我的 WebAPI 项目(Visual Studio Azure Active Directory 连接服务)发生了什么情况What happened to my WebAPI project (Visual Studio Azure Active Directory connected service)

本文介绍添加使用 Visual Studio 的 Azure Active Directory 连接服务时,对 ASP.NET WebAPI、ASP.NET 单页应用程序和 ASP.NET Azure API 项目所做的具体更改。This article identifies the exact changes made to ASP.NET WebAPI, ASP.NET Single-Page Application, and ASP.NET Azure API projects when adding the Azure Active Directory connected service using Visual Studio. 也适用于 Visual Studio 2015 中的 ASP.NET Azure 移动服务项目。Also applies to the ASP.NET Azure Mobile Service projects in Visual Studio 2015.

有关使用连接服务的信息,请参阅入门For information on working with the connected service, see Getting Started.

添加的引用Added references

影响项目文件 *.NET 引用和 packages.config(NuGet 引用)。Affects the project file *.NET references) and packages.config (NuGet references).

类型Type 参考Reference
.NET; NuGet.NET; NuGet Microsoft.OwinMicrosoft.Owin
.NET; NuGet.NET; NuGet Microsoft.Owin.Host.SystemWebMicrosoft.Owin.Host.SystemWeb
.NET; NuGet.NET; NuGet Microsoft.Owin.SecurityMicrosoft.Owin.Security
.NET; NuGet.NET; NuGet Microsoft.Owin.Security.ActiveDirectoryMicrosoft.Owin.Security.ActiveDirectory
.NET; NuGet.NET; NuGet Microsoft.Owin.Security.JwtMicrosoft.Owin.Security.Jwt
.NET; NuGet.NET; NuGet Microsoft.Owin.Security.OAuthMicrosoft.Owin.Security.OAuth
.NET; NuGet.NET; NuGet OwinOwin
.NET; NuGet.NET; NuGet System.IdentityModel.Tokens.JwtSystem.IdentityModel.Tokens.Jwt

选择了“读取目录数据”选项时的其他引用:Additional references if you selected the Read directory data option:

类型Type 参考Reference
.NET; NuGet.NET; NuGet EntityFrameworkEntityFramework
.NET.NET EntityFramework.SqlServer(仅限 Visual Studio 2015)EntityFramework.SqlServer (Visual Studio 2015 only)
.NET; NuGet.NET; NuGet Microsoft.Azure.ActiveDirectory.GraphClientMicrosoft.Azure.ActiveDirectory.GraphClient
.NET; NuGet.NET; NuGet Microsoft.Data.EdmMicrosoft.Data.Edm
.NET; NuGet.NET; NuGet Microsoft.Data.ODataMicrosoft.Data.OData
.NET; NuGet.NET; NuGet Microsoft.Data.Services.ClientMicrosoft.Data.Services.Client
.NET; NuGet.NET; NuGet Microsoft.IdentityModel.Clients.ActiveDirectoryMicrosoft.IdentityModel.Clients.ActiveDirectory
.NET.NET Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsFormsMicrosoft.IdentityModel.Clients.ActiveDirectory.WindowsForms
(仅限 Visual Studio 2015)(Visual Studio 2015 only)
.NET; NuGet.NET; NuGet System.SpatialSystem.Spatial

删除了以下引用(仅限 ASP.NET 4 项目,如 Visual Studio 2015 中所示):The following references are removed (ASP.NET 4 projects only, as in Visual Studio 2015):

类型Type 参考Reference
.NET; NuGet.NET; NuGet Microsoft.AspNet.Identity.CoreMicrosoft.AspNet.Identity.Core
.NET; NuGet.NET; NuGet Microsoft.AspNet.Identity.EntityFrameworkMicrosoft.AspNet.Identity.EntityFramework
.NET; NuGet.NET; NuGet Microsoft.AspNet.Identity.OwinMicrosoft.AspNet.Identity.Owin

项目文件更改Project file changes

  • 将属性 IISExpressSSLPort 设置为不同的数字。Set the property IISExpressSSLPort to a distinct number.
  • 将属性 WebProject_DirectoryAccessLevelKey 设置为 0 或 1(如果选择了“读取目录数据”选项)。Set the property WebProject_DirectoryAccessLevelKey to 0, or 1 if you selected the Read directory data option.
  • 将属性 IISUrl 设置为 https://localhost:<port>/,其中 <port> 匹配 IISExpressSSLPort 值。Set the property IISUrl to https://localhost:<port>/ where <port> matches the IISExpressSSLPort value.

web.config 或 app.config 发生更改web.config or app.config changes

  • 添加了以下配置条目:Added the following configuration entries:

    <appSettings>
        <add key="ida:ClientId" value="<ClientId from the new Azure AD app>" />
        <add key="ida:Tenant" value="<your selected Azure domain>" />
        <add key="ida:Audience" value="<your selected domain + / + project name>" />
    </appSettings>
    
  • 仅限 Visual Studio 2017:还在 <appSettings> 下添加了以下条目Visual Studio 2017 only: Also added the following entry under <appSettings>"

    <add key="ida:MetadataAddress" value="<domain URL + /federationmetadata/2007-06/federationmetadata.xml>" />
    
  • System.IdentityModel.Tokens.Jwt<runtime><assemblyBinding> 节点下添加了 <dependentAssembly> 元素。Added <dependentAssembly> elements under the <runtime><assemblyBinding> node for System.IdentityModel.Tokens.Jwt.

  • 如果选择了“读取目录数据”选项,在 <appSettings> 下添加了以下配置条目:If you selected the Read directory data option, added the following configuration entry under <appSettings>:

    <add key="ida:Password" value="<Your Azure AD app's new password>" />
    

代码更改和添加Code changes and additions

  • Controllers/ValueController.cs 和任何其他现有控制器添加了 [Authorize] 属性。Added the [Authorize] attribute to Controllers/ValueController.cs and any other existing controllers.

  • 添加了身份验证启动类 App_Start/Startup.Auth.cs(其中包含 Azure AD 身份验证的启动逻辑)或相应地对其进行了修改。Added an authentication startup class, App_Start/Startup.Auth.cs, containing startup logic for Azure AD authentication, or modified it accordingly. 如果选择了“读取目录数据”选项,则此文件还包含用于接收 OAuth 代码以及用 OAuth 代码交换访问令牌的代码。If you selected the Read directory data option, this file also contains code to receive an OAuth code and exchange it for an access token.

  • (仅限带 ASP.NET 4 应用的 Visual Studio 2015)删除了 App_Start/IdentityConfig.cs,并添加了 Controllers/AccountController.csModels/IdentityModel.csProviders/ApplicationAuthProvider.cs(Visual Studio 2015 with ASP.NET 4 app only) Removed App_Start/IdentityConfig.cs and added Controllers/AccountController.cs, Models/IdentityModel.cs, and Providers/ApplicationAuthProvider.cs.

  • 添加了 Connected Services/AzureAD/ConnectedService.json(Visual Studio 2017)或 Service References/Azure AD/ConnectedService.json(Visual Studio 2015),其中包含 Visual Studio 用来跟踪连接服务添加的信息。Added Connected Services/AzureAD/ConnectedService.json (Visual Studio 2017) or Service References/Azure AD/ConnectedService.json (Visual Studio 2015), containing information that Visual Studio uses to track the addition of the connected service.

文件备份 (Visual Studio 2015)File backup (Visual Studio 2015)

添加连接服务时,Visual Studio 2015 备份已更改并已删除文件。When adding the connected service, Visual Studio 2015 backs up changed and removed files. 所有受影响的文件均保存在文件夹 Backup/AzureAD 中。All affected files are saved in the folder Backup/AzureAD. Visual Studio 2017 不会创建备份。Visual Studio 2017 does not create backups.

  • Startup.cs
  • App_Start\IdentityConfig.cs
  • App_Start\Startup.Auth.cs
  • Controllers\AccountController.cs
  • Controllers\ManageController.cs
  • Models\IdentityModels.cs
  • Models\ApplicationOAuthProvider.cs

对 Azure 的更改Changes on Azure

  • 在添加连接服务时选择的域中创建了 Azure AD 应用程序。Created an Azure AD Application in the domain that you selected when adding the connected service.
  • 更新了应用,以便在选择了“读取目录数据”选项时包含“读取目录数据”权限。Updated the app to include the Read directory data permission if that option was selected.

详细了解 Azure Active DirectoryLearn more about Azure Active Directory.

后续步骤Next steps