gpt4 book ai didi

Powershell、EWS、OAuth2 和自动化

转载 作者:行者123 更新时间:2023-12-02 23:07:31 26 4
gpt4 key购买 nike

我正在尝试查找有关如何使用 PowerShell 对 EWS 实现非交互式 Oauth2 身份验证的文档,但我可能没有使用正确的搜索词,因为我找不到任何有用的信息。我可以在 OAuth2 上找到的 Microsoft 文档只有 C# 文档。

那么,有谁知道如何实现这一点?

  • 没有用户输入,应该与可以作为脚本输入提供的输入一起使用
  • 应该在 PowerShell 中,而不是 C#
  • 细节!细节!不是“现在生成登录 token ”,而是生成该 token 的实际代码。
  • 最佳答案

    在以下博客中有一个非常好的概述:
    https://ingogegenwarth.wordpress.com/2018/08/02/ews-and-oauth/#more-5139

    我使用上面的博客让它在我们的 PowerShell 脚本中工作 - 经过大量试验和错误。以下示例脚本使用在 Azure AD 中注册的应用程序的 ClientID。如果尚未在 Azure AD 中注册应用程序,则必须先执行此操作。 Web 上有各种指南可用于在 Azure AD 中注册新应用程序。为了通过 OAuth 使用 EWS,您注册的应用程序必须在 Azure AD 中具有正确的权限。 EWS 有两种选择:

  • 使用委派权限并在 Azure AD 中请求“EWS.AccessAsUser.All”API 权限 - 旧 API |交流 |委派权限 | EWS.AccessAsUser.All(通过 Exchange Web 服务作为登录用户访问邮箱)。此权限为您的注册应用程序提供与登录用户相同的 Exchange 邮箱访问权限。如果您使用此权限,则任何服务或用户帐户首次使用您的应用程序的 ClientID 访问 Exchange Online 时,相关帐户必须通过交互式弹出通知批准 ClientID。因此,在以自动方式使用此脚本之前,您必须使用已注册应用程序的 ClientID 以交互方式访问 Exchange Online Service 并批准授权弹出窗口。执行此操作的最简单方法是使用 Microsoft 免费的“EWS 编辑器”应用程序登录邮箱并指定您的应用程序的 ClientID。一旦您的应用程序的 ClientID 获得批准,您的脚本就可以全自动运行,无需任何交互。
  • 使用应用程序权限并在 Azure AD 中请求“full_access_as_app”API 权限 - 旧 API |交流 |委派权限 | EWS.AccessAsUser.All(通过 Exchange Web 服务作为登录用户访问邮箱)。此权限允许您注册的应用程序通过 Exchange Web 服务完全访问所有邮箱,而无需登录用户。这种类型的权限使应用程序可以完全访问 Exchange Online 服务中的任何邮箱,并且必须由提供“管理员同意”的 Azure AD 全局管理员批准。然后,您的脚本将使用注册的 Azure AD 应用程序客户端 ID(实际上是用户名)和客户端 key (实际上是密码)对 Exchange Online 进行身份验证。

  • 下面的示例使用选项 1。我没有测试选项 2。无论您选择哪个选项,您都需要处理从 Azure AD 请求 OAuth token (以下代码中的示例)并定期检查和刷新 token (没有例子)。我还没有这样做,因为我们所有的 EWS 脚本都很简单,可以快速运行在 token 需要刷新之前完成的脚本(通常在 60 分钟内)。如果这是您需要的东西,您将需要向其他人寻求帮助。希望这至少可以帮助您走上正轨......

    这是示例脚本(脚本的主体调用“Get-EWSOAuthToken”函数):
    #Variables
    $UserPrincipalName = "Enter the UPN of your Service Account ID"
    $Password = "Password of your Service Account ID - store this securely"
    $ClientIDfromAzureAD = "Client ID of your registered application in Azure AD"
    $errRecip = "Email address of recipients to notify via email if errors occur"
    $script = "Name of script"
    $sender = "Email address of sender - normally the server name where your script runs"
    $logfile = "Path and filename to log file"
    $smtpServer = "Your SMTP server"

    Function Get-EWSOAuthToken
    {
    <#
    .SYNOPSIS
    Request an OAuth EWS token from Azure AD using supplied Username and Password

    .DESCRIPTION
    Request an OAuth EWS token from Azure AD using supplied Username and Password

    .PARAMETER UserPrincipalName
    The UPN of the user that will authenticate to Azure AD to request the OAuth Token

    .PARAMETER Password
    The Password (SecureString) of the user that will authenticate to Azure AD to request the OAuth Token

    .PARAMETER ADALPath
    The full path and filename on the local file system to the ADAL (Active Directory Authentication Library) DLL. This library is installed as part of various modules such as Azure AD, Exchange Online, etc.

    .PARAMETER ClientId
    Identifier of the client application that is requesting the token. You must register your calling application in Azure AD. This will provide you with a ClientID and RedirectURI

    .PARAMETER ConnectionUri
    The URI of the Exchange Online EWS endpoint. Default URI of 'https://outlook.office365.com/EWS/Exchange.asmx' is used

    .PARAMETER RedirectUri
    Address to return to upon receiving a response from the authority. You must register your calling application in Azure AD. This will provide you with a ClientID and RedirectURI

    .EXAMPLE
    $token = Get-EWSOAuthtokenFromCredential -UserPrincipalName "ABC123@mydomain.com" -Password $mySecurePassword -ClientId "123444454545454767687878787" -RedirectUri "https://dummyredirectdomain.com"
    $ews = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList Exchange2013_SP1 -ErrorAction Stop
    $ews.UseDefaultCredentials = $False
    $ews.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token
    #>

    [CmdletBinding()]
    Param
    (
    [System.String]$UserPrincipalName,
    [System.Security.SecureString]$Password,
    [System.String]$ADALPath,
    [System.String]$ClientId = "123444454545454767687878787",
    [System.Uri]$ConnectionUri = "https://outlook.office365.com/EWS/Exchange.asmx",
    [System.Uri]$RedirectUri = "https://dummyredirectdomain.com"
    )

    Begin
    {
    Write-Host "Starting Get-EWSOAuthTokenFromCredential function..." -ForegroundColor Yellow
    #Determine ADAL location based on Azure AD module installation path
    If([System.String]::IsNullOrEmpty($ADALPath))
    {
    Write-Host "Attempting to locate ADAL library..." -ForegroundColor Yellow

    $ADALPath = (Get-InstalledModule -Name "AzureAD" -ErrorAction SilentlyContinue | Select-Object InstalledLocation).InstalledLocation
    $ADALPath = Join-Path -Path $ADALPath -ChildPath "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    Write-Host "Located library @ '$ADALPath'" -ForegroundColor Yellow
    If([System.String]::IsNullOrEmpty($ADALPath))
    {
    #Get List of installed modules and check Azure AD DLL is available
    $tmpMods = Get-Module -ListAvailable | Where-Object {$_.Name -eq "AzureAD"}

    If($tmpMods)
    {
    $ADALPath = Split-Path $tmpMods.Path
    $ADALPath = Join-Path -Path $ADALPath -ChildPath "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    Write-Host "Located library @ '$ADALPath'" -ForegroundColor Yellow
    }
    Else
    {
    $err = "$($myinvocation.mycommand.name) requires the ADAL Library DLL files ('Microsoft.IdentityModel.Clients.ActiveDirectory.dll') that are installed as part of the 'AzureAD' module! Please install the AzureAD module from the Powershell Gallery. See: 'https://www.powershellgallery.com/packages/AzureAD' for more information"
    Throw "$err"
    }
    }
    }

    #Load 'Microsoft.IdentityModel.Clients.ActiveDirectory' DLL
    Try
    {
    Import-Module $ADALPath -DisableNameChecking -Force -ErrorAction Stop
    Write-Host "Successfully imported ADAL Library" -ForegroundColor Yellow
    }
    Catch
    {
    $err = "$($myinvocation.mycommand.name): Could not load ADAL Library DLL '$ADALPath'. Error: $_"
    Throw "$err"
    }
    }
    Process
    {
    try
    {
    $resource = $connectionUri.Scheme + [System.Uri]::SchemeDelimiter + $connectionUri.Host
    $azureADAuthorizationEndpointUri = "https://login.windows.net/common/oauth2/authorize/"
    $AuthContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($azureADAuthorizationEndpointUri) -ErrorAction Stop
    $AuthCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential($UserPrincipalName, $Password) -ErrorAction Stop
    Write-Host "$($myinvocation.mycommand.name): Requesting a new OAuth Token..." -ForegroundColor Yellow
    $authenticationResult = ([Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($AuthContext, $resource, $clientId, $AuthCredential))

    If ($authenticationResult.Status.ToString() -ne "Faulted") {
    Write-Host "$($myinvocation.mycommand.name): Successfully retrieved OAuth Token" -ForegroundColor Yellow
    }
    else {
    $err = "$($myinvocation.mycommand.name): Error occurred calling ADAL 'AcquireTokenAysnc' : $authenticationResult.Exception.ToString()"
    Throw "$err"
    }
    }
    catch
    {
    #create object
    $returnValue = New-Object -TypeName PSObject

    #get all properties from last error
    $ErrorProperties =$Error[0] | Get-Member -MemberType Property

    #add existing properties to object
    foreach ($Property in $ErrorProperties)
    {
    if ($Property.Name -eq 'InvocationInfo')
    {
    $returnValue | Add-Member -Type NoteProperty -Name 'InvocationInfo' -Value $($Error[0].InvocationInfo.PositionMessage)
    }
    else
    {
    $returnValue | Add-Member -Type NoteProperty -Name $($Property.Name) -Value $($Error[0].$($Property.Name))
    }
    }
    #return object
    $returnValue
    break
    }
    }
    End
    {
    return $authenticationResult
    }
    }


    ###### Main script

    #Ensure TLS 1.2 protocol is enabled
    try {
    If ([Net.ServicePointManager]::SecurityProtocol -notmatch 'Tls12') {
    [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12
    Write-Host "Enabled Tls1.2 in '[Net.ServicePointManager]::SecurityProtocol'" -ForegroundColor Yellow
    }
    else {
    Write-Host "Tls1.2 is enabled in '[Net.ServicePointManager]::SecurityProtocol'" -ForegroundColor Yellow
    }
    }
    Catch {
    $err = "An error occurred enabling TLS1.2. Error: $_"
    Write-Host "`n$err" -ForegroundColor Red
    Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body $err -From $sender -Attachment $logfile -SmtpServer $smtpServer
    Exit
    }

    #CHECK FOR EWS MANAGED API, IF PRESENT IMPORT THE HIGHEST VERSION EWS DLL, ELSE EXIT
    $EWSDLL = (($(Get-ItemProperty -ErrorAction SilentlyContinue -Path Registry::$(Get-ChildItem -ErrorAction SilentlyContinue -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Web Services'|Sort-Object Name -Descending | Select-Object -First 1 -ExpandProperty Name)).'Install Directory') + "Microsoft.Exchange.WebServices.dll")
    If (Test-Path $EWSDLL)
    {
    Try
    {
    Import-Module $EWSDLL -DisableNameChecking -ErrorAction Stop
    }
    Catch
    {
    $err = "An error occurred importing the Exchange Web Services DLL '$EWSDLL'. Error: $_"
    Write-Host "`n$err" -ForegroundColor Red
    Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body $err -From $sender -Attachment $logfile -SmtpServer $smtpServer
    Exit
    }
    }
    Else
    {
    $err = "This script requires the EWS Managed API 1.2 or later. Please download and install the current version of the EWS Managed API from http://go.microsoft.com/fwlink/?LinkId=255472"
    Write-Host "`n$err" -ForegroundColor Red
    Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body $err -From $sender -Attachment $logfile -SmtpServer $smtpServer
    Exit
    }


    #Create EWS Object
    $ews = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList "Exchange2013_SP1" -ErrorAction Stop

    #Authenticate EWS using OAuth
    Try {
    $ews.UseDefaultCredentials = $False
    Write-Host "Requesting EWS OAuth Token using registered Client ID" -ForegroundColor Yellow

    $OAuthResult = Get-EWSOAuthToken -UserPrincipalName $UserPrincipalName -Password $Password -ClientId "$ClientIDfromAzureAD" -ErrorAction Stop
    $token = $OAuthResult.Result.AccessToken

    #Check if we successfully retrieved an Oauth Token
    If ([System.String]::IsNullOrEmpty($token))
    {
    $err = "Get-EWSOAuthtoken returned an empty Auth Token. Aborted. Latest error details:`n$_error $($OAuthResult.Exception)"
    Write-Host "`n$err" -ForegroundColor Red
    $OAuthResult | Format-List -Force
    $OAuthResult.Result | Format-List -Force
    Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body "$err" -From $sender -Attachment $logfile -SmtpServer $smtpServer
    Exit
    }
    else
    {
    $OAuthchk = $true
    $ews.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token
    Write-Host "Set EWS credentials to OAuth token" -ForegroundColor Yellow
    }
    }
    Catch
    {
    $err = "An error occurred creating a new EWS object. Error:`n $_"
    write-host "`n$err" -ForegroundColor Red
    Send-MailMessage -To $errRecip -Subject "$script - Error occurred during processing" -Body "$err" -From $sender -Attachment $logfile -SmtpServer $smtpServer
    Exit
    }

    # Do your processing using EWS
    ....

    关于Powershell、EWS、OAuth2 和自动化,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58169831/

    26 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com