您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在 Azure Maps 中管理身份验证Manage authentication in Azure Maps

创建 Azure Maps 帐户后,将创建一个客户端 ID 和密钥以支持 Azure Active Directory (Azure AD) 身份验证和共享密钥身份验证。After you create an Azure Maps account, a client ID and keys are created to support Azure Active Directory (Azure AD) authentication and Shared Key authentication.

查看身份验证详细信息View authentication details

创建 Azure Maps 帐户后,将生成主密钥和辅助密钥。After you create an Azure Maps account, the primary and secondary keys are generated. 使用共享密钥身份验证调用 Azure Maps时,建议使用主密钥作为订阅密钥。We recommend that you use a primary key as a subscription key when you use Shared Key authentication to call Azure Maps. 你可以在某些情况下使用辅助密钥,例如滚动密钥更改。You can use a secondary key in scenarios such as rolling key changes. 有关详细信息,请参阅Azure Maps 中的身份验证For more information, see Authentication in Azure Maps.

可以在 Azure 门户中查看身份验证详细信息。You can view your authentication details in the Azure portal. 在帐户的 "设置" 菜单上,选择 "身份验证"。There, in your account, on the Settings menu, select Authentication.

身份验证详细信息Authentication details

发现类别和方案Discover category and scenario

根据应用程序的需要,有特定的路径来保护应用程序。Depending on application needs there are specific pathways to securing the application. Azure AD 定义类别以支持各种身份验证流。Azure AD defines categories to support a wide range of authentication flows. 请参阅应用程序类别,了解应用程序适合的类别。See application categories to understand which category the application fits.

备注

即使使用共享密钥身份验证,了解类别和方案也有助于保护应用程序的安全。Even if you use shared key authentication, understanding categories and scenarios helps you to secure the application.

确定身份验证和授权Determine authentication and authorization

下表概述了 Azure Maps 中常见的身份验证和授权方案。The following table outlines common authentication and authorization scenarios in Azure Maps. 该表提供了每个方案所提供的保护类型的比较。The table provides a comparison of the types of protection each scenario offers.

重要

Microsoft 建议实现 Azure Active Directory () Azure AD 针对生产应用程序使用基于角色的访问控制 (RBAC) 。Microsoft recommends implementing Azure Active Directory (Azure AD) with role-based access control (RBAC) for production applications.

场景Scenario 身份验证Authentication 授权Authorization 开发工作Development effort 运营工作量Operational effort
可信守护程序/非交互式客户端应用程序Trusted daemon / non-interactive client application 共享密钥Shared Key 空值N/A 中型Medium High
可信守护程序/非交互式客户端应用程序Trusted daemon / non-interactive client application Azure ADAzure AD High Low 中型Medium
具有交互式单一登录的 Web 单页面应用程序Web single page application with interactive single-sign-on Azure ADAzure AD High Medium Medium
具有非交互式登录的 Web 单页面应用程序Web single page application with non-interactive sign-on Azure ADAzure AD High Medium Medium
交互式单一登录的 Web 应用程序Web application with interactive single-sign-on Azure ADAzure AD High High 中等Medium
IoT 设备/输入受限制设备IoT device / input constrained device Azure ADAzure AD High Medium Medium

表中的链接可将你带到每个方案的详细配置信息。The links in the table take you to detailed configuration information for each scenario.

查看角色定义View role definitions

若要查看可用于 Azure Maps 的 Azure 角色,请访问 (IAM) 的 "访问控制"。To view Azure roles that are available for Azure Maps, go to Access control (IAM). 选择 "角色",然后搜索以Azure Maps开头的角色。Select Roles, and then search for roles that begin with Azure Maps. 这些 Azure Maps 角色是可以向其授予访问权限的角色。These Azure Maps roles are the roles that you can grant access to.

查看可用的角色View available roles

查看角色分配View role assignments

若要查看已被授予 Azure Maps RBAC 的用户和应用,请访问 (IAM) 的 "访问控制"。To view users and apps that have been granted RBAC for Azure Maps, go to Access Control (IAM). 在此处选择 "角色分配",然后按Azure Maps进行筛选。There, select Role assignments, and then filter by Azure Maps.

查看已获 RBAC 的用户和应用View users and apps that have been granted RBAC

请求用于 Azure Maps 的令牌Request tokens for Azure Maps

从 Azure AD 令牌终结点请求令牌。Request a token from the Azure AD token endpoint. 在 Azure AD 请求中,使用以下详细信息:In your Azure AD request, use the following details:

Azure 环境Azure environment Azure AD 令牌终结点Azure AD token endpoint Azure 资源 IDAzure resource ID
Azure 公有云Azure public cloud https://login.microsoftonline.com https://atlas.microsoft.com/
Azure 政府版云Azure Government cloud https://login.microsoftonline.us https://atlas.microsoft.com/

有关请求用户和服务主体 Azure AD 的访问令牌的详细信息,请参阅在方案表中Azure AD 的身份验证方案和查看特定方案。For more information about requesting access tokens from Azure AD for users and service principals, see Authentication scenarios for Azure AD and view specific scenarios in the table of Scenarios.

后续步骤Next steps

有关详细信息,请参阅Azure AD 和 Azure Maps WEB SDKFor more information, see Azure AD and Azure Maps Web SDK.

查找 Azure Maps 帐户的 API 使用情况指标:Find the API usage metrics for your Azure Maps account:

探索演示如何将 Azure AD 与 Azure Maps 集成的示例:Explore samples that show how to integrate Azure AD with Azure Maps: