调用 GetAzureADAppOnlyAuthenticatedContext 时无法加载文件或程序集“Microsoft.IdentityModel.Clients.ActiveDirectory”

Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory when calling GetAzureADAppOnlyAuthenticatedContext

我正在使用证书在函数应用程序 (V1) 中获取 ClientContext 这是代码:

ClientContext newClientContext;
            try
            {
                newClientContext = new AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext(SiteUrl, appId, tenant, certificate);
                newClientContext.ExecuteQuery();
                return newClientContext;
            }
            catch (Exception ex)
            {
                newClientContext = null;
                if (_logHelper != null)
                {
                    _logHelper.writeLog("GetAzureADContextError:"+ex.Message, TraceLevel.Error, ex);
                }
                return null;
            }

我的包裹是:

在本地visual studio环境下运行良好,但部署到应用服务后获取失败信息

Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.29.0.1078, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

关于错误,您的 Azure 函数中的 SDK SharePointPnPCoreOnline requests Microsoft.IdentityModel.Clients.ActiveDirectory 2.29.0.1078, but the sdk Microsoft.Azure.Services.AppAuthentication needs Microsoft.IdentityModel.Clients.ActiveDirectory version higher than 3.14.2. According to the situation, I suggest you use key vault reference。在我们这样做之后,我们可以删除 sdk Microsoft.Azure.Services.AppAuthentication 并将 sdk Microsoft.IdentityModel.Clients.ActiveDirectory 降级到版本 2.29。

详细步骤如下。

  1. Configure MSI for Azure Function

  2. 为 Azure Function 应用程序标识创建一个 access policy in Key Vault

  3. 获取证书url

  1. 将 url 保存在 Azure function Application settings 中。它的甲酸盐应该像 @Microsoft.KeyVault(SecretUri=<your url>)

  1. 删除 SDK Microsoft.Azure.Services.AppAuthentication 并降级 SDK Microsoft.IdentityModel.Clients.ActiveDirectory
  2. 更新代码
 var s = Environment.GetEnvironmentVariable("cert");



            var cert = new X509Certificate2(Convert.FromBase64String(s),
                     (string)null,
                     X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
            try
            {
                using (var cc = new OfficeDevPnP.Core.AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext(
                        SiteUrl, appId, tenant,
                        cert))
                {
                    cc.Load(cc.Web, p => p.Title);
                    cc.ExecuteQuery();
                    log.Info("Via PnP, we have site: " + cc.Web.Title);
                };
            }
            catch (Exception ex) {



                log.Info(ex.Message);
            }