Pra*_*rya 6 .net active-directory adal asp.net-core asp.net-core-1.0
我有一个ASP.NET核心应用程序,我正在尝试使用证书从AAD获取访问令牌.我正在使用Microsoft.IdentityModel.Clients.ActiveDirectory版本3.13.5.907的程序集.但似乎ClientAssertionCertificate该类已从此程序集中删除.界面IClientAssertionCertificate是可用的,但我找不到任何正在实现它的类.
在ASP.NET 4.5中,我曾使用以下代码使用证书从AAD获取访问令牌(Microsoft.IdentityModel.Clients.ActiveDirectory程序集版本为3.13.4.878)
var clientCredential = new ClientAssertionCertificate(_appId, _thumbprint);
var authenticationContext = new AuthenticationContext(authority, false);
var result = await authenticationContext.AcquireTokenAsync(resource, clientCredential);
这个类是否已在ASP.NET Core中折旧或者我遗漏了什么?
我今天遇到了同样的问题; 事实证明,编写自己的IClientAssertionCertificate具体实现非常容易
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace app{
internal class ClientAssertionCertificate : IClientAssertionCertificate {
private X509Certificate2 certificate;
public string ClientId { get; private set; }
public string Thumbprint {
get {
return Base64UrlEncoder.Encode(certificate.GetCertHash());
}
}
public ClientAssertionCertificate(string clientId, X509Certificate2 certificate) {
ClientId = clientId;
this.certificate = certificate;
}
public byte[] Sign(string message) {
using (var key = certificate.GetRSAPrivateKey()) {
return key.SignData(Encoding.UTF8.GetBytes(message), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
}
}
}
除了引用包Microsoft.IdentityModel.Clients.ActiveDirectory之外,您还需要添加包Microsoft.IdentityModel.Tokens(用于Base64UrlEncoder)
资料来源:https://blog.mastykarz.nl/azure-ad-app-only-access-token-using-certificate-dotnet-core/
| 归档时间: |
|
| 查看次数: |
1901 次 |
| 最近记录: |