在 PowerApps 中将 Azure Active Directory 用于自定义连接器Use Azure Active Directory with a custom connector in PowerApps

可以通过 Azure 资源管理器 (ARM) 在 Azure 上管理解决方案的组件,例如数据库、虚拟机和 Web 应用。Azure Resource Manager (ARM) enables you to manage the components of a solution on Azure - components like databases, virtual machines, and web apps. 本教程介绍了如何启用 Azure Active Directory 身份验证,将一个 ARM API 注册为自定义连接器,然后在 PowerApps 中连接它。This tutorial demonstrates how to enable authentication in Azure Active Directory, register one of the ARM APIs as a custom connector, then connect to it in PowerApps. 如果要直接在应用中管理 Azure 资源,这就十分有用。This would be useful if you want to manage Azure resources directly from an app. 有关 ARM 的详细信息,请参阅 Azure 资源管理器概述For more information about ARM, see Azure Resource Manager Overview.

必备组件Prerequisites

在 Azure Active Directory 中启用身份验证Enable authentication in Azure Active Directory

首先,我们需要创建一个 Azure Active Directory (AAD) 应用,用于在调用 ARM API 终结点时执行身份验证。First, we need to create an Azure Active Directory (AAD) application that will perform the authentication when calling the ARM API endpoint.

  1. 登录 Azure 门户Sign in to the Azure portal. 如果有多个 Azure Active Directory 租户,请查看右上角的用户名,以确保登录的是正确目录。If you have more than one Azure Active Directory tenant, make sure you're logged into the correct directory by looking at your username in the upper-right corner.

    用户名

  2. 单击左侧菜单上的“更多服务”。On the left-hand menu, click More services. 在“筛选器”文本框中,键入“Azure Active Directory”,然后单击“Azure Active Directory”。In the Filter textbox, type Azure Active Directory, and then click Azure Active Directory.

    Azure Active Directory

    此时,“Azure Active Directory”边栏选项卡会打开。The Azure Active Directory blade opens.

  3. 在“Azure Active Directory”边栏选项卡上的菜单中,单击“应用注册”。In the menu on the Azure Active Directory blade, click App registrations.

    应用注册

  4. 在已注册应用的列表中,单击“添加”。In the list of registered applications, click Add.

    “添加”按钮

  5. 键入应用名称,保持选择“Web 应用/API”不变,然后键入 https://login.windows.net 作为“登录 URL”。Type a name for your application, leave Web app / API selected, and then for Sign-on URL type https://login.windows.net. 单击“创建”。Click Create.

    新建应用的窗体

  6. 单击列表中的新应用。Click the new application in the list.

    列表中的新应用

    此时,“已注册应用”边栏选项卡会打开。The Registered app blade opens. 记下“应用 ID”。Make a note of the Application ID. 稍后将需要使用。We'll need it later.

  7. “设置”边栏选项卡应该也会打开。The Settings blade should have opened, as well. 如果没有,请单击“设置”按钮。If it didn't, click the Settings button.

    “设置”按钮

  8. 单击“设置”边栏选项卡中的“答复 URL”。In the Settings blade, click Reply URLs. 在 URL 列表中,添加 https://msmanaged-na.consent.azure-apim.net/redirect,然后单击“保存”。In the list of URLs, add https://msmanaged-na.consent.azure-apim.net/redirect and click Save.

    答复 URL

  9. 返回到“设置”边栏选项卡,然后单击“所需权限”。Back on the Settings blade, click Required permissions. 单击“所需权限”边栏选项卡中的“添加”。On the Required permissions blade, click Add.

    所需权限

    此时,“添加 API 访问权限”边栏选项卡会打开。The Add API access blade opens.

  10. 单击“选择 API”。Click Select an API. 在打开的边栏选项卡中,依次单击“Azure 服务管理 API”选项和“选择”。In the blade that opens, click the option for the Azure Service Management API and click Select.

    选择 API

  11. 单击“选择权限”。Click Select permissions. 在“委托的权限”下,依次单击“以组织用户的身份访问 Azure 服务管理”和“选择”。Under Delegated permissions, click Access Azure Service Management as organization users, and then click Select.

    委托的权限

  12. 单击“添加 API 访问权限”边栏选项卡中的“完成”。On the Add API access blade, click Done.
  13. 返回到“设置”边栏选项卡,单击“密钥”。Back on the Settings blade, click Keys. 在“密钥”边栏选项卡中,键入密钥说明,选择一个有效期,然后单击“保存”。In the Keys blade, type a description for your key, select an expiration period, and then click Save. 此时,新密钥会显示。Your new key will be displayed. 记下密钥值,因为我们稍后还需要使用。Make note of the key value, as we will need that later, too. 现在可以关闭 Azure 门户了。You may now close the Azure portal.

    创建密钥

在 PowerApps 中添加连接Add the connection in PowerApps

至此,我们已配置 AAD 应用,让我们来添加自定义连接器。Now that the AAD application is configured, let's add the custom connector.

  1. powerapps.com 的左侧菜单中,单击“连接”。In powerapps.com, in the left menu, select Connections. 依次选择省略号(“...”)和右上角的“管理自定义连接器”。Select the ellipsis (...), then select Manage custom connectors in the upper right corner.

    提示:如果在移动浏览器中找不到自定义连接器的管理位置,可能是位于左上角的菜单下方。Tip: If you can't find where to manage custom connectors in a mobile browser, it might be under a menu in the upper left corner.

    创建自定义连接器

  2. 选择“创建自定义连接器”。Select Create custom connector.

    自定义连接器属性

  3. 键入连接的名称,然后上载“示例 ARM OpenAPI 文件”Type a name for your connection, and then upload the sample ARM OpenAPI file. 单击“继续”。Click Continue.

    连接新的 API 终结点

  4. 在下一个屏幕上,由于 OpenAPI 文件使用我们的 AAD 应用进行身份验证,因此我们需要为 PowerApps 提供一些有关我们应用的信息。On the next screen, because the OpenAPI file uses our AAD application for authentication, we need to give PowerApps some information about our application. 在“客户端 ID”下,键入之前记下的 AAD 应用 IDUnder Client id, type the AAD Application ID you noted earlier. 在“客户端密码”下,键入密钥For client secret, use the key. 最后,在“资源 URL”下,键入“https://management.core.windows.net/”。And finally, for Resource URL, type https://management.core.windows.net/.

    重要说明:请务必原封不动地键入之前记下的资源 URL,其中包括尾部反斜杠。Important: Be sure to include the Resource URL exactly as written above, including the trailing slash.

    OAuth 设置

  5. 现在,自定义连接器已注册,可以在 PowerApps 或 Microsoft Flow 中使用了。Your custom connector is now registered and can be consumed within PowerApps or Microsoft Flow.

    添加的自定义连接器

    注意:示例 OpenAPI 未定义全套的 ARM 操作,目前只包含“列出所有订阅”操作。Note: The sample OpenAPI does not define the full set of ARM operations and currently only contains the List all subscriptions operation. 可以使用联机 OpenAPI 编辑器编辑此 OpenAPI 文件或创建另一个 OpenAPI 文件。You can edit this OpenAPI file or create another OpenAPI file using the online OpenAPI editor. 此过程可用于访问任何使用 AAD 进行身份验证的 RESTful API。This process can be used to access any RESTful API authenticated using AAD.

后续步骤Next steps

若要详细了解如何创建应用,请参阅在数据的基础之上创建应用For more detailed information about how to create an app, see Create an app from data.

若要详细了解如何在应用中使用流,请参阅在应用中启动流For more detailed information about how to use a flow in an app, see Start a flow in an app.

若要就自定义连接器进行提问或发表评论,请加入我们的社区To ask questions or make comments about custom connectors, join our community.