public ActionResult RepairAccess([Bind(Include = "Id")] Subscription subscription)
{
if (ModelState.IsValid)
{
AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(ConfigurationManager.AppSettings["ObjectId"], subscription.Id, ConfigurationManager.AppSettings["AADId"]);
AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(ConfigurationManager.AppSettings["ObjectId"], subscription.Id, ConfigurationManager.AppSettings["AADId"]);
}
return(RedirectToAction("Index", "Home"));
}
public ActionResult RepairAccess([Bind(Include = "Id, OrganizationId")] Subscription subscription, string servicePrincipalObjectId)
{
if (ModelState.IsValid)
{
AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
}
return(RedirectToAction("Index", "Home"));
}
public async Task ConnectSubscription(string subscriptionId)
{
string directoryId = await resourceManagerUtility.GetDirectoryForSubscription(subscriptionId);
if (!string.IsNullOrEmpty(directoryId))
{
if (!User.Identity.IsAuthenticated || !directoryId.Equals((User.Identity as ClaimsIdentity).FindFirst
("http://schemas.microsoft.com/identity/claims/tenantid").Value))
{
//This is where the actual magic of changing authentication authority happens
var openIdFeature = HttpContext.Features[typeof(IHttpAuthenticationFeature)] as IHttpAuthenticationFeature;
var openIdHandler = openIdFeature.Handler as MultiTenantOpenIdConnectHandler;
openIdHandler.SetTenantAuthority(string.Format(azureADSettings.Authority, directoryId));
Dictionary <string, string> dict = new Dictionary <string, string>();
dict["prompt"] = "select_account";
await HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme,
new AuthenticationProperties(dict) { RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId });
}
else
{
string objectIdOfCloudSenseServicePrincipalInDirectory = await
resourceManagerUtility.GetObjectIdOfServicePrincipalInDirectory(directoryId, azureADSettings.ClientId);
await resourceManagerUtility.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Subscription s = new Subscription()
{
Id = subscriptionId,
DirectoryId = directoryId,
ConnectedBy = signedInUserService.GetSignedInUserName(),
ConnectedOn = DateTime.Now
};
subscriptionRepository.AddSubscription(s);
Response.Redirect(this.Url.Action("Index", "Home"));
}
}
return;
}
public async Task ConnectSubscription(string subscriptionId)
{
string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId);
if (!String.IsNullOrEmpty(directoryId))
{
if (!User.Identity.IsAuthenticated || !directoryId.Equals(ClaimsPrincipal.Current.FindFirst
("http://schemas.microsoft.com/identity/claims/tenantid").Value))
{
HttpContext.GetOwinContext().Environment.Add("Authority",
string.Format(ConfigurationManager.AppSettings["Authority"] + "OAuth2/Authorize", directoryId));
Dictionary <string, string> dict = new Dictionary <string, string>();
dict["prompt"] = "select_account";
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties(dict)
{
RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
else
{
string objectIdOfCloudSenseServicePrincipalInDirectory = await
AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]);
await AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Subscription s = new Subscription()
{
Id = subscriptionId,
DirectoryId = directoryId,
ConnectedBy = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value,
ConnectedOn = DateTime.Now
};
if (db.Subscriptions.Find(s.Id) == null)
{
db.Subscriptions.Add(s);
db.SaveChanges();
}
Response.Redirect(this.Url.Action("Index", "Home"));
}
}
return;
}
public async Task RepairSubscriptionConnection(string subscriptionId)
{
string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId);
string objectIdOfCloudSenseServicePrincipalInDirectory = await
AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]);
await AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
await AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Response.Redirect(this.Url.Action("Index", "Home"));
}
public ActionResult Connect([Bind(Include = "Id, OrganizationId")] Subscription subscription, string servicePrincipalObjectId)
{
if (ModelState.IsValid)
{
AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
if (AzureResourceManagerUtil.ServicePrincipalHasReadAccessToSubscription(subscription.Id, subscription.OrganizationId))
{
subscription.ConnectedBy = (System.Security.Claims.ClaimsPrincipal.Current).FindFirst(ClaimTypes.Name).Value;
subscription.ConnectedOn = DateTime.Now;
db.Subscriptions.Add(subscription);
db.SaveChanges();
}
}
return(RedirectToAction("Index", "Home"));
}
public ActionResult RepairAccess([Bind(Include = "Id, OrganizationId")] Subscription subscription, string servicePrincipalObjectId)
{
if (ModelState.IsValid)
{
AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
Subscription s = db.Subscriptions.Find(subscription.Id);
if (s != null)
{
s.AzureAccessNeedsToBeRepaired = false;
db.Entry(s).State = System.Data.Entity.EntityState.Modified;
db.SaveChanges();
}
}
return(RedirectToAction("Index", "Home"));
}
public ActionResult Connect([Bind(Include = "Id, OrganizationId, DisplayName")] Subscription subscription, string servicePrincipalObjectId, string displayTag)
{
if (ModelState.IsValid)
{
AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId);
if (AzureResourceManagerUtil.ServicePrincipalHasReadAccessToSubscription(subscription.Id, subscription.OrganizationId))
{
// Insert into SQL DB
subscription.ConnectedBy = (System.Security.Claims.ClaimsPrincipal.Current).FindFirst(ClaimTypes.Name).Value;
subscription.ConnectedOn = DateTime.Now;
subscription.AzureAccessNeedsToBeRepaired = false;
subscription.DisplayTag = displayTag;
subscription.DataGenDate = DateTime.UtcNow;
subscription.DataGenStatus = DataGenStatus.Pending;
db.Subscriptions.Add(subscription);
db.SaveChanges();
DateTime sdt = DateTime.Now.AddYears(-3);
DateTime edt = DateTime.Now.AddDays(-1);
BillingRequest br = new BillingRequest(subscription.Id, subscription.OrganizationId, sdt, edt);
// Insert into Azure Storage Queue
var storageAccount = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["AzureWebJobsStorage"].ToString());
CloudQueueClient queueClient = storageAccount.CreateCloudQueueClient();
CloudQueue subscriptionsQueue = queueClient.GetQueueReference(ConfigurationManager.AppSettings["ida:QueueBillingDataRequests"].ToString());
subscriptionsQueue.CreateIfNotExists();
var queueMessage = new CloudQueueMessage(JsonConvert.SerializeObject(br));
subscriptionsQueue.AddMessageAsync(queueMessage);
}
}
return(RedirectToAction("Index", "Home"));
}
