#StackBounty: #sharepoint-online #timer-jobs #certificate #azure-functions #azure-appservice The SharePoint Online returns a Cryptograp…

Bounty: 50

I have some function apps which execute every 15 minutes.
These function apps connect to many SharePoint sites and get the respective list items.
The function apps are written in Visual Studio 2019 C# (class library) and use SharePointPnPCoreOnline NuGet Package.
The function apps connect with SharePoint using Azure Certificates.
The Certificates are not stored in the Azure Key Vault, but directly accessed through the function app through Function app configuration as base-64 encoded string.
The function to authenticate the client context is as follows:


        [Singleton]
        private ClientContext GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, string certificateBase64, string certificatePassword)
        {
            this.Logger?.LogDebug("[GetAzureADAppOnlyAuthenticatedContext] Site Url {0} ; clientId {1} ; tenant {2}", siteUrl, clientId, tenant);

            var certificate = new X509Certificate2();
            certificate.Import(Convert.FromBase64String(certificateBase64), certificatePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

            var clientContext = new ClientContext(siteUrl);

            string authority = string.Format(CultureInfo.InvariantCulture, "https://login.windows.net/{0}/", tenant);

            var authContext = new AuthenticationContext(authority);

            var clientAssertionCertificate = new ClientAssertionCertificate(clientId, certificate);

            var host = new Uri(siteUrl);

            clientContext.ExecutingWebRequest += (sender, args) =>
            {
                var ar = Task.Run(() => authContext
                         .AcquireTokenAsync(host.Scheme + "://" + host.Host + "/", clientAssertionCertificate))
                         .GetAwaiter().GetResult();
                args.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + ar.AccessToken;
            };

            return clientContext;
        }

There is no exception for remote debugging sessions but, after deployment during production executions, the Application Insights show logs of many Cryptographic exceptions.

The App service plan used is Consumption Plan, the Function apps do not exceed function time-out. The Function not always throw this exception. The exceptions never occur in remote debugging session.


Get this bounty!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.