From ffa1edb9d1e8f87f4ed363740e03bd53169dbe1e Mon Sep 17 00:00:00 2001 From: "Taofeek F. Obafemi-Babatunde" Date: Tue, 21 May 2024 14:19:12 -0700 Subject: [PATCH] Enabling server certificate validation --- docs/authentication.md | 4 ++-- .../Authentication.Core/Utilities/AuthenticationHelpers.cs | 4 ++-- .../Microsoft.Graph.Authentication.Test.csproj | 2 +- .../Authentication/test/Get-MgGraphOption.Tests.ps1 | 2 +- .../Authentication/test/Set-MgGraphOption.Tests.ps1 | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/authentication.md b/docs/authentication.md index 3068135b3aa..4d587898495 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -114,9 +114,9 @@ Before using the provided `-AccessToken` to get Microsoft Graph resources, custo ### Access Token Proof of Possession (AT PoP) -AT PoP is a security mechanism that binds an access token to a cryptographic key that only the intended recipient has. This prevents unauthorized use of the token by malicious actors. AT PoP enhances data protection, reduces token replay attacks, and enables fine-grained authorization policies. +AT PoP is a security mechanism that binds an access token to a cryptographic key that only the token requestor has. This prevents unauthorized use of the token by malicious actors. AT PoP enhances data protection, reduces token replay attacks, and enables fine-grained authorization policies. -Note: AT PoP requires WAM to function. +Note: AT PoP requires Web Account Manager (WAM) to function. Microsoft Graph PowerShell module supports AT PoP in the following scenario: diff --git a/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs b/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs index 1415f0e2a2a..8a642094ed5 100644 --- a/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs +++ b/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs @@ -482,7 +482,7 @@ public static PopTokenRequestContext CreatePopTokenRequestContext(IAuthContext a { // Creating a httpclient that would handle all pop calls Uri popResourceUri = GraphSession.Instance.GraphRequestProofofPossession.Uri ?? new Uri("https://canary.graph.microsoft.com/beta/me"); //PPE (https://graph.microsoft-ppe.com) or Canary (https://canary.graph.microsoft.com) or (https://20.190.132.47/beta/me) - HttpClient popHttpClient = new(new HttpClientHandler { ServerCertificateCustomValidationCallback = (_, _, _, _) => true }); + HttpClient popHttpClient = new(new HttpClientHandler()); // Find the WWW-Authenticate header in the response. var popMethod = GraphSession.Instance.GraphRequestProofofPossession.HttpMethod ?? HttpMethod.Get; @@ -498,7 +498,7 @@ public static PopTokenRequestContext CreatePopTokenRequestContext(IAuthContext a }); - var _popPipeline = HttpPipelineBuilder.Build(popPipelineOptions, new HttpPipelineTransportOptions { ServerCertificateCustomValidationCallback = (_) => true }); + var _popPipeline = HttpPipelineBuilder.Build(popPipelineOptions, new HttpPipelineTransportOptions()); GraphSession.Instance.GraphRequestProofofPossession.Request = _popPipeline.CreateRequest(); GraphSession.Instance.GraphRequestProofofPossession.Request.Method = ConvertToAzureRequestMethod(popMethod); GraphSession.Instance.GraphRequestProofofPossession.Request.Uri.Reset(popResourceUri); diff --git a/src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj b/src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj index 8a3d6c004f8..1128e44cc47 100644 --- a/src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj +++ b/src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj @@ -8,7 +8,7 @@ - + all diff --git a/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 index 786105807c7..2708d2f7f41 100644 --- a/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 +++ b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 @@ -13,7 +13,7 @@ Describe "Get-MgGraphOption Command" { $GetMgGraphOptionCommand = Get-Command Set-MgGraphOption $GetMgGraphOptionCommand | Should -Not -BeNullOrEmpty $GetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1 - $GetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 13 # PS common parameters. + $GetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 14 # PS common parameters. } It 'Executes successfully' { diff --git a/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 index 68a31efb74e..775cdcaa629 100644 --- a/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 +++ b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 @@ -13,7 +13,7 @@ Describe "Set-MgGraphOption" { $SetMgGraphOptionCommand = Get-Command Set-MgGraphOption $SetMgGraphOptionCommand | Should -Not -BeNullOrEmpty $SetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1 - $SetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 13 # PS common parameters. + $SetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 14 # PS common parameters. } It 'Executes successfully when toggling WAM on' {