我们正在应用程序中过渡到客户端证书身份验证,目前正在按照 https://learn.microsoft.com/en-us/graph/sdks/choose- 从 Microsoft Graph API 检索已删除的应用程序对象的计数身份验证提供程序#client-credentials-provider。这是我们迄今为止开发的代码:
var scopes = new[] { "https://graph.microsoft.com/.default" };
var clientId = "YOUR_CLIENT_ID";
var tenantId = "YOUR_TENANT_ID";
var clientCertificate = new X509Certificate2("MyCertificate.pfx");
var options = new ClientCertificateCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
var clientCertCredential = new ClientCertificateCredential(
tenantId, clientId, clientCertificate, options);
var graphClient = new GraphServiceClient(clientCertCredential, scopes);
try
{
var result = await graphClient.Directory.DeletedItems.GraphApplication.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Count = true;
requestConfiguration.QueryParameters.Orderby = new string[] { "deletedDateTime asc" };
requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "deletedDateTime" };
requestConfiguration.Headers.Add("Consistencylevel", "Eventual");
});
}
catch (Exception ex)
{
Console.WriteLine($"An error occurred: {ex.Message}");
}
但是,在尝试列出已删除的应用程序时,我们遇到以下异常:
Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException:“指定的网络密码不正确。”
我们已确保调用应用程序已被授予所需的权限,包括 Directory.Read.All 和 Application.Read.All。
您能否协助确定问题并提供解决方法的指导?任何帮助将不胜感激。
我同意@user2250152,在使用客户端证书身份验证时,您需要传递私钥以及证书路径。
就我而言,我使用以下 PowerShell 命令创建了带有私钥的证书:
$certname = "graphcert03"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:/demo/$certname.cer" ## Specify your preferred location
$mypwd = ConvertTo-SecureString -String "password" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "C:/demo/$certname.pfx" -Password $mypwd
回复:
现在,我在调用具有所需权限的应用程序注册中上传了此证书,例如Application.Read.All:
当我通过在证书中包含私钥来运行下面修改后的代码时,我得到了预期结果的响应,如下所示:
using Azure.Identity;
using Microsoft.Graph;
using System.Security.Cryptography.X509Certificates;
var scopes = new[] { "https://graph.microsoft.com/.default" };
var clientId = "appID";
var tenantId = "tenantId";
// Load certificate from file
var certificatePath = "C:/demo/graphcert03.pfx";
var certificatePassword = "password"; // Provide the password here
var clientCertificate = new X509Certificate2(certificatePath, certificatePassword);
// using Azure.Identity;
var options = new ClientCertificateCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
var clientCertCredential = new ClientCertificateCredential(
tenantId, clientId, clientCertificate, options);
var graphClient = new GraphServiceClient(clientCertCredential, scopes);
var apps= await graphClient.Directory.DeletedItems.GraphApplication.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Count = true;
requestConfiguration.QueryParameters.Orderby = new string[] { "deletedDateTime asc" };
requestConfiguration.QueryParameters.Select = new string[] { "appId", "DisplayName", "deletedDateTime" };
requestConfiguration.Headers.Add("Consistencylevel", "Eventual");
});
Console.WriteLine($"Total deleted apps: {apps.OdataCount}\n");
foreach (var app in apps.Value)
{
Console.WriteLine($"App ID: {app.AppId}");
Console.WriteLine($"Application Name: {app.DisplayName}");
Console.WriteLine($"Deleted Date and Time: {app.DeletedDateTime}");
Console.WriteLine();
}
回复:
为了确认,我在门户中检查了删除的应用程序注册总数相同,如下所示: