Changing Aad auth to use certificates instead of client secrets.

SampleCPMProject/App.config

@@ -11,7 +11,7 @@
     <!--Please provide the following values based on the CPM evironment you want to call. The values provided are those of CPM INT-->
     <add key="BaseUrl" value="https://api.cpm.account.microsoft-int.com" />
     <add key="ClientId" value="fill-in-your-own-value" />                   <!--Onboarded app client ID for the respective environment-->
-    <add key="ClientSecret" value="fill-in-your-own-value" />               <!--Secret corresponding to the client ID above-->
+    <add key="Thumbprint" value="fill-in-your-own-value" />               <!--Secret corresponding to the client ID above-->
     <add key="AppResourceId" value="fdef6b70-6909-420c-81e7-18fb900860e8" />
   </appSettings>
   <runtime>

SampleCPMProject/CpmClient/AadAuthentication.cs

@@ -1,17 +1,19 @@
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using System.Configuration;
+using System.Security.Cryptography.X509Certificates;
 
 namespace SampleCPMProject
 {
     internal static class AadAuthentication
     {
         static AuthenticationContext context;
-        static ClientCredential credentials;
+        static IClientAssertionCertificate credentials;
 
         static AadAuthentication()
         {
+            X509Certificate2 cert = GetCertificateFromStore(ConfigurationManager.AppSettings["Thumbprint"]);
             context = new AuthenticationContext(ConfigurationManager.AppSettings["AadInstance"] + ConfigurationManager.AppSettings["TenantId"]);
-            credentials = new ClientCredential(ConfigurationManager.AppSettings["ClientId"], ConfigurationManager.AppSettings["ClientSecret"]);
+            credentials = new ClientAssertionCertificate(ConfigurationManager.AppSettings["ClientId"], cert);
         }
 
         public static string GetAccessTokenForCpmApi()
@@ -36,5 +38,26 @@ namespace SampleCPMProject
 
             return authenticationResult.AccessToken;
         }
+
+        private static X509Certificate2 GetCertificateFromStore(string certThumbprint)
+        {
+            var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
+            store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
+
+            var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certThumbprint, false);
+
+            if (certs.Count == 1)
+            {
+                return certs[0];
+            }
+            if (certs.Count > 1)
+            {
+                throw new System.Exception($"More than one certificate with thumbprint {certThumbprint} " +
+                                    "found in LocalMachine store location");
+            }
+
+            throw new System.Exception($"No certificate found with thumbprint {certThumbprint} " +
+                                "in LocalMachine store location");
+        }
     }
 }