方案:用于调用 Web API 的 桌面应用Scenario: Desktop app that calls web APIs

了解构建调用 Web API 的桌面应用所需的一切。Learn all you need to build a desktop app that calls web APIs.

必备条件Prerequisites

在阅读本文之前,应熟悉以下概念:Before reading this article, you should be familiar with the following concepts:

入门Get started

如果尚未创建你的第一个应用程序,请按照 .NET 桌面快速入门、通用 Windows 平台 (UWP) 快速入门或 macOS 本机应用快速入门进行创建:If you haven't already, create your first application by following the .NET desktop quickstart, the Universal Windows Platform (UWP) quickstart, or the macOS native app quickstart:

概述Overview

你编写桌面应用程序,需要将用户登录到应用程序并调用 Web API,例如 Microsoft Graph、其他 Microsoft API 或你自己的 Web API。You write a desktop application, and you want to sign in users to your application and call web APIs such as Microsoft Graph, other Microsoft APIs, or your own web API. 有几种可能性:You have several possibilities:

  • 在以下情况下,可以使用交互式令牌获取:You can use the interactive token acquisition:

    • 如果桌面应用程序支持图形控制,例如,它是 Windows.Form 应用程序、WPF 应用程序或 macOS 本机应用程序。If your desktop application supports graphical controls, for instance, if it's a Windows.Form application, a WPF application, or a macOS native application.
    • 或者,如果它是 .NET Core 应用程序,并且你同意在系统浏览器中与 Azure Active Directory (Azure AD) 进行身份验证交互。Or, if it's a .NET Core application and you agree to have the authentication interaction with Azure Active Directory (Azure AD) happen in the system browser.
  • 对于 Windows 托管的应用程序,也可让加入到 Windows 域或已加入 Azure AD 的计算机上运行的应用程序使用集成 Windows 身份验证以无提示方式获取令牌。For Windows hosted applications, it's also possible for applications running on computers joined to a Windows domain or Azure AD joined to acquire a token silently by using Integrated Windows Authentication.

  • 最后,可以在公共客户端应用程序中使用用户名和密码,虽然不建议使用这种方式。Finally, and although it's not recommended, you can use a username and a password in public client applications. 在某些方案中仍然需要使用此方式。It's still needed in some scenarios. 使用此方式会对应用程序施加约束。Using it imposes constraints on your application. 例如,它无法将需要执行多重身份验证的用户登录。For instance, it can't sign in a user who needs to perform multifactor authentication. 另外,应用程序无法利用单一登录 (SSO)。Also, your application won't benefit from single sign-on (SSO).

    它也违反新式身份验证的原则,提供它只是出于历史原因。It's also against the principles of modern authentication and is only provided for legacy reasons.

    桌面应用程序

  • 如果要编写可移植的命令行工具(可能是在 Linux 或 Mac 上运行的 .NET Core 应用程序),并且如果你接受将身份验证委托给系统浏览器,则可以使用交互式身份验证。If you write a portable command-line tool, probably a .NET Core application that runs on Linux or Mac, and if you accept that authentication will be delegated to the system browser, you can use interactive authentication. .NET Core 未提供 Web 浏览器,因此将在系统浏览器中进行身份验证。.NET Core doesn't provide a web browser, so authentication happens in the system browser. 否则,在这种情况下,最佳选择是使用设备代码流。Otherwise, the best option in that case is to use device code flow. 此流也用于无浏览器的应用程序,例如 IoT 应用程序。This flow is also used for applications without a browser, such as IoT applications.

    无浏览器应用程序

详情Specifics

桌面应用程序有许多特异性。Desktop applications have a number of specificities. 这主要取决于你的应用程序是否使用交互式身份验证。They depend mainly on whether your application uses interactive authentication or not.

后续步骤Next steps