public async Task ConnectSubscription(string subscriptionId)
{
string directoryId = await resourceManagerUtility.GetDirectoryForSubscription(subscriptionId);
if (!string.IsNullOrEmpty(directoryId))
{
if (!User.Identity.IsAuthenticated || !directoryId.Equals((User.Identity as ClaimsIdentity).FindFirst
("http://schemas.microsoft.com/identity/claims/tenantid").Value))
{
//This is where the actual magic of changing authentication authority happens
var openIdFeature = HttpContext.Features[typeof(IHttpAuthenticationFeature)] as IHttpAuthenticationFeature;
var openIdHandler = openIdFeature.Handler as MultiTenantOpenIdConnectHandler;
openIdHandler.SetTenantAuthority(string.Format(azureADSettings.Authority, directoryId));
Dictionary <string, string> dict = new Dictionary <string, string>();
dict["prompt"] = "select_account";
await HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme,
new AuthenticationProperties(dict) { RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId });
}
else
{
string objectIdOfCloudSenseServicePrincipalInDirectory = await
resourceManagerUtility.GetObjectIdOfServicePrincipalInDirectory(directoryId, azureADSettings.ClientId);
await resourceManagerUtility.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Subscription s = new Subscription()
{
Id = subscriptionId,
DirectoryId = directoryId,
ConnectedBy = signedInUserService.GetSignedInUserName(),
ConnectedOn = DateTime.Now
};
subscriptionRepository.AddSubscription(s);
Response.Redirect(this.Url.Action("Index", "Home"));
}
}
return;
}
