Har*_*tou 5 powershell exchange-basicauth
我正在尝试查找有关如何使用 PowerShell 对 EWS 实施非交互式 Oauth2 身份验证的文档,但我可能没有使用正确的搜索词,因为我找不到任何有用的内容。我在 OAuth2 上找到的 Microsoft 文档只有 C# 文档。
那么,有谁知道如何实现这一点?
小智 5
以下博客对此有\xe2\x80\x99 的非常好的概述:\n https://ingogegenwarth.wordpress.com/2018/08/02/ews-and-oauth/#more-5139
\n\n我使用上面的博客让它在我们的 PowerShell 脚本中运行 - 经过大量的试验和错误。以下示例脚本使用在 Azure AD 中注册的应用程序的 ClientID。如果您尚未在 Azure AD 中注册应用程序,则必须先执行此操作。Web 上有各种指南可用于在 Azure AD 中注册新应用程序。为了将 EWS 与 OAuth 结合使用,您注册的应用程序必须在 Azure AD 中拥有正确的权限。对于 EWS,您有两种选择:
\n\n下面的示例使用选项 1。我尚未测试选项 2。无论您选择哪个选项,您都需要处理从 Azure AD 请求 OAuth 令牌(以下代码中的示例)并定期检查和刷新令牌(没有例子)。我还没有这样做,因为我们所有的 EWS 脚本都很简单,可以快速运行脚本,这些脚本在需要刷新令牌之前(通常在 60 分钟内)完成。如果这是您需要的,您需要向其他人寻求帮助。希望这至少可以帮助您走上正轨......
\n\n这是示例脚本(脚本的主体调用“Get-EWSOAuthToken”函数):
\n\n#Variables\n$UserPrincipalName = "Enter the UPN of your Service Account ID"\n$Password = "Password of your Service Account ID - store this securely"\n$ClientIDfromAzureAD = "Client ID of your registered application in Azure AD"\n$errRecip = "Email address of recipients to notify via email if errors occur"\n$script = "Name of script"\n$sender = "Email address of sender - normally the server name where your script runs"\n$logfile = "Path and filename to log file"\n$smtpServer = "Your SMTP server"\n\nFunction Get-EWSOAuthToken\n{\n <#\n .SYNOPSIS\n Request an OAuth EWS token from Azure AD using supplied Username and Password\n\n .DESCRIPTION\n Request an OAuth EWS token from Azure AD using supplied Username and Password\n\n .PARAMETER UserPrincipalName\n The UPN of the user that will authenticate to Azure AD to request the OAuth Token\n\n .PARAMETER Password\n The Password (SecureString) of the user that will authenticate to Azure AD to request the OAuth Token\n\n .PARAMETER ADALPath\n The full path and filename on the local file system to the ADAL (Active Directory Authentication Library) DLL. This library is installed as part of various modules such as Azure AD, Exchange Online, etc.\n\n .PARAMETER ClientId\n Identifier of the client application that is requesting the token. You must register your calling application in Azure AD. This will provide you with a ClientID and RedirectURI\n\n .PARAMETER ConnectionUri\n The URI of the Exchange Online EWS endpoint. Default URI of \'https://outlook.office365.com/EWS/Exchange.asmx\' is used\n\n .PARAMETER RedirectUri\n Address to return to upon receiving a response from the authority. You must register your calling application in Azure AD. This will provide you with a ClientID and RedirectURI\n\n .EXAMPLE\n $token = Get-EWSOAuthtokenFromCredential -UserPrincipalName "ABC123@mydomain.com" -Password $mySecurePassword -ClientId "123444454545454767687878787" -RedirectUri "https://dummyredirectdomain.com"\n $ews = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList Exchange2013_SP1 -ErrorAction Stop\n $ews.UseDefaultCredentials = $False\n $ews.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token\n #>\n\n [CmdletBinding()]\n Param\n (\n [System.String]$UserPrincipalName,\n [System.Security.SecureString]$Password,\n [System.String]$ADALPath,\n [System.String]$ClientId = "123444454545454767687878787",\n [System.Uri]$ConnectionUri = "https://outlook.office365.com/EWS/Exchange.asmx",\n [System.Uri]$RedirectUri = "https://dummyredirectdomain.com"\n )\n\n Begin\n {\n Write-Host "Starting Get-EWSOAuthTokenFromCredential function..." -ForegroundColor Yellow\n #Determine ADAL location based on Azure AD module installation path\n If([System.String]::IsNullOrEmpty($ADALPath)) \n {\n Write-Host "Attempting to locate ADAL library..." -ForegroundColor Yellow\n\n $ADALPath = (Get-InstalledModule -Name "AzureAD" -ErrorAction SilentlyContinue | Select-Object InstalledLocation).InstalledLocation\n $ADALPath = Join-Path -Path $ADALPath -ChildPath "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"\n Write-Host "Located library @ \'$ADALPath\'" -ForegroundColor Yellow\n If([System.String]::IsNullOrEmpty($ADALPath))\n {\n #Get List of installed modules and check Azure AD DLL is available\n $tmpMods = Get-Module -ListAvailable | Where-Object {$_.Name -eq "AzureAD"}\n\n If($tmpMods)\n {\n $ADALPath = Split-Path $tmpMods.Path\n $ADALPath = Join-Path -Path $ADALPath -ChildPath "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"\n Write-Host "Located library @ \'$ADALPath\'" -ForegroundColor Yellow\n }\n Else\n {\n $err = "$($myinvocation.mycommand.name) requires the ADAL Library DLL files (\'Microsoft.IdentityModel.Clients.ActiveDirectory.dll\') that are installed as part of the \'AzureAD\' module! Please install the AzureAD module from the Powershell Gallery. See: \'https://www.powershellgallery.com/packages/AzureAD\' for more information"\n Throw "$err"\n }\n }\n }\n\n #Load \'Microsoft.IdentityModel.Clients.ActiveDirectory\' DLL\n Try\n {\n Import-Module $ADALPath -DisableNameChecking -Force -ErrorAction Stop\n Write-Host "Successfully imported ADAL Library" -ForegroundColor Yellow\n }\n Catch\n {\n $err = "$($myinvocation.mycommand.name): Could not load ADAL Library DLL \'$ADALPath\'. Error: $_"\n Throw "$err"\n }\n }\n Process\n {\n try\n {\n $resource = $connectionUri.Scheme + [System.Uri]::SchemeDelimiter + $connectionUri.Host\n $azureADAuthorizationEndpointUri = "https://login.windows.net/common/oauth2/authorize/"\n $AuthContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($azureADAuthorizationEndpointUri) -ErrorAction Stop\n $AuthCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential($UserPrincipalName, $Password) -ErrorAction Stop\n Write-Host "$($myinvocation.mycommand.name): Requesting a new OAuth Token..." -ForegroundColor Yellow\n $authenticationResult = ([Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($AuthContext, $resource, $clientId, $AuthCredential))\n\n If ($authenticationResult.Status.ToString() -ne "Faulted") {\n Write-Host "$($myinvocation.mycommand.name): Successfully retrieved OAuth Token" -ForegroundColor Yellow\n }\n else {\n $err = "$($myinvocation.mycommand.name): Error occurred calling ADAL \'AcquireTokenAysnc\' : $authenticationResult.Exception.ToString()"\n Throw "$err"\n }\n }\n catch\n {\n #create object\n $returnValue = New-Object -TypeName PSObject\n\n #get all properties from last error\n $ErrorProperties =$Error[0] | Get-Member -MemberType Property\n\n #add existing properties to object\n foreach ($Property in $ErrorProperties)\n {\n if ($Property.Name -eq \'InvocationInfo\')\n {\n $returnValue | Add-Member -Type NoteProperty -Name \'InvocationInfo\' -Value $($Error[0].InvocationInfo.PositionMessage)\n }\n else\n {\n $returnValue | Add-Member -Type NoteProperty -Name $($Property.Name) -Value $($Error[0].$($Property.Name))\n }\n }\n #return object\n $returnValue\n break\n }\n }\n End\n {\n return $authenticationResult\n }\n}\n\n\n###### Main script\n\n#Ensure TLS 1.2 protocol is enabled\ntry {\n If ([Net.ServicePointManager]::SecurityProtocol -notmatch \'Tls12\') {\n [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12\n Write-Host "Enabled Tls1.2 in \'[Net.ServicePointManager]::SecurityProtocol\'" -ForegroundColor Yellow\n }\n else {\n Write-Host "Tls1.2 is enabled in \'[Net.ServicePointManager]::SecurityProtocol\'" -ForegroundColor Yellow\n }\n}\nCatch {\n $err = "An error occurred enabling TLS1.2. Error: $_"\n Write-Host "`n$err" -ForegroundColor Red\n Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body $err -From $sender -Attachment $logfile -SmtpServer $smtpServer\n Exit\n}\n\n#CHECK FOR EWS MANAGED API, IF PRESENT IMPORT THE HIGHEST VERSION EWS DLL, ELSE EXIT\n$EWSDLL = (($(Get-ItemProperty -ErrorAction SilentlyContinue -Path Registry::$(Get-ChildItem -ErrorAction SilentlyContinue -Path \'Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Exchange\\Web Services\'|Sort-Object Name -Descending | Select-Object -First 1 -ExpandProperty Name)).\'Install Directory\') + "Microsoft.Exchange.WebServices.dll")\nIf (Test-Path $EWSDLL)\n{\n Try\n {\n Import-Module $EWSDLL -DisableNameChecking -ErrorAction Stop\n }\n Catch \n {\n $err = "An error occurred importing the Exchange Web Services DLL \'$EWSDLL\'. Error: $_"\n Write-Host "`n$err" -ForegroundColor Red\n Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body $err -From $sender -Attachment $logfile -SmtpServer $smtpServer\n Exit\n }\n}\nElse\n{\n $err = "This script requires the EWS Managed API 1.2 or later. Please download and install the current version of the EWS Managed API from http://go.microsoft.com/fwlink/?LinkId=255472"\n Write-Host "`n$err" -ForegroundColor Red\n Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body $err -From $sender -Attachment $logfile -SmtpServer $smtpServer\n Exit\n}\n\n\n#Create EWS Object\n$ews = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList "Exchange2013_SP1" -ErrorAction Stop\n\n#Authenticate EWS using OAuth\nTry {\n $ews.UseDefaultCredentials = $False\n Write-Host "Requesting EWS OAuth Token using registered Client ID" -ForegroundColor Yellow\n\n $OAuthResult = Get-EWSOAuthToken -UserPrincipalName $UserPrincipalName -Password $Password -ClientId "$ClientIDfromAzureAD" -ErrorAction Stop\n $token = $OAuthResult.Result.AccessToken\n\n#Check if we successfully retrieved an Oauth Token\nIf ([System.String]::IsNullOrEmpty($token))\n {\n $err = "Get-EWSOAuthtoken returned an empty Auth Token. Aborted. Latest error details:`n$_error $($OAuthResult.Exception)"\n Write-Host "`n$err" -ForegroundColor Red\n $OAuthResult | Format-List -Force\n $OAuthResult.Result | Format-List -Force\n Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body "$err" -From $sender -Attachment $logfile -SmtpServer $smtpServer\n Exit\n }\n else\n {\n $OAuthchk = $true\n $ews.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token\n Write-Host "Set EWS credentials to OAuth token" -ForegroundColor Yellow\n }\n }\nCatch\n{\n $err = "An error occurred creating a new EWS object. Error:`n $_"\n write-host "`n$err" -ForegroundColor Red\n Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body "$err" -From $sender -Attachment $logfile -SmtpServer $smtpServer\n Exit\n}\n\n# Do your processing using EWS\n....\n| 归档时间: |
|
| 查看次数: |
7543 次 |
| 最近记录: |