这是从 Microsoft Learn 中提取的代码片段 (https://learn.microsoft.com/en-us/mem/intune/developer/data-warehouse-app-only-auth-)
似乎 AuthenticationContext、ClientCredential 和 SecureClientSecret 的行已被贬值。例如:“ClientCredential”已过时:“请使用 ConfidentialClientApplicationBuilder.WithCertificate 或 WithClientSecret 代替。我无法使此代码片段正常工作。
using System.Security;
using System.Configuration;
using Microsoft.Identity.Client;
class IntuneDataWarehouse
{
public static void Main()
{
Console.WriteLine("Intune Datawarehouse Start");
var applicationId = ConfigurationManager.AppSettings["appId"].ToString();
SecureString applicationSecret = ConvertToSecureStr(ConfigurationManager.AppSettings["appKey"].ToString()); // Load as SecureString from configuration file or secret store (i.e. Azure KeyVault)
var tenantDomain = ConfigurationManager.AppSettings["tenantDomain"].ToString();
var msalContext = new AuthenticationContext($"https://login.windows.net/" + tenantDomain + "/oauth2/token");
AuthenticationResult authResult = msalContext.AcquireTokenAsync(
resource: "https://api.manage.microsoft.com/",
clientCredential: new ClientCredential(
applicationId,
new SecureClientSecret(applicationSecret))).Result;
Console.WriteLine("End of run");
}
有人研究过类似的代码吗?
Microsoft.IdentityModel.Clients.ActiveDirectory
Microsoft.Identity.Client(MSAL)和
ConfidentialClientApplicationBuilder,这是为应用程序获取令牌的推荐方式。该方法支持客户端密钥和证书进行身份验证。
与这个示例或这个(获取令牌)类似,您的代码将是:
using Microsoft.Identity.Client;
using System;
using System.Configuration;
using System.Threading.Tasks;
class IntuneDataWarehouse
{
public static async Task Main()
{
Console.WriteLine("Intune Datawarehouse Start");
// Configuration parameters
var applicationId = ConfigurationManager.AppSettings["appId"];
var applicationSecret = ConfigurationManager.AppSettings["appKey"];
var tenantId = ConfigurationManager.AppSettings["tenantId"]; // Make sure your configuration has tenantId
var authority = $"https://login.microsoftonline.com/{tenantId}";
var scope = new string[] { "https://api.manage.microsoft.com/.default" }; // Using /.default for app permissions
// Build the MSAL client
var confidentialClient = ConfidentialClientApplicationBuilder.Create(applicationId)
.WithClientSecret(applicationSecret)
.WithAuthority(new Uri(authority))
.Build();
// Acquire token
var authResult = await confidentialClient.AcquireTokenForClient(scope).ExecuteAsync();
Console.WriteLine("Token acquired: " + authResult.AccessToken);
Console.WriteLine("End of run");
}
}
请记住在 Azure AD 中更新应用程序的注册,以包含 Microsoft Intune 的权限,并授予管理员对这些权限的同意。权威URL改为
https://login.microsoftonline.com/{tenantId}
,这是推荐的格式。 对于仅应用程序身份验证,范围使用
https://api.manage.microsoft.com/.default定义。该范围指示应用程序正在请求直接在应用程序的 Azure 门户中定义的权限。
Main方法是异步的 (
async Task),以正确等待对
AcquireTokenForClient的异步调用。