Microsoft 标识平台代码示例(v2.0 终结点)Microsoft identity platform code samples (v2.0 endpoint)
可以使用 Microsoft 标识平台执行以下操作:You can use Microsoft identity platform to:
- 向 Web 应用程序和 Web API 添加身份验证和授权。Add authentication and authorization to your web applications and web APIs.
- 要求使用访问令牌来访问受保护的 Web API。Require an access token to access a protected web API.
本文简要介绍了 Microsoft 标识平台终结点示例并提供了指向这些示例的链接。This article briefly describes and provides you with links to samples for the Microsoft identity platform endpoint. 这些示例将展示其工作原理,并提供可以在应用程序中使用的代码片段。These samples show you how it's done, and also provide code snippets that you can use in your applications. 在代码示例页上,可以找到在要求、安装和设置方面提供帮助的详细自述主题。On the code sample page, you'll find detailed readme topics that help with requirements, installation, and setup. 代码中的注释可帮助你理解关键部分。Comments within the code help you understand the critical sections.
Note
如果对 v1.0 示例感兴趣,请参阅 Azure AD 代码示例(v1.0 终结点)。If you're interested in v1.0 samples, see Azure AD code samples (v1.0 endpoint).
若要了解每种示例类型的基本方案,请参阅 Microsoft 标识平台终结点的应用类型。To understand the basic scenario for each sample type, see App types for the Microsoft identity platform endpoint.
你也可以为 GitHub 上的示例做出补充。You can also contribute to the samples on GitHub. 若要了解如何操作,请参阅 Azure Active Directory 示例和文档。To learn how, see Azure Active Directory samples and documentation.
单页应用程序Single-page applications
这些示例展示了如何编写由 Microsoft 标识平台保护的单页应用程序。These samples show how to write a single-page application secured with Microsoft identity platform. 这些示例使用下列种类的 MSAL.js 之一。These samples use one of the flavors of MSAL.js.
| 平台Platform | 说明Description | 链接Link |
|---|---|---|
 JavaScript (msal.js) JavaScript (msal.js) |
调用 Microsoft GraphCalls Microsoft Graph | javascript-graphapi-v2javascript-graphapi-v2 |
| JavaScript (msal.js) JavaScript (msal.js) |
调用 B2CCalls B2C | b2c-javascript-msal-singlepageappb2c-javascript-msal-singlepageapp |
| JavaScript (msal.js) JavaScript (msal.js) |
调用自己的 Web APICalls own web API | javascript-singlepageapp-dotnet-webapi-v2javascript-singlepageapp-dotnet-webapi-v2 |
 JavaScript (MSAL Angular) JavaScript (MSAL Angular) |
调用 Microsoft GraphCalls Microsoft Graph | active-directory-javascript-singlepageapp-angularactive-directory-javascript-singlepageapp-angular |
| JavaScript (MSAL Angular) JavaScript (MSAL Angular) |
调用 B2CCalls B2C | active-directory-b2c-javascript-angular-spaactive-directory-b2c-javascript-angular-spa |
Web 应用程序Web applications
以下示例演示了将用户登录的 Web 应用。The following samples illustrate web applications that sign in users. 一些示例还演示了使用用户标识调用 Microsoft Graph 或你自己的 Web API 的应用程序。Some samples also demonstrate the application calling Microsoft Graph, or your own web API with the user's identity.
| 平台Platform | 仅让用户登录Only signs in users | 让用户登录并调用 Microsoft GraphSigns in users and calls Microsoft Graph | |
|---|---|---|---|
 ASP.NET Core 2.2ASP.NET Core 2.2 |
ASP.NET Core WebApp 让用户登录教程ASP.NET Core WebApp signs-in users tutorial | ASP.NET Core Web 应用调用 Microsoft Graph 阶段中的同一示例Same sample in the ASP.NET Core web app calls Microsoft Graph phase | |
 ASP.NETASP.NET |
ASP.NET 快速入门ASP.NET Quickstart dotnet-webapp-openidconnect-v2dotnet-webapp-openidconnect-v2 | dotnet-admin-restricted-scopes-v2dotnet-admin-restricted-scopes-v2 | msgraph-training-aspnetmvcappmsgraph-training-aspnetmvcapp |
 |
ms-identity-java-webappms-identity-java-webapp | ||
 |
ms-identity-python-webappms-identity-python-webapp | ||
 |
msgraph-training-rubyrailsappmsgraph-training-rubyrailsapp |
桌面和移动公共客户端应用Desktop and mobile public client apps
以下示例展示了以用户身份访问 Microsoft Graph API 或你自己的 Web API 的公共客户端应用程序(桌面或移动应用程序)。The following samples show public client applications (desktop or mobile applications) that access the Microsoft Graph API, or your own web API in the name of a user. 所有这些客户端应用程序均使用 Microsoft 身份验证库 (MSAL)。All these client applications use Microsoft Authentication Library (MSAL).
守护程序应用程序Daemon applications
下面的示例展示了一个应用程序,它使用自己的标识(没有用户)访问 Microsoft Graph API。The following samples show an application that accesses the Microsoft Graph API with its own identity (with no user).
| 客户端应用程序Client application | 平台Platform | 流/授权Flow/Grant | 调用 Microsoft GraphCalls Microsoft Graph |
|---|---|---|---|
| 控制台Console | ASP.NETASP.NET |
客户端凭据Client Credentials | dotnetcore-daemon-v2dotnetcore-daemon-v2 |
| Web 应用Web app | ASP.NETASP.NET |
客户端凭据Client Credentials | dotnet-daemon-v2dotnet-daemon-v2 |
| 控制台Console | |
客户端凭据Client Credentials | ms-identity-java-daemonms-identity-java-daemon |
| 控制台Console | |
客户端凭据Client Credentials | ms-identity-python-daemonms-identity-python-daemon |
无外设应用程序Headless applications
以下示例展示了在没有 Web 浏览器的设备上运行的公共客户端应用程序。The following sample shows a public client application running on a device without a web browser. 该应用可以是命令行工具,可以是在 Linux 或 Mac 上运行的应用,还可以是 IoT 应用程序。The app can be a command-line tool, an app running on Linux or Mac, or an IoT application. 此示例提供了一个应用,以用户身份访问 Microsoft Graph API,该用户以交互方式在另一台设备上登录(例如移动电话)。The sample features an app accessing the Microsoft Graph API, in the name of a user who signs-in interactively on another device (such as a mobile phone). 此客户端应用程序使用 Microsoft 身份验证库 (MSAL)。This client application uses Microsoft Authentication Library (MSAL).
| 客户端应用程序Client application | 平台Platform | 流/授权Flow/Grant | 调用 Microsoft GraphCalls Microsoft Graph |
|---|---|---|---|
| 桌面(控制台)Desktop (Console) | |
设备代码流Device code flow | dotnetcore-devicecodeflow-v2dotnetcore-devicecodeflow-v2 |
| 桌面(控制台)Desktop (Console) | |
设备代码流Device code flow | ms-identity-java-devicecodeflowms-identity-java-devicecodeflow |
| 桌面(控制台)Desktop (Console) | |
设备代码流Device code flow | ms-identity-python-devicecodeflowms-identity-python-devicecodeflow |
Web APIWeb APIs
以下示例展示了如何使用 Microsoft 标识平台终结点保护 Web API,以及如何从 Web API 调用下游 API。The following samples show how to protect a web API with the Microsoft identity platform endpoint, and how to call a downstream API from the web API.
| 平台Platform | 示例Sample |
|---|---|
| ASP.NET Core 2.2ASP.NET Core 2.2 |
dotnet-native-aspnetcore-v2 的 ASP.NET Core Web API(服务)ASP.NET Core web API (service) of dotnet-native-aspnetcore-v2 |
 ASP.NET MVCASP.NET MVC |
ms-identity-aspnet-webapi-onbehalfof 的 Web API(服务)Web API (service) of ms-identity-aspnet-webapi-onbehalfof |
|
ms-identity-java-webapi 的 Web API(服务)Web API (service) of ms-identity-java-webapi |
 |
active-directory-javascript-nodejs-webapi-v2 的 Web API(服务)Web API (service) of active-directory-javascript-nodejs-webapi-v2 |
|
active-directory-b2c-javascript-nodejs-webapi 的 B2C Web API(服务)B2C Web API (service) of active-directory-b2c-javascript-nodejs-webapi |
Azure Functions 作为 Web APIAzure Functions as web APIs
以下示例演示如何使用 HttpTrigger 保护 Azure Functions 并通过 Microsoft 标识平台终结点公开 Web API,以及如何从 Web API 调用下游 API。The following samples show how to protect an Azure Function using HttpTrigger and exposing a web API with the Microsoft identity platform endpoint, and how to call a downstream API from the web API.
| 平台Platform | 示例Sample |
|---|---|
| ASP.NET Core 2.2ASP.NET Core 2.2 |
dotnet-native-aspnetcore-v2 的 ASP.NET Core Web API(服务)Azure FunctionsASP.NET Core web API (service) Azure Function of dotnet-native-aspnetcore-v2 |
| NodeJSNodeJS |
NodeJS 和 passport-azure-ad 的 Web API(服务)Web API (service) of NodeJS and passport-azure-ad |
| PythonPython |
Python 的 Web API(服务)Web API (service) of Python |
| NodeJSNodeJS |
使用代理流的 NodeJS 和 passport-azure-ad 的 Web API(服务)Web API (service) of NodeJS and passport-azure-ad using on behalf of |
其他 Microsoft Graph 示例Other Microsoft Graph samples
若要了解演示 Microsoft Graph API 的各种使用模式(包括向 Azure AD 进行身份验证)的示例和教程,请参阅 Microsoft Graph Community samples & tutorials(Microsoft Graph 社区示例和教程)。To learn about samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community samples & tutorials.