Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Adds a key credential to a application

NotificationsYou must be signed in to change notification settings

blackadi/GraphAPI_addKey_API_SP

Repository files navigation

For this demo we will useaddKey API forapplication, but the code can be changed to useservice principal instead.

This sample provides the ability to either call theaddKey API usinggraph SDK ordirectly calling the graph API.More info here

Running the sample

Step 1: Clone this repository

From your shell or command line:

git clone https://github.com/blackadi/GraphAPI_addKey_API_SP.git

Step 2: Register the sample with your Azure Active Directory tenant

  1. Navigate to the Microsoft identity platform for developersApp registrations page.

  2. SelectNew registration.

    • In theName section, enter a meaningful application name that will be displayed to users of the app.
    • In theSupported account types section, selectAccounts in this organizational directory only ({tenant name}).
    • ClickRegister button at the bottom to create the application.

  3. On the applicationOverview page, find theApplication (client) ID andDirectory (tenant) ID values and record it for later. You'll need it to configure the configuration file(s) later in your code.

  4. From theCertificates & secrets page, in theCertificates section, chooseUpload certificate:

    • Select the certificate file you want to upload. It must be one of the following file types:.cer, .pem, .crt.

      Please be advised that this certificate will be utilized for authentication purposes with Microsoft Entra ID in place of client secrets.

    • SelectAdd.

  5. In the Application menu blade, click on theAPI permissions in the left to open the page where we add access to the Apis that your application needs.

    • Click theAdd a permission button and then,
    • Ensure that theMicrosoft APIs tab is selected
    • In theCommonly used Microsoft APIs section, click onMicrosoft Graph
    • In theApplication permissions section, ensure that the right permissions are checked:Application.ReadWrite.OwnedBy
    • Select theAdd permissions button at the bottom.

  6. At this stage, the permissions are assigned correctly but since the client app does not allow users to interact, the user's themselves cannot consent to these permissions.To get around this problem, we'd let thetenant administrator consent on behalf of all users in the tenant.Click theGrant admin consent for {tenant} button, and then selectYes when you are asked if you want to grant consent for the requested permissions for all account in the tenant.You need to be the tenant admin to be able to carry out this operation.

Step 3: Create a private key and certificate

  • You can follow the instructionhere, upload a valid certificate as it's needed when calling addKey API.

    Applications without any existing valid certificates (either no certificates have been added or all certificates have expired) will not be able to utilize this code sample. Instead, you can use the Update application operation via theGraph API to modify thekeyCredentials property, or you can upload your valid certificates through the Azure portal as detailedhere.

Finally, go back to the Azure portal. In the Application menu blade, click on theCertificates & secrets, in theCertificates section, upload the certificate you created.

Step 4: Configure the sample app to use your app registration

Open the project in your IDE (like Visual Studio) to configure the code.

In the steps below, "ClientID" is the same as "Application ID" or "AppId".

  1. Open theappsettings.json file
  2. Find the app keyClientId and replace the existing value with the application ID (clientId) value you recorded earlier from the Azure portal.
  3. Find the app keyTenantId and replace the existing value with the directory (tenant) ID value you recorded earlier from the Azure portal.
  4. Find the app keyObjectId and replace the existing value with your app registration (Object ID) value which can be found from the Azure portal.
  5. Find the app keyAud_ClientAssertion and replace{YOUR_TENANT_ID_HERE} with the directory (tenant) ID value you recorded earlier from the Azure portal.
  6. Find the app keyCertificateDiskPath and replace the existing value with your exising self-signed certificate, for more info seethis.
  7. Find the app keyCertificatePassword and replace the existing value with your exising self-signed certificate password, for more info seethis.
  8. Find the app keyNewCertificateDiskPath and replace the existing value with your new self-signed certificate, for more info seethis.
  9. Find the app keyNewCertificatePassword and replace the existing value with your new self-signed certificate password, for more info seethis.

Step 5: Run the sample

Clean the solution, rebuild the solution, and run it.

    dotnet run

About this sample

  • The code will generateclient_assertion first, then will getaccess_token usingclient credentials flow

  • aproof of possession token will be generated and this JWT token must be signed using the private key of the application existing valid certificates.

  • Extract thekey value of the new certificate which will be uploaded viaaddKey API request body.

  • Finally, call the API.

⚠️ The certificates used in this sample are for testing purposes only.

Releases

No releases published

Packages

No packages published
[8]ページ先頭
©2009-2025 Movatter.jp