我有一份备注登记,其中我确定了MS图表预报系统许可。 在地方发展方面,我已开发了一个功能,从用户秘密收集到用户登记证书,如:
private GraphServiceClient GetGraphClientWithManagedIdentityOrDevClient()
{
if (_graphServiceClient != null)
return _graphServiceClient;
string[] scopes = new[] { "https://graph.microsoft.com/.default" };
var chainedTokenCredential = GetChainedTokenCredentials();
_graphServiceClient = new GraphServiceClient(chainedTokenCredential, scopes);
return _graphServiceClient;
}
private ChainedTokenCredential GetChainedTokenCredentials()
{
if (_environment.IsDevelopment())
{
var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID");
var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
var clientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
// https://docs.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var devClientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret, options);
var chainedTokenCredential = new ChainedTokenCredential(devClientSecretCredential);
return chainedTokenCredential;
}
else
{
return new ChainedTokenCredential(new ManagedIdentityCredential());
}
}
However I have deployed my ASP.NET Core Web API to an app service in Azure portal. When I run the API when deployed, it does not allow me to send an email similar to my local code so I am confident it is a permissions issue. My app service is set to managed identity. However I am not sure how to actually get my application in the app service to connect to the app registration in azure so the API can use the user and permissions to send the email.
