$ loading_
指导完成 Microsoft Entra ID 应用注册、OAuth 配置与 MSAL 接入。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "entra-app-registration" 技能: 1. 下载 https://raw.githubusercontent.com/microsoft/GitHub-Copilot-for-Azure/main/plugin/skills/entra-app-registration/SKILL.md 2. 保存为 ~/.claude/skills/entra-app-registration/SKILL.md 3. 装好后重载技能,告诉我可以用了
请指导我在 Microsoft Entra ID 中创建一个新的应用注册,用于内部 Web 应用登录。请说明重定向 URI、支持的账户类型,以及创建后需要记录哪些关键信息。
分步骤的应用注册流程,包括配置项说明和需要保存的客户端与租户信息。
我需要让应用调用 Microsoft Graph 读取用户基本信息。请告诉我该添加哪些 API 权限、委托权限和应用权限的区别,以及管理员同意应如何处理。
清晰的权限配置建议,包含权限类型区别、推荐项和管理员同意说明。
请给我一个使用 MSAL 的 C# 控制台应用示例,实现用户登录并获取访问令牌来调用 Microsoft Graph。请列出依赖包、关键配置项和示例代码结构。
可参考的 MSAL 控制台示例方案,含依赖、配置说明和主要代码框架。
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service. App registrations allow applications to authenticate users and access Azure resources securely.
| Concept | Description |
|---|---|
| App Registration | Configuration that allows an app to use Microsoft identity platform |
| Application (Client) ID | Unique identifier for your application |
| Tenant ID | Unique identifier for your Azure AD tenant/directory |
| Client Secret | Password for the application (confidential clients only) |
| Redirect URI | URL where authentication responses are sent |
| API Permissions | Access scopes your app requests |
| Service Principal | Identity created in your tenant when you register an app |
| Type | Use Case |
|---|---|
| Web Application | Server-side apps, APIs |
| Single Page App (SPA) | JavaScript/React/Angular apps |
| Mobile/Native App | Desktop, mobile apps |
| Daemon/Service | Background services, APIs |
Create an app registration in the Azure portal or using Azure CLI.
Portal Method:
CLI Method: See references/cli-commands.md IaC Method: See references/BICEP-EXAMPLE.bicep
It's highly recommended to use the IaC to manage Entra app registration if you already use IaC in your project, need a scalable solution for managing lots of app registrations or need fine-grained audit history of the configuration changes.
Set up authentication settings based on your application type.
http://localhost or custom URI schemeGrant your application permission to access Microsoft APIs or your own APIs.
Common Microsoft Graph Permissions:
User.Read - Read user profileUser.ReadWrite.All - Read and write all usersDirectory.Read.All - Read directory dataMail.Send - Send mail as a userDetails: See references/api-permissions.md
For confidential client applications (web apps, services), create a client secret, certificate or federated identity credential.
Client Secret:
Certificate: For production environments, use certificates instead of secrets for enhanced security. Upload certificate via "Certificates & secrets" section.
Federated Identity Credential: For dynamically authenticating the confidential client to Entra platform.
Integrate the OAuth flow into your application code.
See:
Walk user through their first app registration step-by-step.
Required Information:
Script: See references/first-app-registration.md
…
分析并精简 Markdown 内容,降低 token 消耗并提升 AI 处理效率。
帮助用户为 Power Pages 站点配置登录认证、权限控制与身份提供商接入。