面(控制台)Desktop (Console) 此图显示了 Java 徽标 Windows 集成身份验证Integrated Windows Authentication ms-identity-java-desktopms-identity-java-desktop
桌面(控制台)Desktop (Console) 这是 .NET/C#(桌面)徽标 用户名/密码Username/Password dotnetcore-up-v2dotnetcore-up-v2
使用 WAM 的桌面(控制台)Desktop (Console) with WAM 这是 .NET/C#(桌面)的徽标 Web 帐户管理器 (WAM) 交互Interactive with Web Account Manager (WAM) dotnet-native-uwp-wamdotnet-native-uwp-wam
桌面(控制台)Desktop (Console) 此图显示了 Java 徽标 用户名/密码Username/Password ms-identity-java-desktopms-identity-java-desktop
桌面(控制台)Desktop (Console) 此图显示了 Python 徽标 用户名/密码Username/Password ms-identity-python-desktopms-identity-python-desktop
Desktop (Electron)Desktop (Electron) 此图显示了 Node.js 徽标

Node.js (MSAL Node)Node.js (MSAL Node)
授权代码 (PKCE)Authorization code (PKCE) ms-identity-javascript-nodejs-desktopms-identity-javascript-nodejs-desktop
移动(Android、iOS、UWP)Mobile (Android, iOS, UWP) 此图显示了 .NET/C# (Xamarin) 徽标 授权代码Authorization code xamarin-native-v2xamarin-native-v2
移动 (iOS)Mobile (iOS) 此图显示了 iOS/Objective-C 或 Swift 授权代码Authorization code ios-swift-objc-native-v2ios-swift-objc-native-v2

ios-native-nxoauth2-v2ios-native-nxoauth2-v2
桌面 (macOS)Desktop (macOS) macOSmacOS 授权代码Authorization code macOS-swift-objc-native-v2macOS-swift-objc-native-v2
移动 (Android-Java)Mobile (Android-Java) 此图显示了 Android 徽标 授权代码Authorization code android-Javaandroid-Java
移动 (Android-Kotlin)Mobile (Android-Kotlin) 此图显示了 Android 徽标 授权代码Authorization code android-Kotlinandroid-Kotlin

守护程序应用程序Daemon applications

下面的示例展示了一个应用程序,它使用自己的标识(没有用户)访问 Microsoft Graph API。The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).

客户端应用程序Client application 平台Platform 流/授权Flow/Grant 调用 Microsoft GraphCalls Microsoft Graph
控制台Console 此图显示了 .NET Core 徽标

ASP.NETASP.NET
客户端凭据Client Credentials dotnetcore-daemon-v2dotnetcore-daemon-v2
Web 应用Web app 显示 ASP.NET 徽标的屏幕截图。

ASP.NETASP.NET
客户端凭据Client Credentials dotnet-daemon-v2dotnet-daemon-v2
控制台Console 此图显示了 Java 徽标 客户端凭据Client Credentials ms-identity-java-daemonms-identity-java-daemon
控制台Console 此图显示了 Node.js 徽标

Node.js (MSAL Node)Node.js (MSAL Node)
客户端凭据Client Credentials ms-identity-javascript-nodejs-consolems-identity-javascript-nodejs-console
控制台Console 此图显示了 Python 徽标 客户端凭据Client Credentials ms-identity-python-daemonms-identity-python-daemon

无外设应用程序Headless applications

以下示例展示了在没有 Web 浏览器的设备上运行的公共客户端应用程序。The following sample shows a public client application running on a device without a web browser. 该应用可以是命令行工具,可以是在 Linux 或 Mac 上运行的应用,还可以是 IoT 应用程序。The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. 此示例提供了一个应用,以用户身份访问 Microsoft Graph API,该用户以交互方式在另一台设备上登录(例如移动电话)。The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). 此客户端应用程序使用 Microsoft 身份验证库 (MSAL)。This client application uses the Microsoft Authentication Library (MSAL).

客户端应用程序Client application 平台Platform 流/授权Flow/Grant 调用 Microsoft GraphCalls Microsoft Graph
桌面(控制台)Desktop (Console) 此图显示了 .NET/C#(桌面)徽标 设备代码流Device code flow dotnetcore-devicecodeflow-v2dotnetcore-devicecodeflow-v2
桌面(控制台)Desktop (Console) 此图显示了 Java 徽标 设备代码流Device code flow ms-identity-java-devicecodeflowms-identity-java-devicecodeflow
桌面(控制台)Desktop (Console) 此图显示了 Python 徽标 设备代码流Device code flow ms-identity-python-devicecodeflowms-identity-python-devicecodeflow

多租户 SaaS 应用程序Multi-tenant SaaS applications

以下示例演示了如何配置应用程序,使其接受来自 Azure Active Directory (Azure AD) 租户的登录。The following samples show how to configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. 将应用程序配置为多租户是指,你可向多个组织提供软件即服务 (SaaS) 应用程序,使它们的用户能够在同意后登录到你的应用程序。Configuring your application to be multi-tenant means that you can offer a Software as a Service (SaaS) application to many organizations, allowing their users to be able to sign-in to your application after providing consent.

平台Platform 说明Description 链接Link
此图显示了 Angular 徽标 Angular (MSAL Angular 2.0)This image shows the Angular logo Angular (MSAL Angular 2.0) 多租户 SPA 调用图形 APIMulti-tenant SPA calls Graph API ms-identity-javascript-angular-spa-aspnet-webapi-multitenantms-identity-javascript-angular-spa-aspnet-webapi-multitenant
此图显示了 Angular 徽标 Angular (MSAL Angular 2.0)This image shows the Angular logo Angular (MSAL Angular 2.0) 多租户 SPA 调用多租户自定义 Web APIMulti-tenant SPA calls multi-tenant custom Web API ms-identity-javascript-angular-spa-aspnet-webapi-multitenantms-identity-javascript-angular-spa-aspnet-webapi-multitenant
此图显示了 ASP.NET Core 徽标 .NET Core (MSAL.NET)This image shows the ASP.NET Core logo .NET Core (MSAL.NET) ASP.NET Core MVC Web 应用程序调用图形 APIASP.NET Core MVC web application calls Graph API active-directory-aspnetcore-webapp-openidconnect-v2active-directory-aspnetcore-webapp-openidconnect-v2
此图显示了 ASP.NET Core 徽标 .NET Core (MSAL.NET)This image shows the ASP.NET Core logo .NET Core (MSAL.NET) ASP.NET Core MVC Web 应用程序调用 ASP.NET Core Web APIASP.NET Core MVC web application calls ASP.NET Core Web API active-directory-aspnetcore-webapp-openidconnect-v2active-directory-aspnetcore-webapp-openidconnect-v2

Web APIWeb APIs

以下示例展示了如何使用 Microsoft 标识平台保护 Web API,以及如何从 Web API 调用下游 API。The following samples show how to protect a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

平台Platform 示例Sample
此图显示了 ASP.NET Core 徽标

ASP.NET CoreASP.NET Core
dotnet-native-aspnetcore-v2 的 ASP.NET Core Web API(服务)ASP.NET Core web API (service) of dotnet-native-aspnetcore-v2
此图显示了 ASP.NET 徽标

ASP.NET MVCASP.NET MVC
ms-identity-aspnet-webapi-onbehalfof 的 Web API(服务)Web API (service) of ms-identity-aspnet-webapi-onbehalfof
此图显示了 Java 徽标 ms-identity-java-webapi 的 Web API(服务)Web API (service) of ms-identity-java-webapi
此图显示了 Node.js 徽标

Node.js (Passport.js)Node.js (Passport.js)
active-directory-javascript-nodejs-webapi-v2 的 Web API(服务)Web API (service) of active-directory-javascript-nodejs-webapi-v2
此图显示了 Node.js 徽标

Node.js (Passport.js)Node.js (Passport.js)
active-directory-b2c-javascript-nodejs-webapi 的 B2C Web API(服务)B2C Web API (service) of active-directory-b2c-javascript-nodejs-webapi

Azure Functions 作为 Web APIAzure Functions as web APIs

以下示例演示如何使用 HttpTrigger 保护 Azure Function 并通过 Microsoft 标识平台公开 Web API,以及如何从 Web API 调用下游 API。The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform, and how to call a downstream API from the web API.

平台Platform 示例Sample
此图显示了 ASP.NET Core 徽标

ASP.NET CoreASP.NET Core
dotnet-native-aspnetcore-v2 的 ASP.NET Core Web API(服务)Azure FunctionsASP.NET Core web API (service) Azure Function of dotnet-native-aspnetcore-v2
此图显示了 Python 徽标

PythonPython
Python 的 Web API(服务)Web API (service) of Python
此图显示了 Node.js 徽标

Node.js (Passport.js)Node.js (Passport.js)
Node.js 和 passport-azure-ad 的 Web API(服务)Web API (service) of Node.js and passport-azure-ad
此图显示了 Node.js 徽标

Node.js (Passport.js)Node.js (Passport.js)
使用 on behalf of 的 Node.js 和 passport-azure-ad 的 Web API(服务)Web API (service) of Node.js and passport-azure-ad using on behalf of

其他 Microsoft Graph 示例Other Microsoft Graph samples

若要了解演示 Microsoft Graph API 的各种使用模式(包括向 Azure AD 进行身份验证)的示例和教程,请参阅 Microsoft Graph Community samples & tutorials(Microsoft Graph 社区示例和教程)。To learn about samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community samples & tutorials.

另请参阅See also

Microsoft Graph API 概念和参考Microsoft Graph API conceptual and reference