英文:
How to use certificate with Graph API to get Groups user belongs to
问题
有人可以向我展示如何在ASP.NET Core 7中获取当前登录用户所属的组名吗?
请注意,我正在使用证书而不是客户端秘密来访问Azure AD。我找到的大多数示例都使用客户端秘密,但没有一个示范如何使用证书来实现这一点。
英文:
Can someone show me how to get group names that currently signed in user belong to in ASP.NET Core 7 ?
Note that I'm using a certificate and not client secret to access Azure AD. Most of the examples I've come across are using client secret but none show how to do this using a certificate.
答案1
得分: 1
我使用 PowerShell 创建了一个自签名证书:
$certname = "testruk"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:/test/$certname.cer"
现在,将上面的证书导出为 .pfx 格式:
$mypwd = ConvertTo-SecureString -String "password" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "C:/test/$certname.pfx" -Password $mypwd
我创建了一个Azure AD应用程序并上传了**.cer**证书:
并授予了API权限:
为了使用证书对 Azure AD 应用程序进行身份验证,我使用了以下代码:
using Microsoft.Identity.Client;
using System.Security.Cryptography.X509Certificates;
X509Certificate2 certificate = new X509Certificate2("C:\\Users\\**\\Desktop\\testruk.pfx", "password");
string authority = "https://login.microsoftonline.com/TenantID";
string clientId = "ClientID";
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority(authority)
.WithCertificate(certificate)
.Build();
var authRequestUrl = confidentialClientApplication.GetAuthorizationRequestUrl(scopes);
string authorizationCode = "AuthorizationCodeFromRedirect";
AuthenticationResult authResult = await confidentialClientApplication.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();
Console.WriteLine("Access token: {0}", authResult.AccessToken);
成功生成访问令牌:
当我解码访问令牌时,显示了范围(scopes):
通过使用上面生成的访问令牌,您可以调用 Microsoft Graph API。
作为示例,我使用 Postman 列出了使用上面生成的访问令牌的登录用户的详细信息:
https://graph.microsoft.com/v1.0/me/memberOf
参考链接:
List a user's direct memberships - Microsoft Graph v1.0
英文:
I created an Self-Signed certificate using PowerShell:
$certname = "testruk"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:/test/$certname.cer"
Now, export the above certificate to .pfx:
$mypwd = ConvertTo-SecureString -String "password" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "C:/test/$certname.pfx" -Password $mypwd
I created an Azure AD Application and uploaded the .cer certificate:
And granted API permissions:
To authenticate to the Azure AD Application using certificate, I used the below code:
using Microsoft.Identity.Client;
using System.Security.Cryptography.X509Certificates;
X509Certificate2 certificate = new X509Certificate2("C:\\Users\\**\\Desktop\\testruk.pfx", "password");
string authority = "https://login.microsoftonline.com/TenantID";
string clientId = "ClientID"; /
string[] scopes = new string[] { "https://graph.microsoft.com/.default"};
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority(authority)
.WithCertificate(certificate)
.Build();
var authRequestUrl = confidentialClientApplication.GetAuthorizationRequestUrl(scopes);
string authorizationCode = "AuthorizationCodeFromRedirect";
AuthenticationResult authResult = await confidentialClientApplication.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();
Console.WriteLine("Access token: {0}", authResult.AccessToken);
The Access token generated successfully:
When I decoded the access token, the scopes are displayed:
By using the above access token, you can call the Microsoft Graph API.
For sample, I used Postman to list the details of signed-in user using the above generated access token:
https://graph.microsoft.com/v1.0/me/memberOf
Reference:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论