Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException:“指定的网络密码不正确。”

问题描述 投票:0回答:1

我们正在应用程序中过渡到客户端证书身份验证,目前正在按照 https://learn.microsoft.com/en-us/graph/sdks/choose- 从 Microsoft Graph API 检索已删除的应用程序对象的计数身份验证提供程序#client-credentials-provider。这是我们迄今为止开发的代码:

var scopes = new[] { "https://graph.microsoft.com/.default" };
var clientId = "YOUR_CLIENT_ID";
var tenantId = "YOUR_TENANT_ID";
var clientCertificate = new X509Certificate2("MyCertificate.pfx");
var options = new ClientCertificateCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
var clientCertCredential = new ClientCertificateCredential(
    tenantId, clientId, clientCertificate, options);

var graphClient = new GraphServiceClient(clientCertCredential, scopes);

try
{
    var result = await graphClient.Directory.DeletedItems.GraphApplication.GetAsync((requestConfiguration) =>
    {
        requestConfiguration.QueryParameters.Count = true;
        requestConfiguration.QueryParameters.Orderby = new string[] { "deletedDateTime asc" };
        requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "deletedDateTime" };
        requestConfiguration.Headers.Add("Consistencylevel", "Eventual");
    });
}
catch (Exception ex)
{
    Console.WriteLine($"An error occurred: {ex.Message}");
}

但是,在尝试列出已删除的应用程序时,我们遇到以下异常:

Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException:“指定的网络密码不正确。”

我们已确保调用应用程序已被授予所需的权限,包括 Directory.Read.All 和 Application.Read.All。

您能否协助确定问题并提供解决方法的指导?任何帮助将不胜感激。

c# microsoft-graph-api azure-ad-msal client-certificates azure-authentication
1个回答
0
投票

我同意@user2250152,在使用客户端证书身份验证时,您需要传递私钥以及证书路径。

就我而言,我使用以下 PowerShell 命令创建了带有私钥的证书:

$certname = "graphcert03"    
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:/demo/$certname.cer"   ## Specify your preferred location

$mypwd = ConvertTo-SecureString -String "password" -Force -AsPlainText 
Export-PfxCertificate -Cert $cert -FilePath "C:/demo/$certname.pfx" -Password $mypwd

回复:

enter image description here

现在,我在调用具有所需权限的应用程序注册中上传了此证书,例如Application.Read.All

enter image description here

当我通过在证书中包含私钥来运行下面修改后的代码时,我得到了预期结果的响应,如下所示:

using Azure.Identity;
using Microsoft.Graph;
using System.Security.Cryptography.X509Certificates;

var scopes = new[] { "https://graph.microsoft.com/.default" };

var clientId = "appID";
var tenantId = "tenantId";

// Load certificate from file
var certificatePath = "C:/demo/graphcert03.pfx";
var certificatePassword = "password"; // Provide the password here
var clientCertificate = new X509Certificate2(certificatePath, certificatePassword);

// using Azure.Identity;
var options = new ClientCertificateCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};

var clientCertCredential = new ClientCertificateCredential(
    tenantId, clientId, clientCertificate, options);

var graphClient = new GraphServiceClient(clientCertCredential, scopes);

var apps= await graphClient.Directory.DeletedItems.GraphApplication.GetAsync((requestConfiguration) =>
{
    requestConfiguration.QueryParameters.Count = true;
    requestConfiguration.QueryParameters.Orderby = new string[] { "deletedDateTime asc" };
    requestConfiguration.QueryParameters.Select = new string[] { "appId", "DisplayName", "deletedDateTime" };
    requestConfiguration.Headers.Add("Consistencylevel", "Eventual");
});

Console.WriteLine($"Total deleted apps: {apps.OdataCount}\n");

foreach (var app in apps.Value)
{
    Console.WriteLine($"App ID: {app.AppId}");
    Console.WriteLine($"Application Name: {app.DisplayName}");
    Console.WriteLine($"Deleted Date and Time: {app.DeletedDateTime}");

    Console.WriteLine();
}

回复:

enter image description here

为了确认,我在门户中检查了删除的应用程序注册总数相同,如下所示:

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.