调用 Web API 的 Web 应用:应用注册A web app that calls web APIs: App registration

调用 Web API 的 Web 应用与登录用户的 Web 应用具有相同的注册。A web app that calls web APIs has the same registration as a web app that signs users in. 因此,请按照登录用户的 Web 应用:应用注册中的说明操作。So, follow the instructions in A web app that signs in users: App registration.

但是,由于 Web 应用现在也调用 Web API,因此它将成为一个机密客户端应用程序。However, because the web app now also calls web APIs, it becomes a confidential client application. 这就是需要额外注册的原因。That's why some extra registration is required. 此应用必须与 Microsoft 标识平台共享客户端凭据或机密 。The app must share client credentials, or secrets, with the Microsoft identity platform.

添加客户端机密或证书Add a client secret or certificate

与任何机密客户端应用程序一样,你需要添加一个机密或证书来充当该应用程序的凭据,以便它可以自行进行身份验证,而无需用户交互。As with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.

可以使用 Azure 门户或使用 PowerShell 之类的命令行工具向客户端应用的注册添加凭据。You can add credentials to your client app's registration by using the Azure portal or by using a command-line tool like PowerShell.

使用 Azure 门户添加客户端凭据Add client credentials by using the Azure portal

若要将凭据添加到机密客户端应用程序的应用注册,请按照快速入门:将应用程序注册到 Microsoft 标识平台中的步骤针对你要添加的凭据类型进行操作:To add credentials to your confidential client application's app registration, follow the steps in Quickstart: Register an application with the Microsoft identity platform for the type of credential you want to add:

使用 PowerShell 添加客户端凭据Add client credentials by using PowerShell

另外,也可以在使用 PowerShell 将应用程序注册到 Microsoft 标识平台时添加凭据。Alternatively, you can add credentials when you register your application with the Microsoft identity platform by using PowerShell.

GitHub 上的 active-directory-dotnetcore-daemon-v2 代码示例显示了如何在注册应用程序时添加应用程序机密或证书:The active-directory-dotnetcore-daemon-v2 code sample on GitHub shows how to add an application secret or certificate when registering an application:

API 权限API permissions

Web 应用代表已登录用户调用 API。Web apps call APIs on behalf of the signed-in user. 为此,它们必须请求委托的权限 。To do that, they must request delegated permissions. 有关详细信息,请参阅添加用于访问 Web API 的权限For details, see Add permissions to access your web API.

后续步骤Next steps