如何为 EWS 托管 API 身份验证启用 CBA

问题描述 投票:0回答:1

Microsoft 在 EWS 库中提供了一个名为 ClientCertificateCredentials 的类。任何人开始使用它到底需要什么?例如,是否需要任何 Exchange 服务器端配置才能为 EWS 启用 CBA?另外,为了验证用户身份,传递给 ExchangeService 对象的证书应该是什么?应该只是证书的公钥还是同时包含证书的公钥和私钥?无法找到任何使用 EWS 托管 API 的 CBA 示例

exchange-server exchangewebservices x509certificate2
1个回答
0
投票

我在这里使用了示例代码:https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using -oauth

var cca = ConfidentialClientApplicationBuilder
    .Create(AppId)
    .WithTenantId(TenantId)
    .WithCertificate(certificate)
    .Build();
var authResult = cca.AcquireTokenForClient(scopes)
    .ExecuteAsync()
    .Result
    .AccessToken;

您可以通过指纹获取证书:

    X509Certificate2 GetLocalCertificateByThumbprint(string thumbprint)
    {
        X509Certificate2 cert = null;
        using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
        {
            store.Open(OpenFlags.ReadOnly);
            var certCollection = store.Certificates;
            var currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
            var signingCert = currentCerts.Find(X509FindType.FindByThumbprint, thumbprint, false);
            cert = signingCert
                .OfType<X509Certificate2>()
                .OrderByDescending(c => c.NotBefore)
                .FirstOrDefault();
        }

        return cert;
    }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.