search

ironmansoftware / issues

Public Issue tracker for Ironman Software products.
https://ironmansoftware.com
31 stars 2 forks source link

issues with Connect-MgGraph #3407

Closed alexrgreenwood closed 2 weeks ago

alexrgreenwood commented 2 weeks ago

Summary of the feedback

first off I dont think this is a bug in PSU codebase , but some version mismatch / powershell environment issue just posting here for visibility/discussion

I'm using the latest docker container and trying to use a certificate to connect like this

$secstr = 'thecertpasswordgoeshere'
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2('Cert.pfx',$secstr)
$certparam=@{
    ClientID    = $c
    TenantID    = $t
    Certificate = $cert
}
Connect-MgGraph @certparam -Debug

gives the error "Entry point was not found"

quick google for that turns up this issue

If i add this line above Import-Module Microsoft.Graph.Authentication -RequiredVersion 2.12.0 then it works , but only in the Integrated and Agent Environments, not in the "Powershell 7" Environment

"Powershell 7" Environment gives the error

Could not load file or assembly 'System.Runtime, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. Could not find or load a specific file. (0x80131621)

I also had a similar problem after upgrading to 4.2.19 on my windows production system , suddenly the Cert: drive was no longer accessible see this issue

again i think more to do with the powershell core version , I worked around it by switching to the integrated enviroment for just a sub set of my jobs that need to fetch graph data

I guess if i have a question , its why do the Integrated and Powershell 7 Enviroments behave differently ? I assume they are different versions (7.4.2 vs 7.3.9) ? if so then can that information be exposed a bit better somehow or can they be brought into sync ?

rstolpe commented 2 weeks ago

I'm on the latest psu v4 (not 4.3.0) and I don't have an issue with cert auth against msgraph. But I'm not on my computer now as it might here in Sweden. I can check my code and post it here tomorrow and you can try it.

rstolpe commented 2 weeks ago

Try this:

$MSGraphLocalMachineCert = Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | Where-Object { $_.Thumbprint -eq $Secret:MSGraphThumbprint }
 [void](Connect-MgGraph -ClientId $Secret:MSGraphClientID -TenantId $Secret:AzureTenantID -Certificate $MSGraphLocalMachineCert)
adamdriscoll commented 2 weeks ago

This works in the most recent nightly (building tonight). See #3113 for more information.