方案:用于调用 Web API 的 桌面应用Scenario: Desktop app that calls web APIs

了解构建用于调用 Web API 的桌面应用所需的一切。Learn all you need to build a desktop app that calls web APIs.

先决条件Prerequisites

在阅读本文之前,应熟悉以下概念:Before reading this article, you should be familiar with the following concepts:

入门Get started

如果尚未创建第一个应用程序,请按照 .NET 桌面快速入门、通用 Windows 平台 (UWP) 快速入门或 macOS 本机应用程序快速入门进行创建:If you haven't already, create your first application by following the .NET desktop quickstart, the Universal Windows Platform (UWP) quickstart, or the macOS native app quickstart:

概述Overview

编写桌面应用程序后,想要将用户登录到应用程序,并调用 Web API,如 Microsoft Graph、其他 Microsoft API 或自己的 Web API。You write a desktop application, and you want to sign in users to your application and call web APIs such as Microsoft Graph, other Microsoft APIs, or your own web API. 有几种可能的选择:You have several possibilities:

  • 可以使用交互式令牌获取:You can use the interactive token acquisition:

    • 如果您的桌面应用程序支持图形控件,例如,它是一个 Windows.Form 应用程序、一个 WPF 应用程序或一个 macOS 本机应用程序。If your desktop application supports graphical controls, for instance, if it's a Windows.Form application, a WPF application, or a macOS native application.
    • 或者,如果它是 .NET Core 应用程序,并且你同意在系统浏览器中与 Azure Active Directory (Azure AD) 进行身份验证交互。Or, if it's a .NET Core application and you agree to have the authentication interaction with Azure Active Directory (Azure AD) happen in the system browser.
  • 对于 Windows 托管的应用程序,在已加入 Windows 域或 Azure AD 的计算机上运行的应用程序也可以使用集成 Windows 身份验证以无提示方式获取令牌。For Windows hosted applications, it's also possible for applications running on computers joined to a Windows domain or Azure AD joined to acquire a token silently by using Integrated Windows Authentication.

  • 最后,虽然不推荐但也可以在公共客户端应用程序中使用用户名和密码。Finally, and although it's not recommended, you can use a username and a password in public client applications. 在某些方案(例如 DevOps)中仍需要它。It's still needed in some scenarios like DevOps. 但是,使用它会对应用程序施加约束。Using it imposes constraints on your application. 例如,它无法使需要执行多重身份验证(条件访问)的用户登录。For instance, it can't sign in a user who needs to perform multi-factor authentication (conditional access). 此外,应用程序将无法受益于单一登录 (SSO)。Also, your application won't benefit from single sign-on (SSO).

    它也不适用于新式身份验证原则,仅出于遗留原因提供。It's also against the principles of modern authentication and is only provided for legacy reasons.

    桌面应用程序

  • 如果编写可移植命令行工具(可能是在 Linux 或 Mac 上运行的 .NET Core 应用程序),并且如果接受将身份验证委派给系统浏览器,则可以使用交互式身份验证。If you write a portable command-line tool, probably a .NET Core application that runs on Linux or Mac, and if you accept that authentication will be delegated to the system browser, you can use interactive authentication. .NET Core 不提供 Web 浏览器,因此会在系统浏览器中进行身份验证。.NET Core doesn't provide a web browser, so authentication happens in the system browser. 否则,在这种情况下,最好的选择是使用设备代码流。Otherwise, the best option in that case is to use device code flow. 此流还适用于没有浏览器的应用程序,如 IoT 应用程序。This flow is also used for applications without a browser, such as IoT applications.

    无浏览器应用程序

特性Specifics

桌面应用程序具有很多特性。Desktop applications have a number of specificities. 它们主要取决于你的应用程序是否使用交互式身份验证。They depend mainly on whether your application uses interactive authentication or not.

后续步骤Next steps