【问题标题】:Get secret key expiration from graph API从图形 API 获取密钥过期
【发布时间】:2021-11-01 09:26:18
【问题描述】:

我正在尝试阅读所有应用注册机密,以了解是否有任何即将过期。我可以获取应用注册但找不到任何秘密信息:

   var scopes = new string[] { "https://graph.microsoft.com/.default" };

    // Configure the MSAL client as a confidential client
    var confidentialClient = ConfidentialClientApplicationBuilder
        .Create(clientId)
        .WithAuthority($"https://login.microsoftonline.com/xxx-e95b-4ad0-a4fb-xxx/v2.0")
        .WithClientSecret(secret)
        .Build();

    // Build the Microsoft Graph client. As the authentication provider, set an async lambda
    // which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
    // and inserts this access token in the Authorization header of each API request. 
    GraphServiceClient graphServiceClient =
        new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
    .AcquireTokenForClient(scopes)
    .ExecuteAsync();

// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
    new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
        })
        );

    var users = await graphServiceClient.Applications.Request().GetAsync();

    var app = users.Where(p => p.DisplayName == "MDMIntegrations").First();

    while (users.Count > 0)
    {
        if (users.NextPageRequest != null)
        {
            users = await users.NextPageRequest
                .GetAsync();
        }
        else
        {
            return;
        }
    }

这是我从调试器中得到的。使用 Microsoft.Graph 客户端 SDK 是否无法获取此信息?

【问题讨论】:

    标签: c# microsoft-graph-api microsoft-graph-sdks


    【解决方案1】:

    这是一个如何执行此类查询的示例:

    var now = DateTime.UtcNow;
    var apps = await client
        .Applications
        .Request()
        .Select(x => new
        {
            x.Id,
            x.DisplayName,
            x.PasswordCredentials,
        })
        .GetAsync();
    
    var results = new List<Application>();
    var pages = PageIterator<Application>.CreatePageIterator(
        client,
        apps,
        x =>
        {
            if (x.PasswordCredentials.Any(y => y.EndDateTime <= now))
            {
                results.Add(x);
            }
            return true;
        }
    );
    
    while (pages.State != PagingState.Complete)
    {
        await pages.IterateAsync();
    }
    

    很遗憾,您无法为 PasswordCredentials 定义过滤器,因为您无法过滤复杂类型,因此您需要在客户端执行此操作。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2017-04-19
      • 2021-07-26
      • 2016-09-23
      • 1970-01-01
      相关资源
      最近更新 更多