在 Visual Studio 中使用连接服务添加 Azure Active DirectoryAdd an Azure Active Directory by using Connected Services in Visual Studio

通过使用 Azure Active Directory (Azure AD),可以支持 ASP.NET MVC Web 应用程序的单一登录 (SSO) 或 Web API 服务中的 Active Directory 身份验证。By using Azure Active Directory (Azure AD), you can support Single Sign-On (SSO) for ASP.NET MVC web applications, or Active Directory Authentication in web API services. 通过 Azure AD 身份验证,用户可以使用其帐户从 Azure Active Directory 连接到 Web 应用程序。With Azure AD Authentication, your users can use their accounts from Azure Active Directory to connect to your web applications. 使用 Web API 进行 Azure AD 身份验证的优点包括从 Web 应用程序公开 API 时提供增强的数据安全性。The advantages of Azure AD Authentication with web API include enhanced data security when exposing an API from a web application. 通过 Azure AD,不需要使用其自己的帐户和用户管理来管理单独的身份验证系统。With Azure AD, you do not have to manage a separate authentication system with its own account and user management.

本文及其同类文章提供了对 Active Directory 使用 Visual Studio 连接服务功能的详细信息。This article and its companion articles provide details of using the Visual Studio Connected Service feature for Active Directory. Visual Studio 2015 及更高版本提供了该功能。The capability is available in Visual Studio 2015 and later.

目前,Active Directory 连接服务不支持 ASP.NET Core 应用程序。At present, the Active Directory connected service does not support ASP.NET Core applications.

先决条件Prerequisites

使用“连接服务”对话框连接到 Azure Active DirectoryConnect to Azure Active Directory using the Connected Services dialog

  1. 在 Visual Studio 中,创建或打开 ASP.NET MVC 项目或 ASP.NET Web API 项目。In Visual Studio, create or open an ASP.NET MVC project, or an ASP.NET Web API project. 可以使用 MVC、Web API、单页应用程序、Azure API 应用、Azure 移动应用和 Azure 移动服务模板。You can use the MVC, Web API, Single-Page Application, Azure API App, Azure Mobile App, and Azure Mobile Service templates.

  2. 选择“项目”>“添加连接服务...” 菜单命令,或双击解决方案资源管理器中项目下的“连接的服务” 节点。Select the Project > Add Connected Service... menu command, or double-click the Connected Services node found under the project in Solution Explorer.

  3. 在“连接服务” 页,选择“使用 Azure Active Directory 进行身份验证” 。On the Connected Services page, select Authentication with Azure Active Directory.

    “连接服务”页

  4. 在“简介” 页上,选择“下一步” 。On the Introduction page, select Next. 如果在此页上看到错误,请参阅使用 Azure Active Directory 连接服务诊断错误If you see errors on this page, refer to Diagnosing errors with the Azure Active Directory Connected Service.

    “简介”页

  5. 在“单一登录” 页上,从“域” 下拉列表中选择域。On the Single-Sign On page, select a domain from the Domain drop-down list. 该列表包含在 Visual Studio 的“帐户设置”对话框(“文件”>“帐户设置...” )中列出的帐户可以访问的所有域。如果没有找到要查找的域,作为替代方法,可以输入域名,如 mydomain.partner.onmschina.cnThe list contains all domains accessible by the accounts listed in the Account Settings dialog of Visual Studio (File > Account Settings...). As an alternative, you can enter a domain name if you don’t find the one you’re looking for, such as mydomain.partner.onmschina.cn. 可以选择用于创建 Azure Active Directory 应用的选项,也可以使用现有 Azure Active Directory 应用中的设置。You can choose the option to create an Azure Active Directory app or use the settings from an existing Azure Active Directory app. 完成后,选择“下一步” 。Select Next when done.

    “单一登录”页

  6. 在“目录访问权限” 页上,根据需要选择“读取目录数据” 。On the Directory Access page, select the Read directory data option as desired. 开发人员通常会选择此选项。Developers typically include this option.

    “目录访问权限”页

  7. 选择“完成” 以开始对项目进行修改,从而启用 Azure AD 身份验证。Select Finish to start modifications to your project to enable Azure AD authentication. Visual Studio 在此期间会显示进度:Visual Studio shows progress during this time:

    Active Directory 连接服务进度

  8. 处理完成后,Visual Studio 会根据项目类型,在浏览器中打开以下文章之一:When the process is complete, Visual Studio opens your browser to one of the following articles, as appropriate to your project type:

  9. 还可以在 Azure 门户中看到 Active Directory 域。You can also see the Active Directory domain on the Azure portal.

项目的修改情况How your project is modified

运行“添加连接服务”向导时,Visual Studio 会将 Azure Active Directory 和关联的引用添加到项目。When you add the connected service the wizard, Visual Studio adds Azure Active Directory and associated references to your project. 还会修改项目中的配置文件和代码文件以添加对 Azure AD 的支持。Configuration files and code files in your project are also modified to add support for Azure AD. Visual Studio 所做的特定修改取决于项目类型。The specific modifications that Visual Studio makes depend on the project type. 有关详细信息,请参阅以下文章:See the following articles for details:

后续步骤Next steps