取回以“dev”客户端证书身份验证开始的已删除应用程序

问题描述 投票:0回答:1

我们目前正在为我们的应用程序过渡到客户端证书身份验证,并从之前关于从 Microsoft Graph 检索已删除的应用程序对象的询问中获取此工作代码Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException:'指定的网络密码不是正确。'

using Azure.Identity;
using Microsoft.Graph;
using System.Security.Cryptography.X509Certificates;

var scopes = new[] { "https://graph.microsoft.com/.default" };
var clientId = "appID";
var tenantId = "tenantId";
var certificatePath = "C:/MYPATH";
var certificatePassword = "xxxxxxxx";
var clientCertificate = new X509Certificate2(certificatePath, certificatePassword);
var options = new ClientCertificateCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};

var clientCertCredential = new ClientCertificateCredential(
    tenantId, clientId, clientCertificate, options);

var graphClient = new GraphServiceClient(clientCertCredential, scopes);

var apps= await graphClient.Directory.DeletedItems.GraphApplication.GetAsync((requestConfiguration) =>
{
    requestConfiguration.QueryParameters.Count = true;
    requestConfiguration.QueryParameters.Orderby = new string[] { "deletedDateTime asc" };
    requestConfiguration.QueryParameters.Select = new string[] { "appId", "DisplayName", "deletedDateTime" };
    requestConfiguration.Headers.Add("Consistencylevel", "Eventual");
});

Console.WriteLine($"Total deleted apps: {apps.OdataCount}\n");

foreach (var app in apps.Value)
{
    Console.WriteLine($"App ID: {app.AppId}");
    Console.WriteLine($"Application Name: {app.DisplayName}");
    Console.WriteLine($"Deleted Date and Time: {app.DeletedDateTime}");

    Console.WriteLine();
}

虽然代码有效地检索已删除的应用程序对象,但我们现在有一个特定要求,即仅恢复那些名称以“dev”开头的已删除应用程序。我们尝试修改代码以通过包含过滤条件来实现此目的,但遇到了困难实施。

您能否提供有关如何集成过滤条件以根据名称以“dev”开头的应用程序有选择地恢复已删除应用程序的指导?任何帮助或见解将不胜感激。

c# azure-ad-msal client-certificates azure-authentication azure-identity
1个回答
0
投票

要恢复已删除的应用程序,您需要授予Application类型的Application.ReadWrite.All权限:

enter image description here

我在我的租户中删除了3以“dev”开头的应用程序,如下所示:

enter image description here

现在,您可以使用以下modified代码通过过滤以“dev”开头的应用程序来恢复这些已删除的应用程序:

using Azure.Identity;
using Microsoft.Graph;
using System.Security.Cryptography.X509Certificates;

var scopes = new[] { "https://graph.microsoft.com/.default" };

var clientId = "appID";
var tenantId = "tenantId";

// Load certificate from file
var certificatePath = "C:/demo/graphcert20.pfx";
var certificatePassword = "password"; // Provide the password here
var clientCertificate = new X509Certificate2(certificatePath, certificatePassword);

// using Azure.Identity;
var options = new ClientCertificateCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};

var clientCertCredential = new ClientCertificateCredential(
    tenantId, clientId, clientCertificate, options);

var graphClient = new GraphServiceClient(clientCertCredential, scopes);

var deletedApps = await graphClient.Directory.DeletedItems.GraphApplication.GetAsync((requestConfiguration) =>
{
    requestConfiguration.QueryParameters.Count = true;
    requestConfiguration.QueryParameters.Filter = "startsWith(displayName, 'dev')";
    requestConfiguration.QueryParameters.Select = new string[] { "displayName", "Id", "deletedDateTime" };
    requestConfiguration.Headers.Add("Consistencylevel", "Eventual");
});

Console.WriteLine($"Total deleted apps starting with 'dev': {deletedApps.OdataCount}\n");

foreach (var deletedApp in deletedApps.Value)
{
    var appId = deletedApp.Id;
    Console.WriteLine($"Restoring app with ID: {appId}");

    var restoreResponse = await graphClient.Directory.DeletedItems[appId].Restore.PostAsync();
    if (restoreResponse != null)
    {
        Console.WriteLine($"App with display name '{deletedApp.DisplayName}' restored successfully.\n");
    }
    else
    {
        Console.WriteLine($"Failed to restore app with ID {appId}.");
    }
}

回复:

enter image description here

为了确认,我在门户中检查了相同的内容,其中删除的以“dev”开头的应用程序已成功恢复,如下所示:

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.