我需要做什么,以取代PnP,核心,服务与CSOM为我们的Azure功能使用,net 6.0

vlju58qv  于 2023-02-09  发布在  其他
关注(0)|答案(2)|浏览(152)
    • bounty将在4天后过期**。回答此问题可获得+500声望奖励。john Gu希望引起更多人关注此问题。

我有一个Azure函数,它使用PnP.Core.Services与SharePoint交互以创建列表项。Azure函数基于. net版本6.0。
我有这个startup.cs:-

using Microsoft.Azure.Functions.Extensions.DependencyInjection;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using PnP.Core.Auth;
using System.Security.Cryptography.X509Certificates;

[assembly: FunctionsStartup(typeof(FunctionApp2.Startup))]
namespace FunctionApp2
{
    class Startup : FunctionsStartup
    {
        public override void Configure(IFunctionsHostBuilder builder)
        {

            var config = builder.GetContext().Configuration;
            var azureFunctionSettings = new AzureFunctionSettings();
            config.Bind(azureFunctionSettings);
            builder.Services.AddPnPCore(options =>
            {
                options.DisableTelemetry = true;
                var authProvider = new X509CertificateAuthenticationProvider(azureFunctionSettings.ClientId,
                    azureFunctionSettings.TenantId,
                    StoreName.My,
                    StoreLocation.CurrentUser,
                    azureFunctionSettings.CertificateThumbprint);
                options.DefaultAuthenticationProvider = authProvider;

                options.Sites.Add("Default", new PnP.Core.Services.Builder.Configuration.PnPCoreSiteOptions

                {
                    SiteUrl = azureFunctionSettings.SiteUrl,
                    AuthenticationProvider = authProvider

                });

            });

        }

    }
}

和这个Function1.cs:-

using System;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Host;
using Microsoft.Extensions.Logging;
using PnP.Core.Services;
using PnP.Core.Model.SharePoint;
using System.Collections.Generic;

namespace FunctionApp2
{
    public class Function1

    {
        private readonly IPnPContextFactory pnpContextFactory;
        public Function1(IPnPContextFactory pnpContextFactory)
        {
            this.pnpContextFactory = pnpContextFactory;

        }
        [FunctionName("Function1")]
        public void Run([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer, ILogger log)
        {
            log.LogInformation($"C# Timer trigger function executed at: {DateTime.Now}");

            using (var context = pnpContextFactory.Create("Default"))
            {
                var myList = context.Web.Lists.GetByTitle("SubFolders");
                Dictionary<string, object> values = new Dictionary<string, object>
    {
        { "Title", System.DateTime.Now }
    };

                // Use the AddBatch method to add the request to the current batch
                myList.Items.AddBatch(values);
                context.Execute();
            }
        }
    }
}

和这个AzureFunctionSettings.cs:-

using System;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Text;

namespace FunctionApp2
{
    internal class AzureFunctionSettings
    {
        public string SiteUrl { get; set; }
        public string TenantId { get; set; }
        public string ClientId { get; set; }
        public StoreName CertificateStoreName { get; set; }
        public StoreLocation CertificateStoreLocation { get; set; }
        public string CertificateThumbprint { get; set; }

    }
}

现在我正在和一个客户一起工作,他们不允许我们使用任何开源技术,比如PnP。2那么我需要做什么来用CSOM代码替换我上面的PnP代码呢?3有没有一个CSOM代码用于. net 6?
谢谢

cnjp1d6j

cnjp1d6j1#

您可以使用Microsoft.Identity.Client代替PnP。我自己从未使用过证书流,但类似以下的东西应该可以工作:

using Microsoft.Identity.Client;
  using Microsoft.SharePoint.Client;
  
  // ...
  // step 1: Acquire bearer token
  X509Certificate2 certificate = LoadCertificate(StoreName.My, StoreLocation.CurrentUser,azureFunctionSettings.CertificateThumbprint);

  IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create("your_client_id")
            .WithCertificate(certificate)
            .WithAuthority(new Uri("https://login.microsoftonline.com/your_tenant_id/"))
            .Build();

  AuthenticationResult result = await app.AcquireTokenForClient(new[] { $"https://yourSharePoint.sharepoint.com/.default" }).ExecuteAsync();

  // step 2: Use bearer token with Microsoft.SharePoint.Client.ClientContext to access Sharepoint

  ClientContext ctx = new ClientContext("https://yourSharePoint.sharepoint.com/");
        
  ctx.ExecutingWebRequest += (s, e) =>
  {
     e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + result.AccessToken;
  };

  //do your thing with ctx.Web.Lists etc.

用于从存储区加载证书的代码,如PnP source

public static X509Certificate2 LoadCertificate(StoreName storeName, StoreLocation storeLocation, string thumbprint)
    {
        // The following code gets the cert from the keystore
        X509Store store = new X509Store(storeName, storeLocation);
        store.Open(OpenFlags.ReadOnly);

        X509Certificate2Collection certCollection =
                store.Certificates.Find(X509FindType.FindByThumbprint,
                thumbprint, false);

        X509Certificate2Enumerator enumerator = certCollection.GetEnumerator();

        X509Certificate2 cert = null;

        while (enumerator.MoveNext())
        {
            cert = enumerator.Current;
        }

        return cert;
    }
flseospp

flseospp2#

如果你要使用CSOM并使用证书进行身份验证,则需要将证书与Azure中的应用程序关联。我假设你已生成证书,并且你的应用程序已在Azure门户中注册。
在Azure门户中打开你的应用,然后单击Manage -> Certificates & secrets

在选项卡Certificates上,单击Upload certificate并从cer文件上传证书。

现在,您需要在Azure门户中创建新的Key vaults资源

记住Key vault资源

Vault URI
单击Objects -> Certificates,然后单击Generate/Import按钮从pfx文件导入证书。记住证书的名称。

在代码中,您需要添加Azure.IdentityAzure.Security.KeyVault.CertificateMicrosoft.Identity.Client nuget包。
创建CertificateClient以从Key vault下载证书并在ConfidentialClientApplicationBuilder中使用该证书。

var certClient = new CertificateClient(new 
Uri("https://<your_vault_uri>.vault.azure.net/"), new DefaultAzureCredential());

// download the certificate based on the name
var cert = certClient.DownloadCertificate("MyTestCertificate");

// use the certificate in ConfidentialClientApplicationBuilder

var confClientApp = ConfidentialClientApplicationBuilder.Create("<client_id>")
            .WithCertificate(cert)
            .WithAuthority(new Uri("https://login.microsoftonline.com/<tenant_id>/v2.0/"))
            .Build();

AuthenticationResult result = await confClientApp.AcquireTokenForClient(new[] { $"https://<tenant_name>.sharepoint.com/.default" })
               .ExecuteAsync();
var token = result.AccessToken;

// use the token to authenticate the request from CSOM 
var context = new ClientContext(new Uri("<your_web_url>");
    
context.ExecutingWebRequest += (s, e) =>
{
   e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + token;
};

// your code
...

你可能需要了解有关DefaultAzureCredentail的详细信息,才能将其配置为在生产中使用。DefaultAzureCredential尝试不同的凭据类型。对于开发,你可以为应用选择一个帐户,以便在Visual Studio -> Tools -> Options -> Azure Service Authentication中进行身份验证和访问Azure资源。

相关问题