我的 MVC 项目(Visual Studio Azure Active Directory 连接服务)发生了什么情况?What happened to my MVC project (Visual Studio Azure Active Directory connected service)?

本文介绍在使用 Visual Studio 添加 Azure Active Directory 连接服务时,对 ASP.NET MVC 项目所做的具体更改。This article identifies the exact changes made to am ASP.NET MVC project when adding the Azure Active Directory connected service using Visual Studio.

有关使用连接服务的信息,请参阅入门For information on working with the connected service, see Getting Started.

添加的引用Added references

影响项目文件 *.NET 引用和 packages.config(NuGet 引用)。Affects the project file *.NET references) and packages.config (NuGet references).

类型Type 参考Reference
.NET; NuGet.NET; NuGet Microsoft.IdentityModel.Protocol.ExtensionsMicrosoft.IdentityModel.Protocol.Extensions
.NET; NuGet.NET; NuGet Microsoft.OwinMicrosoft.Owin
.NET; NuGet.NET; NuGet Microsoft.Owin.Host.SystemWebMicrosoft.Owin.Host.SystemWeb
.NET; NuGet.NET; NuGet Microsoft.Owin.SecurityMicrosoft.Owin.Security
.NET; NuGet.NET; NuGet Microsoft.Owin.Security.CookiesMicrosoft.Owin.Security.Cookies
.NET; NuGet.NET; NuGet Microsoft.Owin.Security.OpenIdConnectMicrosoft.Owin.Security.OpenIdConnect
.NET; NuGet.NET; NuGet OwinOwin
.NET.NET System.IdentityModelSystem.IdentityModel
.NET; NuGet.NET; NuGet System.IdentityModel.Tokens.JwtSystem.IdentityModel.Tokens.Jwt
.NET.NET System.Runtime.SerializationSystem.Runtime.Serialization

选择了“读取目录数据” 选项时的其他引用:Additional references if you selected the Read directory data option:

类型Type 参考Reference
.NET; NuGet.NET; NuGet EntityFrameworkEntityFramework
.NET.NET EntityFramework.SqlServer(仅限 Visual Studio 2015)EntityFramework.SqlServer (Visual Studio 2015 only)
.NET; NuGet.NET; NuGet Microsoft.Azure.ActiveDirectory.GraphClientMicrosoft.Azure.ActiveDirectory.GraphClient
.NET; NuGet.NET; NuGet Microsoft.Data.EdmMicrosoft.Data.Edm
.NET; NuGet.NET; NuGet Microsoft.Data.ODataMicrosoft.Data.OData
.NET; NuGet.NET; NuGet Microsoft.Data.Services.ClientMicrosoft.Data.Services.Client
.NET; NuGet.NET; NuGet Microsoft.IdentityModel.Clients.ActiveDirectoryMicrosoft.IdentityModel.Clients.ActiveDirectory
.NET.NET Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms(仅限 Visual Studio 2015)Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms (Visual Studio 2015 only)
.NET; NuGet.NET; NuGet System.SpatialSystem.Spatial

删除了以下引用(仅限 ASP.NET 4 项目,如 Visual Studio 2015 中所示):The following references are removed (ASP.NET 4 projects only, as in Visual Studio 2015):

类型Type 参考Reference
.NET; NuGet.NET; NuGet Microsoft.AspNet.Identity.CoreMicrosoft.AspNet.Identity.Core
.NET; NuGet.NET; NuGet Microsoft.AspNet.Identity.EntityFrameworkMicrosoft.AspNet.Identity.EntityFramework
.NET; NuGet.NET; NuGet Microsoft.AspNet.Identity.OwinMicrosoft.AspNet.Identity.Owin

项目文件更改Project file changes

  • 将属性 IISExpressSSLPort 设置为不同的数字。Set the property IISExpressSSLPort to a distinct number.
  • 将属性 WebProject_DirectoryAccessLevelKey 设置为 0 或 1(如果选择了“读取目录数据” 选项)。Set the property WebProject_DirectoryAccessLevelKey to 0, or 1 if you selected the Read directory data option.
  • 将属性 IISUrl 设置为 https://localhost:<port>/,其中 <port> 匹配 IISExpressSSLPort 值。Set the property IISUrl to https://localhost:<port>/ where <port> matches the IISExpressSSLPort value.

web.config 或 app.config 发生更改web.config or app.config changes

  • 添加了以下配置条目:Added the following configuration entries:

    <appSettings>
        <add key="ida:ClientId" value="<ClientId from the new Azure AD app>" />
        <add key="ida:AADInstance" value="https://login.partner.microsoftonline.cn/" />
        <add key="ida:Domain" value="<your selected Azure domain>" />
        <add key="ida:TenantId" value="<the Id of your selected Azure AD tenant>" />
        <add key="ida:PostLogoutRedirectUri" value="<project start page, such as https://localhost:44335>" />
    </appSettings>
    
  • System.IdentityModel.Tokens.JwtMicrosoft.IdentityModel.Protocol.Extensions<runtime><assemblyBinding> 节点下添加了 <dependentAssembly> 元素。Added <dependentAssembly> elements under the <runtime><assemblyBinding> node for System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.Protocol.Extensions.

选择了“读取目录数据” 选项时的其他更改:Additional changes if you selected the Read directory data option:

  • <appSettings> 下添加了以下配置条目:Added the following configuration entry under <appSettings>:

    <add key="ida:ClientSecret" value="<Azure AD app's new client secret>" />
    
  • <configuration> 下添加了以下元素;project-mdf-file 和 project-catalog-id 的值将有变化:Added the following elements under <configuration>; values for the project-mdf-file and project-catalog-id will vary:

    <configSections>
      <!-- For more information on Entity Framework configuration, visit https://go.microsoft.com/fwlink/?LinkID=237468 -->
      <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    </configSections>
    
    <connectionStrings>
      <add name="DefaultConnection" connectionString="Data Source=(localdb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\<project-mdf-file>.mdf;Initial Catalog=<project-catalog-id>;Integrated Security=True" providerName="System.Data.SqlClient" />
    </connectionStrings>
    
    <entityFramework>
      <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
        <parameters>
          <parameter value="mssqllocaldb" />
        </parameters>
      </defaultConnectionFactory>
      <providers>
        <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
      </providers>
    </entityFramework>
    
  • Microsoft.Data.Services.ClientMicrosoft.Data.EdmMicrosoft.Data.OData<runtime><assemblyBinding> 节点下添加了 <dependentAssembly> 元素。Added <dependentAssembly> elements under the <runtime><assemblyBinding> node for Microsoft.Data.Services.Client, Microsoft.Data.Edm, and Microsoft.Data.OData.

代码更改和添加Code changes and additions

  • Controllers/HomeController.cs 和任何其他现有控制器添加了 [Authorize] 属性。Added the [Authorize] attribute to Controllers/HomeController.cs and any other existing controllers.

  • 添加了身份验证启动类 App_Start/Startup.Auth.cs,其中包含 Azure AD 身份验证的启动逻辑。Added an authentication startup class, App_Start/Startup.Auth.cs, containing startup logic for Azure AD authentication. 如果选择了“读取目录数据” 选项,则此文件还包含用于接收 OAuth 代码以及用 OAuth 代码交换访问令牌的代码。If you selected the Read directory data option, this file also contains code to receive an OAuth code and exchange it for an access token.

  • 添加了控制器类 Controllers/AccountController.cs,其中包含 SignInSignOut 方法。Added a controller class, Controllers/AccountController.cs, containing SignIn and SignOut methods.

  • 添加了分部视图 Views/Shared/_LoginPartial.cshtml,其中包含 SignInSignOut 的操作链接。Added a partial view, Views/Shared/_LoginPartial.cshtml, containing an action link for SignIn and SignOut.

  • 添加了分部视图 Views/Account/SignoutCallback.cshtml,其中包含注销 UI 的 HTML。Added a partial view, Views/Account/SignoutCallback.cshtml, containing HTML for sign-out UI.

  • 更新了 Startup.Configuration 方法,以包含当类存在时对 ConfigureAuth(app) 的调用;否则添加包含调用方法的 Startup 类。Updated the Startup.Configuration method to include a call to ConfigureAuth(app) if the class already existed; otherwise added a Startup class that includes calls the method.

  • 添加了 Connected Services/AzureAD/ConnectedService.json(Visual Studio 2017)或 Service References/Azure AD/ConnectedService.json(Visual Studio 2015),其中包含 Visual Studio 用来跟踪连接服务添加的信息。Added Connected Services/AzureAD/ConnectedService.json (Visual Studio 2017) or Service References/Azure AD/ConnectedService.json (Visual Studio 2015), containing information that Visual Studio uses to track the addition of the connected service.

  • 如果选择了“读取目录数据”选项,则已将 Models/ADALTokenCache.csModels/ApplicationDbContext.cs 添加到支持令牌缓存。 If you selected the Read directory data option, added Models/ADALTokenCache.cs and Models/ApplicationDbContext.cs to support token caching. 另外添加了一个控制器和视图,以演示如何使用 Azure 图形 API Controllers/UserProfileController.csViews/UserProfile/Index.cshtmlViews/UserProfile/Relogin.cshtml 访问用户配置文件信息Also added an additional controller and view to illustrate accessing user profile information using Azure graph APIs: Controllers/UserProfileController.cs, Views/UserProfile/Index.cshtml, and Views/UserProfile/Relogin.cshtml

文件备份 (Visual Studio 2015)File backup (Visual Studio 2015)

添加连接服务时,Visual Studio 2015 备份已更改并已删除文件。When adding the connected service, Visual Studio 2015 backs up changed and removed files. 所有受影响的文件均保存在文件夹 Backup/AzureAD 中。All affected files are saved in the folder Backup/AzureAD. Visual Studio 2017 及更高版本不会创建备份。Visual Studio 2017 and later does not create backups.

  • Startup.cs
  • App_Start\IdentityConfig.cs
  • App_Start\Startup.Auth.cs
  • Controllers\AccountController.cs
  • Controllers\ManageController.cs
  • Models\IdentityModels.cs
  • Models\ManageViewModels.cs
  • Views\Shared\_LoginPartial.cshtml

对 Azure 的更改Changes on Azure

  • 在添加连接服务时选择的域中创建了 Azure AD 应用程序。Created an Azure AD Application in the domain that you selected when adding the connected service.
  • 更新了应用,以便在选择了“读取目录数据”选项时包含“读取目录数据” 权限。Updated the app to include the Read directory data permission if that option was selected.

详细了解 Azure Active DirectoryLearn more about Azure Active Directory.

后续步骤Next steps