如何使用函数应用程序更新 Sharepoint 在线网站集
How to update share point online site collections using funtion app
我正在使用 azure 函数开发一些关于创建网站的功能 collections.My 步骤如下:
- 使用管理员创建网站集(通过客户端 ID 和客户端密码)
- 获取新的 URl 客户端上下文以更新一些信息,例如组成员站点所有者等
我现在面临一个问题,首先我使用帐户和密码获取新的客户端上下文,然后更新站点 属性 但现在无法使用它,因为新的公司政策。
我怎样才能改进这个方法来解决这个问题?
public ClientContext GetClientContextByCredential(SharePointOnlineCredentials cred, bool tryNewSite)
{
ClientContext ctx = ContextInit;
try
{
ctx.Credentials = cred;
Web web = ctx.Web;
ctx.Load(web, w => w.Url);
ctx.ExecuteQuery();
return ctx;
}
catch (Exception ex)
{
ctx = null;
if (_logHelper != null)
{
if (tryNewSite)
{
_logHelper.writeLog(ex.Message, TraceLevel.Info, ex);
}
else
_logHelper.writeLog(ex.Message, TraceLevel.Error, ex);
}
return ctx;
}
}
使用时会出现这样的错误SharePointOnlineCredentials
The remote server returned an error: (401) Unauthorized.
如果您想使用Azure AD应用程序在线连接SharePoint,请参考以下步骤
- 创建 Azure AD 应用程序
Connect-AzureAD
# Create the self signed cert if you have the cert, please skip it
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwd = "<password>"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName com.foo.bar -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my$thumb" -FilePath c:\temp\examplecert.pfx -Password $pwd
# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\examplecert.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
# Create the Azure Active Directory Application
$application = New-AzureADApplication -DisplayName "test123" -IdentifierUris "https://test123"
New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "Test123" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue
通过 Azure 门户配置权限
将证书上传到 Azure 密钥保管库
$Password = ConvertTo-SecureString -String "123" -AsPlainText -Force
Import-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "ImportCert01" -FilePath "C:\temp\examplecert.pfx" -Password $Password
配置 Azure 函数
一个。 Configure MSI for function app
b。在 Key Vault 中为您之前创建的应用程序标识创建一个 access policy。启用此策略的 "Get" 秘密权限。
c。代码
public ClientContext GetClientContextByCredential()
{
ClientContext ctx = ContextInit;
try
{
ctx = new AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext(
siteUrl,
ApplicationId,
tenant + ".onmicrosoft.com",
GetKeyVaultCertificate("kv-spo", "AzureAutomationSPOAccess")))
{
ctx .Load(cc.Web, p => p.Title);
ctx .ExecuteQuery();
return ctx;
}
catch (Exception ex)
{
ctx = null;
if (_logHelper != null)
{
if (tryNewSite)
{
_logHelper.writeLog(ex.Message, TraceLevel.Info, ex);
}
else
_logHelper.writeLog(ex.Message, TraceLevel.Error, ex);
}
return ctx;
}
}
internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name)
{
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name);
// Returning the certificate
return new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
}
详情请参考
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
我正在使用 azure 函数开发一些关于创建网站的功能 collections.My 步骤如下:
- 使用管理员创建网站集(通过客户端 ID 和客户端密码)
- 获取新的 URl 客户端上下文以更新一些信息,例如组成员站点所有者等
我现在面临一个问题,首先我使用帐户和密码获取新的客户端上下文,然后更新站点 属性 但现在无法使用它,因为新的公司政策。 我怎样才能改进这个方法来解决这个问题?
public ClientContext GetClientContextByCredential(SharePointOnlineCredentials cred, bool tryNewSite)
{
ClientContext ctx = ContextInit;
try
{
ctx.Credentials = cred;
Web web = ctx.Web;
ctx.Load(web, w => w.Url);
ctx.ExecuteQuery();
return ctx;
}
catch (Exception ex)
{
ctx = null;
if (_logHelper != null)
{
if (tryNewSite)
{
_logHelper.writeLog(ex.Message, TraceLevel.Info, ex);
}
else
_logHelper.writeLog(ex.Message, TraceLevel.Error, ex);
}
return ctx;
}
}
使用时会出现这样的错误SharePointOnlineCredentials
The remote server returned an error: (401) Unauthorized.
如果您想使用Azure AD应用程序在线连接SharePoint,请参考以下步骤
- 创建 Azure AD 应用程序
Connect-AzureAD
# Create the self signed cert if you have the cert, please skip it
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwd = "<password>"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName com.foo.bar -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my$thumb" -FilePath c:\temp\examplecert.pfx -Password $pwd
# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\examplecert.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
# Create the Azure Active Directory Application
$application = New-AzureADApplication -DisplayName "test123" -IdentifierUris "https://test123"
New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "Test123" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue
通过 Azure 门户配置权限
将证书上传到 Azure 密钥保管库
$Password = ConvertTo-SecureString -String "123" -AsPlainText -Force
Import-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "ImportCert01" -FilePath "C:\temp\examplecert.pfx" -Password $Password
配置 Azure 函数
一个。 Configure MSI for function app
b。在 Key Vault 中为您之前创建的应用程序标识创建一个 access policy。启用此策略的 "Get" 秘密权限。
c。代码
public ClientContext GetClientContextByCredential() { ClientContext ctx = ContextInit; try { ctx = new AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext( siteUrl, ApplicationId, tenant + ".onmicrosoft.com", GetKeyVaultCertificate("kv-spo", "AzureAutomationSPOAccess"))) { ctx .Load(cc.Web, p => p.Title); ctx .ExecuteQuery(); return ctx; } catch (Exception ex) { ctx = null; if (_logHelper != null) { if (tryNewSite) { _logHelper.writeLog(ex.Message, TraceLevel.Info, ex); } else _logHelper.writeLog(ex.Message, TraceLevel.Error, ex); } return ctx; } } internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name) { var serviceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback)); // Getting the certificate var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name); // Returning the certificate return new X509Certificate2(Convert.FromBase64String(secret.Result.Value)); }
详情请参考
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread