什么是 Microsoft 标识平台?What is the Microsoft identity platform?

Microsoft 标识平台有助于你构建这样的应用程序,你的用户和客户登录它们来使用其 Microsoft 标识或社交帐户,并提供对你的 API 或 Microsoft API(例如 Microsoft Graph)的授权访问。The Microsoft identity platform helps you build applications your users and customers can sign in to using their Microsoft identities or social accounts, and provide authorized access to your own APIs or Microsoft APIs like Microsoft Graph.

Microsoft 标识平台由多个组件组成:There are several components that make up the Microsoft identity platform:

  • 符合 OAuth 2.0 和 OpenID Connect 标准的身份验证服务,使开发人员能够对多个标识类型进行身份验证并,包括:OAuth 2.0 and OpenID Connect standard-compliant authentication service enabling developers to authenticate several identity types, including:
    • 通过 Azure AD 预配的工作或学校帐户Work or school accounts, provisioned through Azure AD
    • 社交或本地帐户(通过 Azure AD B2C)Social or local accounts, by using Azure AD B2C
  • 开放源代码库 :Microsoft 身份验证库 (MSAL),并支持其他符合标准的库Open-source libraries : Microsoft Authentication Libraries (MSAL) and support for other standards-compliant libraries
  • 应用程序管理门户 :Azure 门户中注册和配置体验,以及其他 Azure 管理功能。Application management portal : A registration and configuration experience in the Azure portal, along with the other Azure management capabilities.
  • 应用程序配置 API 和 PowerShell :允许通过 Microsoft Graph API 和 PowerShell 以编程方式配置应用程序,以便自动执行 DevOps 任务。Application configuration API and PowerShell : Programmatic configuration of your applications through the Microsoft Graph API and PowerShell so you can automate your DevOps tasks.
  • 开发人员内容 :技术文档,包括快速入门、教程、操作指南和代码示例。Developer content : Technical documentation including quickstarts, tutorials, how-to guides, and code samples.

对于开发人员而言,Microsoft 标识平台可集成到标识和安全领域的新式创新中,例如无密码身份验证、升级身份验证和条件访问。For developers, the Microsoft identity platform offers integration of modern innovations in the identity and security space like passwordless authentication, step-up authentication, and Conditional Access. 你不需要自己实现这样的功能:集成了 Microsoft 标识平台的应用程序原本就可以利用这样的创新。You don’t need to implement such functionality yourself: applications integrated with the Microsoft identity platform natively take advantage of such innovations.

使用 Microsoft 标识平台,你可以编写一次代码并影响任何用户。With the Microsoft identity platform, you can write code once and reach any user. 你可以构建一次应用并使其在许多平台上运行,也可以构建充当客户端以及资源应用程序 (API) 的应用。You can build an app once and have it work across many platforms, or build an app that functions as a client as well as a resource application (API).

入门Getting started

选择要构建的应用程序方案Choose the application scenario you'd like to build. 这些方案路径中的每一条都以概述和指向快速启动的链接开始,以帮助你启动并运行:Each of these scenario paths starts with an overview and links to a quickstart to help you get up and running:

使用 Microsoft 标识平台在应用程序中集成身份验证和授权时,可以参考此图像,其中概述了最常见的应用方案及其标识组件。As you work with the Microsoft identity platform to integrate authentication and authorization in your apps, you can refer to this image that outlines the most common app scenarios and their identity components. 点击图像可查看其完整大小。Select the image to view it full-size.

显示 Microsoft 标识平台中多种应用程序方案的地铁样式图Metro map showing several application scenarios in Microsoft identity platform

了解身份验证概念Learn authentication concepts

通过以下推荐文章,了解核心身份验证和 Azure AD 概念如何应用于 Microsoft 标识平台:Learn how core authentication and Azure AD concepts apply to the Microsoft identity platform in this recommended set of articles:

更多标识和访问管理选项More identity and access management options

Azure AD B2C - 构建面向客户的应用程序,使你的用户可以使用微博或微信等社交帐户登录,也可以使用电子邮件地址和密码登录。Azure AD B2C - Build customer-facing applications your users can sign in to using their social accounts like weibo or wechat, or by using an email address and password.

Azure AD B2B - 邀请外部用户加入你的 Azure AD 租户,作为可向其分配权限(用于授权)的“来宾”用户,同时他们可以使用其现有凭据进行身份验证。Azure AD B2B - Invite external users into your Azure AD tenant as "guest" users, and assign permissions for authorization while they use their existing credentials for authentication.

面向开发人员的 Azure Active Directory (v1.0) - 此处向开发人员显示使用较旧的 v1.0 终结点的现有应用。Azure Active Directory for developers (v1.0) - Shown here for developers with existing apps that use the older v1.0 endpoint. 对于新项目,请勿使用 v1.0。Do not use v1.0 for new projects.

后续步骤Next steps

如果你有一个 Azure 帐户,且有权访问 Azure Active Directory 租户,但大多数 Microsoft 标识平台开发人员在开发应用程序时都需要其自己的 Azure AD 租户,即“开发租户”。If you have an Azure account you already have access to an Azure Active Directory tenant, but most Microsoft identity platform developers need their own Azure AD tenant for use while developing applications, a "dev tenant."

了解如何在构建应用程序时创建自己的租户:Learn how to create your own tenant for use while building your applications:

快速入门:设置 Azure AD 租户Quickstart: Set up an Azure AD tenant