Hi guys
I found out that all my scripts that use Azure App Registration and Certificate to authenticate stopped work.
I have a App registered in Entra ID with required permissions, certificate is valid. I also have administrator rights on server and global admin in Azure. .NET version is 4.7, OS level Windows Server 2022, Powershell version 5.1
The strangest thing is that when I run the script using the task scheduler it works, the script proves to be authenticated and do the job(Task run with same account like i´m connected to server)
It used to work few weeks ago. But now I´m getting following error message + adding one code example
Error
Get-msaltoken : Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different
certificate type (non-CNG) or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion.
At xxxxxxxxx - Sending email\Send email with oAuth2.ps1:17 char:14
+ $msalToken = Get-msaltoken @appRegistration -ForceRefresh
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (Microsoft.Ident...arameterBuilder:AcquireTokenForClientParameterBuilder) [Write-Error], MsalClientException
+ FullyQualifiedErrorId : GetMsalTokenFailureAuthenticationError,Get-MsalToken
Code
Import-module MSAL.PS
# acquire an access token to interact with the app
# we use a certificate from the users personal store
$appRegistration = @{
TenantId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
ClientCertificate = Get-item "Cert:\xxxx\xxx\xxxxxxxxx"
}
$msalToken = Get-msaltoken @appRegistration -ForceRefresh
# request body which contains our message
$requestBody = @{
"message" = [PSCustomObject]@{
"subject" = "OAuth Mail Sent from PowerShell via App"
"body" = [PSCustomObject]@{
"contentType" = "Text"
"content" = "Hello this is a test `n`n Cheers, `n Petr G"
}
"toRecipients" = @(
[PSCustomObject]@{
"emailAddress" = [PSCustomObject]@{
"address" = "xxxxxxxxx@xxx.xx"
}
}
)
}
"saveToSentItems" = "true"
}
# make the graph request
$request = @{
"Headers" = @{Authorization = $msalToken.CreateAuthorizationHeader() }
"Method" = "Post"
"Uri" = "https://graph.microsoft.com/v1.0/users/xxxxxxx@xxxxx.xxxx/sendMail"
"Body" = $requestBody | ConvertTo-Json -Depth 5
"ContentType" = "application/json"
}
Invoke-RestMethod @request
Does any of you have idea what´s going on?
Thanks in advance