调用 Web API 的 Web API:应用注册A web API that calls web APIs: App registration

调用下游 Web API 的 Web API 与受保护的 Web API 具有相同的注册。A web API that calls downstream web APIs has the same registration as a protected web API. 请按照受保护的 Web API:应用注册中的说明进行操作。Follow the instructions in Protected web API: App registration.

由于 Web 应用现在调用 Web API,因此它将成为一个机密客户端应用程序。Because the web app now calls web APIs, it becomes a confidential client application. 这就是为什么需要额外的注册信息的原因:应用需要与 Microsoft 标识平台共享机密(客户端凭据)。That's why extra registration information is required: the app needs to share secrets (client credentials) with the Microsoft identity platform.

添加客户端机密或证书Add a client secret or certificate

与任何机密客户端应用程序一样,你需要添加一个机密或证书来充当该应用程序的凭据,以便它可以自行进行身份验证,而无需用户交互。As with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.

可以使用 Azure 门户或使用 PowerShell 之类的命令行工具向客户端应用的注册添加凭据。You can add credentials to your client app's registration by using the Azure portal or by using a command-line tool like PowerShell.

使用 Azure 门户添加客户端凭据Add client credentials by using the Azure portal

若要将凭据添加到机密客户端应用程序的应用注册,请按照快速入门:将应用程序注册到 Microsoft 标识平台中的步骤针对你要添加的凭据类型进行操作:To add credentials to your confidential client application's app registration, follow the steps in Quickstart: Register an application with the Microsoft identity platform for the type of credential you want to add:

使用 PowerShell 添加客户端凭据Add client credentials by using PowerShell

另外,也可以在使用 PowerShell 将应用程序注册到 Microsoft 标识平台时添加凭据。Alternatively, you can add credentials when you register your application with the Microsoft identity platform by using PowerShell.

GitHub 上的 active-directory-dotnetcore-daemon-v2 代码示例显示了如何在注册应用程序时添加应用程序机密或证书:The active-directory-dotnetcore-daemon-v2 code sample on GitHub shows how to add an application secret or certificate when registering an application:

API 权限API permissions

Web 应用代表收到持有者令牌的用户调用 API。Web apps call APIs on behalf of users for whom the bearer token was received. Web 应用需要请求委托的权限。The web apps need to request delegated permissions. 有关详细信息,请参阅添加访问 Web API 的权限For more information, see Add permissions to access your web API.

后续步骤Next steps

转到此方案中的下一篇文章:应用代码配置Move on to the next article in this scenario, App Code configuration.