We could update the Azure application mainfest with [Microsoft.Azure.ActiveDirectory.GraphClient](https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/).
If we want to update the mainfest keyCredential we need DELEGATED PERMISSIONS
1.Registry an azure AD **native** application and grant [Access the directory as the signed-in user] permission.
[](https://i.stack.imgur.com/oSSPI.png)
2.Create a console application add the following code in the Program.cs file
```csharp
private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string userId)
{
string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
IPlatformParameters parameters = new PlatformParameters(PromptBehavior.SelectAccount);
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
var authenticationResult = await authenticationContext.AcquireTokenAsync(graphResourceId, clientId, new Uri("http://localhost"), parameters, new UserIdentifier(userId, UserIdentifierType.UniqueId));
return authenticationResult.AccessToken;
}
var graphResourceId = "https://graph.windows.net";
var tenantId = "tenantId";
var clientId = "clientId";
var userId= "313e5ee2-b28exx-xxxx"; Then login user
var servicePointUri = new Uri(graphResourceId);
var serviceRoot = new Uri(servicePointUri, tenantId);
var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, userName));
var cert = new X509Certificate();
cert.Import(@"D:\Tom\Documents\tom.cer");// the path fo cert file
var expirationDate = DateTime.Parse(cert.GetExpirationDateString()).ToUniversalTime();
var startDate = DateTime.Parse(cert.GetEffectiveDateString()).ToUniversalTime();
var binCert =cert.GetRawCertData();
var keyCredential = new KeyCredential
{
CustomKeyIdentifier = cert.GetCertHash(),
EndDate = expirationDate,
KeyId = Guid.NewGuid(),
StartDate = startDate,
Type = "AsymmetricX509Cert",
Usage = "Verify",
Value = binCert
};
var application = activeDirectoryClient.Applications["ApplicationObjectId"].ExecuteAsync().Result;
application.KeyCredentials.Add(keyCredential);
application.UpdateAsync().Wait();
```
**Packages.config**
```csharp
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Microsoft.Azure.ActiveDirectory.GraphClient" version="2.1.1" targetFramework="net471" />
<package id="Microsoft.Data.Edm" version="5.6.4" targetFramework="net471" />
<package id="Microsoft.Data.OData" version="5.6.4" targetFramework="net471" />
<package id="Microsoft.Data.Services.Client" version="5.6.4" targetFramework="net471" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.19.8" targetFramework="net471" />
<package id="System.Spatial" version="5.6.4" targetFramework="net471" />
</packages>
```
>Is there a way to programmatically upload an x509 certificate created in Visual Studios into Azure application manifest?
Yes, we could update the Azure application mainfest with [Microsoft.Azure.ActiveDirectory.GraphClient][1].
I did a demo for that. The following is detail steps, you could refer to:
If we want to update the mainfest keyCredential we need **DELEGATED PERMISSIONS**
1.Registry an azure AD **native** application and grant [Access the directory as the signed-in user] permission.
[![enter image description here][2]][2]
2.Create a console application add the following code in the Program.cs file
private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string userId)
{
string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
IPlatformParameters parameters = new PlatformParameters(PromptBehavior.SelectAccount);
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
var authenticationResult = await authenticationContext.AcquireTokenAsync(graphResourceId, clientId, new Uri("http://localhost"), parameters, new UserIdentifier(userId, UserIdentifierType.UniqueId));
return authenticationResult.AccessToken;
}
var graphResourceId = "https://graph.windows.net";
var tenantId = "tenantId";
var clientId = "clientId";
var userId= "313e5ee2-b28exx-xxxx"; Then login user
var servicePointUri = new Uri(graphResourceId);
var serviceRoot = new Uri(servicePointUri, tenantId);
var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, userName));
var cert = new X509Certificate();
cert.Import(@"D:\Tom\Documents\tom.cer");// the path fo cert file
var expirationDate = DateTime.Parse(cert.GetExpirationDateString()).ToUniversalTime();
var startDate = DateTime.Parse(cert.GetEffectiveDateString()).ToUniversalTime();
var binCert =cert.GetRawCertData();
var keyCredential = new KeyCredential
{
CustomKeyIdentifier = cert.GetCertHash(),
EndDate = expirationDate,
KeyId = Guid.NewGuid(),
StartDate = startDate,
Type = "AsymmetricX509Cert",
Usage = "Verify",
Value = binCert
};
var application = activeDirectoryClient.Applications["ApplicationObjectId"].ExecuteAsync().Result;
application.KeyCredentials.Add(keyCredential);
application.UpdateAsync().Wait();
**Packages.config**
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Microsoft.Azure.ActiveDirectory.GraphClient" version="2.1.1" targetFramework="net471" />
<package id="Microsoft.Data.Edm" version="5.6.4" targetFramework="net471" />
<package id="Microsoft.Data.OData" version="5.6.4" targetFramework="net471" />
<package id="Microsoft.Data.Services.Client" version="5.6.4" targetFramework="net471" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.19.8" targetFramework="net471" />
<package id="System.Spatial" version="5.6.4" targetFramework="net471" />
</packages>
[1]: https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/
[2]: https://i.stack.imgur.com/oSSPI.png
