有没有办法验证 azure 应用凭据?
Is there a way to validate azure app credentials?
鉴于我从 Azure 应用程序注册中获得了以下信息:
应用程序(客户端)ID,
客户机密,
目录(租户)ID,
对象 ID
有没有办法以编程方式检查它是有效的凭据(比如使用 curl 等而不是 powershell)?
如果您打算检查客户端机密有效性甚至是该应用程序的属性,请检查以下 c# 代码是否可以解决。我们可以尝试查询应用程序并查看机密的到期日期。请授予应用 Directory.Read.All ,Application.Read.All 对此 API 使用客户端凭据流的权限。
var graphResourceId = "https://graph.microsoft.com";
var applicationId= "";
var ObjectId = "";
var clientsecret = "";
var clientCredential = new ClientCredential(applicationId,secret);
var tenantId = "xxx.onmicrosoft.com";
AuthenticationContext authContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
//get accesstoken
var accessToken = authContext.AcquireTokenAsync(graphResourceId, clientCredential).Result.AccessToken;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
var app = activeDirectoryClient.Applications.GetByObjectId(appObjectId).ExecuteAsync().Result;
foreach (var passwordCredential in app.PasswordCredentials)
{
Console.WriteLine($"KeyID:{passwordCredential.KeyId}\r\nEndDate:{passwordCredential.EndDate}\r\n");
}
如果需要,您甚至可以使用 curl this way and validate using post man or by checking token in https://jwt.io 请求令牌。
参考:check client secret expiry using C#
鉴于我从 Azure 应用程序注册中获得了以下信息:
应用程序(客户端)ID, 客户机密, 目录(租户)ID, 对象 ID
有没有办法以编程方式检查它是有效的凭据(比如使用 curl 等而不是 powershell)?
如果您打算检查客户端机密有效性甚至是该应用程序的属性,请检查以下 c# 代码是否可以解决。我们可以尝试查询应用程序并查看机密的到期日期。请授予应用 Directory.Read.All ,Application.Read.All 对此 API 使用客户端凭据流的权限。
var graphResourceId = "https://graph.microsoft.com";
var applicationId= "";
var ObjectId = "";
var clientsecret = "";
var clientCredential = new ClientCredential(applicationId,secret);
var tenantId = "xxx.onmicrosoft.com";
AuthenticationContext authContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
//get accesstoken
var accessToken = authContext.AcquireTokenAsync(graphResourceId, clientCredential).Result.AccessToken;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
var app = activeDirectoryClient.Applications.GetByObjectId(appObjectId).ExecuteAsync().Result;
foreach (var passwordCredential in app.PasswordCredentials)
{
Console.WriteLine($"KeyID:{passwordCredential.KeyId}\r\nEndDate:{passwordCredential.EndDate}\r\n");
}
如果需要,您甚至可以使用 curl this way and validate using post man or by checking token in https://jwt.io 请求令牌。
参考:check client secret expiry using C#