Microsoft 在 EWS 库中提供了一个名为 ClientCertificateCredentials 的类。任何人开始使用它到底需要什么?例如,是否需要任何 Exchange 服务器端配置才能为 EWS 启用 CBA?另外,为了验证用户身份,传递给 ExchangeService 对象的证书应该是什么?应该只是证书的公钥还是同时包含证书的公钥和私钥?无法找到任何使用 EWS 托管 API 的 CBA 示例
var cca = ConfidentialClientApplicationBuilder
.Create(AppId)
.WithTenantId(TenantId)
.WithCertificate(certificate)
.Build();
var authResult = cca.AcquireTokenForClient(scopes)
.ExecuteAsync()
.Result
.AccessToken;
您可以通过指纹获取证书:
X509Certificate2 GetLocalCertificateByThumbprint(string thumbprint)
{
X509Certificate2 cert = null;
using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
var signingCert = currentCerts.Find(X509FindType.FindByThumbprint, thumbprint, false);
cert = signingCert
.OfType<X509Certificate2>()
.OrderByDescending(c => c.NotBefore)
.FirstOrDefault();
}
return cert;
}