如何将应用服务应用程序配置为使用 Microsoft 帐户登录How to configure your App Service application to use Microsoft Account login

本主题说明如何将 Azure 应用服务配置为使用 Microsoft 帐户作为身份验证提供程序。This topic shows you how to configure Azure App Service to use Microsoft Account as an authentication provider.

将应用注册到 Microsoft 帐户 Register your app with Microsoft Account

  1. 登录到 Azure 门户,并导航到应用程序。Sign in to the Azure portal, and navigate to your application.
  1. 导航到应用注册,并使用 Microsoft 帐户登录(如果要求)。Navigate to App registrations, and sign in with your Microsoft account, if requested.

  2. 单击“新建注册” ,然后键入应用程序名称。Click New registration, then type an application name.

  3. 重定向 URI 中,选择 Web,然后键入 https://<app-domain-name>/.auth/login/microsoftaccount/callback supply the endpoint for your applicationIn Redirect URIs, select Web, and then type https://<app-domain-name>/.auth/login/microsoftaccount/callback supply the endpoint for your application. 将“<app-domain-name>” 替换为应用的域名。Replace <app-domain-name> with the domain name of your app. 例如,https://contoso.chinacloudsites.cn/.auth/login/microsoftaccount/callbackFor example, https://contoso.chinacloudsites.cn/.auth/login/microsoftaccount/callback.

    Note

    在 URL 中使用 HTTPS 方案。Use the HTTPS scheme in the URL.

  4. 选择“注册” 。select Register.

  5. 复制应用程序(客户端) IDCopy the Application (Client) ID. 稍后需要用到此信息。You need it later.

  6. 从新应用注册的左侧导航栏中,选择“证书和机密” > “新建客户端密码” 。From the left navigation of the new app registration, select Certificates & secrets > New client secret. 提供说明,选择有效期,然后选择“添加” 。Supply a description, select the validity duration, and select Add.

  7. 复制“证书和机密” 页中显示的值。Copy the value that appears in the Certificates & secrets page. 关闭页面后,就不再显示该值。Once you leave the page, it will not be displayed again.

    Important

    密码是一个非常重要的安全凭据。The password is an important security credential. 请不要与任何人共享密码或者在客户端应用程序中分发它。Do not share the password with anyone or distribute it within a client application.

将 Microsoft 帐户信息添加到应用服务应用程序 Add Microsoft Account information to your App Service application

  1. Azure 门户中,导航到应用程序。In the Azure portal, navigate to your application. 在左侧导航栏中,单击“身份验证/授权” 。From the left navigation, click Authentication / Authorization.

  2. 如果“身份验证/授权”功能未启用,请选择“打开” 。If the Authentication / Authorization feature is not enabled, select On.

  3. 在“身份验证提供程序”下,选择“Microsoft 帐户” 。Under Authentication Providers, select Microsoft Account. 粘贴先前获得的“应用程序(客户端) ID”和“客户端密码”,并可选择启用应用程序所需的任何范围。Paste in the Application (client) ID and client secret that you obtained earlier, and optionally enable any scopes your application requires. Then click OK.

    默认情况下,应用服务提供身份验证但不限制对站点内容和 API 的已授权访问。By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. 必须在应用代码中为用户授权。You must authorize users in your app code.

  4. (可选)若要限制只有 Microsoft 帐户用户可以访问,请将“请求未经身份验证时需执行的操作” 设置为“使用 Microsoft 帐户登录” 。(Optional) To restrict access to Microsoft account users, set Action to take when request is not authenticated to Log in with Microsoft Account. 这会要求对所有请求进行身份验证,所有未经身份验证的请求将重定向到 Microsoft 帐户进行身份验证。This requires that all requests be authenticated, and all unauthenticated requests are redirected to Microsoft account for authentication.

    Caution

    以这种方式限制访问适用于对应用的所有调用,对于想要主页公开可用的应用程序来说,这可能是不可取的,就像在许多单页应用程序中一样。Restricting access in this way applies to all calls to your app, which may not be desirable for apps wanting a publicly available home page, as in many single-page applications. 对于此类应用程序,“允许匿名请求(无操作)” 可能是首选,应用本身手动启动登录,如此处所述。For such applications, Allow anonymous requests (no action) may be preferred, with the app manually starting login itself, as described here.

  5. 单击“保存” 。Click Save.

现在,可以使用 Microsoft 帐户在应用中进行身份验证。You are now ready to use Microsoft Account for authentication in your app.