Uwaga
Dostęp do tej strony wymaga autoryzacji. Może spróbować zalogować się lub zmienić katalogi.
Dostęp do tej strony wymaga autoryzacji. Możesz spróbować zmienić katalogi.
Note
This feature is available from MSAL 4.3.2 onward
Microsoft Entra ID is capable of issuing SSH certificates instead of bearer tokens. These are not the same as SSH public keys. Currently this is available as an extension method on AcquireTokenSilent and AcquireTokenInteractive.
var result = await pca
.AcquireTokenSilent(s_scopes, account)
.WithSSHCertificateAuthenticationScheme(jwk, "keyID1")
.ExecuteAsync();
Paramters:
jwk- The public SSH key in JWK format as described at https://tools.ietf.org/html/rfc7517 . Currently only RSA with a minimum key size of 2048 bytes is supported.keyID- Any string that distinguishes between keys (usually hash of the key, but format is not important)
Example creating a JWK
private string CreateJwk()
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048);
RSAParameters rsaKeyInfo = rsa.ExportParameters(false);
// Algorithm behind Base64UrlHelpers.Encode is described here https://www.rfc-editor.org/rfc/rfc7515.html#appendix-C
string modulus = Base64UrlHelpers.Encode(rsaKeyInfo.Modulus);
string exp = Base64UrlHelpers.Encode(rsaKeyInfo.Exponent);
string jwk = $"{{\"kty\":\"RSA\", \"n\":\"{modulus}\", \"e\":\"{exp}\"}}";
return jwk;
}