客户端密钥过期警报 [英] Alert on Client Secret Key Expiry

问题描述

我在Azure AD Tenant中注册了许多应用程序，其中许多应用程序已发布了1或2年的客户端密钥.有没有办法在到期之前得到警报，因为过期的密钥会导致中断.

I have many applications registered in Azure AD Tenant and many of these are having client secret keys issued for 1 or 2 years. Is there a way to get an alert before the expiry as expired keys will cause an outage.

推荐答案

我们还可以查询application以获取密钥的结束日期.这是通过Azure Graph客户端使用客户端凭据流的代码示例，供您参考.并且请确保您已授予该应用对该API的Directory.Read.All权限，以使用客户端凭据流.

We can also query the application to get the end-date of secret key. Here is a code sample using client credentials flow via the Azure Graph client for your reference. And please ensure that you have grant the app with Directory.Read.All permission to this API for using client credentials flow.

var graphResourceId = "https://graph.windows.net";
var appId= "";
var appObjectId = "";
var secret = "";
var clientCredential = new ClientCredential(appId,secret);
var tenantId = "xxx.onmicrosoft.com";
AuthenticationContext authContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
var accessToken = authContext.AcquireTokenAsync(graphResourceId, clientCredential).Result.AccessToken;

Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);

ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));

var app = activeDirectoryClient.Applications.GetByObjectId(appObjectId).ExecuteAsync().Result;

foreach (var passwordCredential in app.PasswordCredentials)
{
    Console.WriteLine($"KeyID:{passwordCredential.KeyId}\r\nEndDate:{passwordCredential.EndDate}\r\n");
}

这篇关于客户端密钥过期警报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！