public async Task <bool> AddRoleMember(DirectoryRole role, User user, CancellationToken token)
{
IDirectoryRoleMembersCollectionWithReferencesRequestBuilder rb = client.DirectoryRoles[role.Id].Members;
try
{
await rb.References.Request().AddAsync(user, token);
return(true);
}
catch (ServiceException se)
{
if (se.Error.Message.ToLower().Contains("already exist"))
{
return(true);
}
Trace.WriteLine(se.ToString());
}
catch (Exception ex)
{
Trace.WriteLine(ex.ToString());
}
return(false);
}
/// <summary>
/// Gets details of a single <see cref="Role" /> Graph.
/// </summary>
/// <returns>A view with the details of a single <see cref="Role" />.</returns>
public async Task <ActionResult> Details(string objectId)
{
DirectoryRole role = null;
try
{
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
role = (DirectoryRole)await client.DirectoryRoles.GetByObjectId(objectId).ExecuteAsync();
}
catch (Exception e)
{
if (Request.QueryString["reauth"] == "True")
{
//
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext()
.Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return(View());
}
return(View(role));
}
public async static Task GetDirectoryObjects(List <string> objectIds, List <Group> groups, List <DirectoryRole> roles, List <User> users)
{
string userObjectId = ClaimsPrincipal.Current.FindFirst(Globals.ObjectIdClaimType).Value;
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
ActiveDirectoryClient graphClient = new ActiveDirectoryClient(new Uri(ConfigHelper.GraphResourceId + '/' + tenantId), async() => { return(await GraphHelper.AcquireToken(userObjectId)); });
int batchCount = 0;
List <Task <IBatchElementResult[]> > requests = new List <Task <IBatchElementResult[]> >();
List <IReadOnlyQueryableSetBase <IDirectoryObject> > batch = new List <IReadOnlyQueryableSetBase <IDirectoryObject> >();
System.Collections.IEnumerator idIndex = objectIds.GetEnumerator();
System.Collections.IEnumerator nextId = objectIds.GetEnumerator();
nextId.MoveNext();
while (idIndex.MoveNext())
{
string thisId = idIndex.Current.ToString(); // for delegate capture
batch.Add(graphClient.DirectoryObjects.Where(o => o.ObjectId.Equals(thisId)));
batchCount++;
if (!nextId.MoveNext() || batchCount == 5)
{
requests.Add(graphClient.Context.ExecuteBatchAsync(batch.ToArray()));
batchCount = 0;
batch.Clear();
}
}
IBatchElementResult[][] responses = await Task.WhenAll <IBatchElementResult[]>(requests);
foreach (IBatchElementResult[] batchResult in responses)
{
foreach (IBatchElementResult query in batchResult)
{
if (query.SuccessResult != null && query.FailureResult == null)
{
if (query.SuccessResult.CurrentPage.First() is Group)
{
Group group = query.SuccessResult.CurrentPage.First() as Group;
groups.Add(group);
}
if (query.SuccessResult.CurrentPage.First() is DirectoryRole)
{
DirectoryRole role = query.SuccessResult.CurrentPage.First() as DirectoryRole;
roles.Add(role);
}
if (query.SuccessResult.CurrentPage.First() is User)
{
User user = query.SuccessResult.CurrentPage.First() as User;
users.Add(user);
}
}
else
{
throw new Exception("Directory Object Not Found.");
}
}
}
return;
}
private static async Task PrintUsersGroupsAndRoles(User user)
{
Console.WriteLine("\n Signed in user {0} is a member of the following Group and Roles (IDs)",
user.DisplayName);
IUserFetcher signedInUserFetcher = user;
try
{
IPagedCollection <IDirectoryObject> pagedCollection = await signedInUserFetcher.MemberOf.ExecuteAsync();
do
{
List <IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
Group group = directoryObject as Group;
Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description);
}
if (directoryObject is DirectoryRole)
{
DirectoryRole role = directoryObject as DirectoryRole;
Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description);
}
}
pagedCollection = await pagedCollection.GetNextPageAsync();
} while (pagedCollection != null);
}
catch (Exception e)
{
/* Program.WriteError("\nError getting Signed in user's groups and roles memberships. {0}",
* Program.ExtractErrorMessage(e));*/
}
}
/// <summary>
/// Converts an instance of <see cref="DirectoryRole" /> to an instance of <see cref="PSDirectoryRole" />.
/// </summary>
/// <param name="role">An instance of <see cref="DirectoryRole" /> that will serve as the base for the new instance of <see cref="PSDirectoryRole" />.</param>
public static PSDirectoryRole ToPSDirectoryRole(DirectoryRole role)
{
if (role == null)
{
return(null);
}
return(new PSDirectoryRole(role));
}
/// <summary>
/// Gets the signed-in user groups and roles. A more efficient implementation that gets both group and role membership in one call
/// </summary>
/// <param name="accessToken">The access token for MS Graph.</param>
/// <returns>
/// A list of UserGroupsAndDirectoryRoles
/// </returns>
public async Task <UserGroupsAndDirectoryRoles> GetCurrentUserGroupsAndRolesAsync(string accessToken)
{
UserGroupsAndDirectoryRoles userGroupsAndDirectoryRoles = new UserGroupsAndDirectoryRoles();
IUserMemberOfCollectionWithReferencesPage memberOfDirectoryRoles = null;
try
{
PrepareAuthenticatedClient(accessToken);
memberOfDirectoryRoles = await graphServiceClient.Me.MemberOf.Request().GetAsync();
if (memberOfDirectoryRoles != null)
{
do
{
foreach (var directoryObject in memberOfDirectoryRoles.CurrentPage)
{
if (directoryObject is Group)
{
Group group = directoryObject as Group;
// Trace.WriteLine($"Got group: {group.Id}- '{group.DisplayName}'");
userGroupsAndDirectoryRoles.Groups.Add(group);
}
else if (directoryObject is DirectoryRole)
{
DirectoryRole role = directoryObject as DirectoryRole;
// Trace.WriteLine($"Got DirectoryRole: {role.Id}- '{role.DisplayName}'");
userGroupsAndDirectoryRoles.DirectoryRoles.Add(role);
}
}
if (memberOfDirectoryRoles.NextPageRequest != null)
{
userGroupsAndDirectoryRoles.HasOverageClaim = true; //check if this matches 150 per token limit
memberOfDirectoryRoles = await memberOfDirectoryRoles.NextPageRequest.GetAsync();
}
else
{
memberOfDirectoryRoles = null;
}
} while (memberOfDirectoryRoles != null);
}
return(userGroupsAndDirectoryRoles);
}
catch (ServiceException e)
{
Trace.Fail("We could not get user groups and roles: " + e.Error.Message);
return(null);
}
}
public async Task <bool> HasRoles(User user, string roleNames, CancellationToken token)
{
string[] names = roleNames.Split(',');
bool userHasRole = true;
foreach (string name in names)
{
string roleName = name.Trim();
try
{
DirectoryRole role = await FindRoleByName(roleName, token);
if (role == null)
{
DirectoryRoleTemplate drt = await FindRoleTemplateByName(roleName, token);
if (drt == default(DirectoryRoleTemplate))
{
Trace.WriteLine($"Could not find role template '{roleName}'");
return(false);
}
await EnableRole(drt.Id, token);
role = await FindRoleByName(roleName, token);
if (role == default(DirectoryRole))
{
Trace.WriteLine($"Could not find role '{roleName}'");
return(false);
}
}
DirectoryObject member = await GetRoleMember(role, user, token);
userHasRole &= (member != default(DirectoryObject));
}
catch (Exception ex)
{
Trace.WriteLine(ex, $"Could not add role(s) '{roleNames}' to PowerShell user {user.UserPrincipalName}");
return(false);
}
}
return(userHasRole);
}
/// <summary>
/// Retrieve the role name id string
/// </summary>
/// <param name="graphServiceClient"></param>
/// <param name="roleName"></param>
/// <param name="directoryRole"></param>
/// <param name="directoryRoleTemplate"></param>
/// <returns></returns>
public async static Task <string> GetRoleByName(GraphServiceClient graphServiceClient, string roleName,
IGraphServiceDirectoryRolesCollectionPage directoryRole,
IGraphServiceDirectoryRoleTemplatesCollectionPage directoryRoleTemplate)
{
roleName = roleName.ToLower();
try
{
foreach (var role in directoryRole)
{
var directoryRoleName = role.DisplayName.ToLower();
if (directoryRoleName.Contains(roleName))
{
return(role.Id);
}
}
foreach (var roleTemplate in directoryRoleTemplate)
{
var directoryRoleTemplateName = roleTemplate.DisplayName.ToLower();
if (directoryRoleTemplateName.Contains(roleName))
{
var directoryRoleCreate = new DirectoryRole()
{
DisplayName = roleTemplate.DisplayName,
RoleTemplateId = roleTemplate.Id,
};
DirectoryRole newRole = await graphServiceClient.DirectoryRoles.Request().AddAsync(directoryRoleCreate);
if (newRole == null)
{
string errorMsg = "New role null. ";
await ErrorHandling.ErrorEvent(errorMsg, "N/A");
}
return(newRole.Id);
}
}
}
catch (ArgumentException ex)
{
string errorMsg = "Get role by name method failure.";
string exMsg = ex.Message;
await ErrorHandling.ErrorEvent(errorMsg, exMsg);
}
return(null);
}
public async Task <DirectoryObject> GetRoleMember(DirectoryRole role, User user, CancellationToken token)
{
IDirectoryObjectWithReferenceRequestBuilder rb = client.DirectoryRoles[role.Id].Members[user.Id];
try
{
return(await rb.Request().GetAsync(token));
}
catch (ServiceException se)
{
Trace.WriteLine(se.ToString());
}
catch (Exception ex)
{
Trace.WriteLine(ex.ToString());
}
return(default(DirectoryObject));
}
/// <summary>
/// Add new entity to directoryRoles
/// <param name="body"></param>
/// <param name="requestConfiguration">Configuration for the request such as headers, query parameters, and middleware options.</param>
/// </summary>
public RequestInformation CreatePostRequestInformation(DirectoryRole body, Action <DirectoryRolesRequestBuilderPostRequestConfiguration> requestConfiguration = default)
{
_ = body ?? throw new ArgumentNullException(nameof(body));
var requestInfo = new RequestInformation {
HttpMethod = Method.POST,
UrlTemplate = UrlTemplate,
PathParameters = PathParameters,
};
requestInfo.SetContentFromParsable(RequestAdapter, "application/json", body);
if (requestConfiguration != null)
{
var requestConfig = new DirectoryRolesRequestBuilderPostRequestConfiguration();
requestConfiguration.Invoke(requestConfig);
requestInfo.AddRequestOptions(requestConfig.Options);
requestInfo.AddHeaders(requestConfig.Headers);
}
return(requestInfo);
}
/// <summary>
/// Gets the current user directory roles.
/// </summary>
/// <param name="accessToken">The access token for MS Graph.</param>
/// <returns>
/// A list of directory roles
/// </returns>
public async Task <IList <DirectoryRole> > GetCurrentUserDirectoryRolesAsync(string accessToken)
{
IUserMemberOfCollectionWithReferencesPage memberOfDirectoryRoles = null;
IList <DirectoryRole> DirectoryRoles = new List <DirectoryRole>();
try
{
PrepareAuthenticatedClient(accessToken);
memberOfDirectoryRoles = await graphServiceClient.Me.MemberOf.Request().GetAsync();
if (memberOfDirectoryRoles != null)
{
do
{
foreach (var directoryObject in memberOfDirectoryRoles.CurrentPage)
{
if (directoryObject is DirectoryRole)
{
DirectoryRole DirectoryRole = directoryObject as DirectoryRole;
// Trace.WriteLine("Got DirectoryRole: " + DirectoryRole.Id);
DirectoryRoles.Add(DirectoryRole as DirectoryRole);
}
}
if (memberOfDirectoryRoles.NextPageRequest != null)
{
memberOfDirectoryRoles = await memberOfDirectoryRoles.NextPageRequest.GetAsync();
}
else
{
memberOfDirectoryRoles = null;
}
} while (memberOfDirectoryRoles != null);
}
return(DirectoryRoles);
}
catch (ServiceException e)
{
Trace.Fail("We could not get user DirectoryRoles: " + e.Error.Message);
return(null);
}
}
public IEnumerable <List <DirectoryObject> > GetRoleMembers(DirectoryRole group, CancellationToken token)
{
IDirectoryRoleMembersCollectionWithReferencesPage page = null;
try
{
page = client.DirectoryRoles[group.Id].Members.Request().GetAsync(token).Result;
}
catch (Exception ex)
{
HandleException(ex, null, messageOnlyExceptions, $"Get group members for group: {group.DisplayName}");
}
while (page != null)
{
yield return(page.ToList());
if (page.NextPageRequest == null)
{
break;
}
page = page.NextPageRequest.GetAsync(token).Result;
}
}
private async Task <List <GraphResultItem> > GetGroupMemberOfAsync()
{
try
{
// Call to Graph API to get the current user group information.
var graphRequest = await GraphClient.Me.MemberOf.Request().GetAsync();
var graphResultsItems = new List <GraphResultItem>();
if (graphRequest?.Count == 0)
{
return(graphResultsItems);
}
// Iterate graph call to get all
var directoryObjects = new List <DirectoryObject>();
directoryObjects.AddRange(graphRequest);
while (graphRequest.NextPageRequest != null)
{
graphRequest = await graphRequest.NextPageRequest.GetAsync();
directoryObjects.AddRange(graphRequest);
}
foreach (var directoryObject in directoryObjects)
{
// If groups
if (directoryObject is Group)
{
Group group = directoryObject as Group;
graphResultsItems.Add(new GraphResultItem
{
DisplayName = group.DisplayName,
Id = group.Id
});
}
// If directory role object
if (directoryObject is DirectoryRole)
{
DirectoryRole directoryRole = directoryObject as DirectoryRole;
graphResultsItems.Add(new GraphResultItem
{
DisplayName = directoryRole.DisplayName,
Id = directoryRole.Id
});
}
}
return(graphResultsItems);
}
catch (ServiceException ex)
{
switch (ex.Error.Code)
{
case "Request_ResourceNotFound":
case "ResourceNotFound":
case "ErrorItemNotFound":
case "itemNotFound":
throw;
case "TokenNotFound":
//await HttpContext.ChallengeAsync();
throw;
default:
throw;
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="PSDirectoryRole" /> class.
/// </summary>
/// <param name="role">The base role for this instance.</param>
public PSDirectoryRole(DirectoryRole role)
{
this.CopyFrom(role);
}
private static void Main()
{
// record start DateTime of execution
string currentDateTime = DateTime.Now.ToUniversalTime().ToString();
#region Setup Active Directory Client
//*********************************************************************
// setup Active Directory Client
//*********************************************************************
ActiveDirectoryClient activeDirectoryClient;
try
{
activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication();
}
catch (AuthenticationException ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
if (ex.InnerException != null)
{
//You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx
//InnerException Message will contain the HTTP error status codes mentioned in the link above
Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
}
Console.ResetColor();
Console.ReadKey();
return;
}
#endregion
#region TenantDetails
//*********************************************************************
// Get Tenant Details
// Note: update the string TenantId with your TenantId.
// This can be retrieved from the login Federation Metadata end point:
// https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
// Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization
// The returned value from the first xml node "EntityDescriptor", will have a STS URL
// containing your TenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com
//*********************************************************************
VerifiedDomain initialDomain = new VerifiedDomain();
VerifiedDomain defaultDomain = new VerifiedDomain();
ITenantDetail tenant = null;
Console.WriteLine("\n Retrieving Tenant Details");
try
{
List <ITenantDetail> tenantsList = activeDirectoryClient.TenantDetails
.Where(tenantDetail => tenantDetail.ObjectId.Equals(Constants.TenantId))
.ExecuteAsync().Result.CurrentPage.ToList();
if (tenantsList.Count > 0)
{
tenant = tenantsList.First();
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting TenantDetails {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (tenant == null)
{
Console.WriteLine("Tenant not found");
}
else
{
TenantDetail tenantDetail = (TenantDetail)tenant;
Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName);
// Get the Tenant's Verified Domains
initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value);
Console.WriteLine("Initial Domain Name: " + initialDomain.Name);
defaultDomain = tenantDetail.VerifiedDomains.First(x => [email protected] && [email protected]);
Console.WriteLine("Default Domain Name: " + defaultDomain.Name);
// Get Tenant's Tech Contacts
foreach (string techContact in tenantDetail.TechnicalNotificationMails)
{
Console.WriteLine("Tenant Tech Contact: " + techContact);
}
}
#endregion
#region Create a new User
IUser newUser = new User();
if (defaultDomain.Name != null)
{
newUser.DisplayName = "demo1";
newUser.UserPrincipalName = "xuhua00101" + "@" + defaultDomain.Name;
newUser.AccountEnabled = true;
newUser.MailNickname = "SampleAppDemoUserManager";
newUser.PasswordPolicies = "DisablePasswordExpiration";
newUser.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
newUser.UsageLocation = "US";
try
{
//activeDirectoryClient.Users.AddUserAsync(newUser).Wait();
Console.WriteLine("\nNew User {0} was created", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
// IApplication APPl = new Application();
//// APPl.AppId = "12345678";
// // APPl.AppRoles =
// APPl.AvailableToOtherTenants = false;
// APPl.DisplayName = "vik00de";
//// APPl.IdentifierUris
// APPl.Homepage = "https://ww.baidu.com";
// // APPl.IdentifierUris = "https://ww.baidu.com1";
// APPl.LogoutUrl = "https://ww.baidu.com";
// APPl.ErrorUrl = "https://ww.baidu.com1/1";
//// IList<string> ls = APPl.IdentifierUris;
//APPl.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid());
Application newApp = new Application {
DisplayName = "wode" + Helper.GetRandomString(8)
};
newApp.IdentifierUris.Add("https://localhost/demo1/" + Guid.NewGuid());
newApp.ReplyUrls.Add("https://localhost/demo1");
newApp.PublicClient = null;
AppRole appRole = new AppRole()
{
Id = Guid.NewGuid(),
IsEnabled = true,
DisplayName = "Something",
Description = "Anything",
Value = "policy.write"
};
appRole.AllowedMemberTypes.Add("User");
newApp.AppRoles.Add(appRole);
//AzureADServicePrincipal
//PasswordCredential password = new PasswordCredential
//{
// StartDate = DateTime.UtcNow,
// EndDate = DateTime.UtcNow.AddYears(1),
// Value = "password",
// KeyId = Guid.NewGuid()
//};
//newApp.PasswordCredentials.Add(password);
try
{
activeDirectoryClient.Applications.AddApplicationAsync(newApp).Wait();
Console.WriteLine("New Application created: " + newApp.DisplayName);
}
catch (Exception e)
{
string a = e.Message.ToString();
// Program.WriteError("\nError ceating Application: {0}", Program.ExtractErrorMessage(e));
}
ServicePrincipal s = new ServicePrincipal();
s.Tags.Add("WindowsAzureActiveDirectoryIntegratedApp");
s.AppId = newApp.AppId;
try
{
activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(s).Wait();
}
catch (Exception e) {
string a = e.Message.ToString();
}
//try
//{
// activeDirectoryClient.Applications.AddApplicationAsync(appObject).Wait();
//}
//catch (Exception e) {
// string mess = e.Message.ToString();
// string a = "";
//}
#region Create a User with a temp Password
//*********************************************************************************************
// Create a new User with a temp Password
//*********************************************************************************************
IUser userToBeAdded = new User();
userToBeAdded.DisplayName = "Sample App Demo User";
userToBeAdded.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name;
userToBeAdded.AccountEnabled = true;
userToBeAdded.MailNickname = "SampleAppDemoUser";
userToBeAdded.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
userToBeAdded.UsageLocation = "US";
try
{
activeDirectoryClient.Users.AddUserAsync(userToBeAdded).Wait();
Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
// activeDirectoryClient.Applications.AddApplicationAsync(iApp);
#endregion
#region Create a new Group
//*********************************************************************************************
// Create a new Group
//*********************************************************************************************
Group californiaEmployees = new Group
{
DisplayName = "California Employees" + Helper.GetRandomString(8),
Description = "Employees in the state of California",
MailNickname = "CalEmployees",
MailEnabled = false,
SecurityEnabled = true
};
try
{
activeDirectoryClient.Groups.AddGroupAsync(californiaEmployees).Wait();
Console.WriteLine("\nNew Group {0} was created", californiaEmployees.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new Group {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Search for Group using StartWith filter
//*********************************************************************
// Search for a group using a startsWith filter (displayName property)
//*********************************************************************
Group retrievedGroup = new Group();
string searchString = "California Employees";
List <IGroup> foundGroups = null;
try
{
foundGroups = activeDirectoryClient.Groups
.Where(group => group.DisplayName.StartsWith(searchString))
.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting Group {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Group;
}
else
{
Console.WriteLine("Group Not Found");
}
#endregion
#region Assign Member to Group
if (retrievedGroup.ObjectId != null)
{
try
{
retrievedGroup.Members.Add(newUser as DirectoryObject);
retrievedGroup.UpdateAsync().Wait();
}
catch (Exception e)
{
Console.WriteLine("\nError assigning member to group. {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Add User to Group
//*********************************************************************************************
// Add User to the "WA" Group
//*********************************************************************************************
if (retrievedGroup.ObjectId != null)
{
try
{
retrievedGroup.Members.Add(userToBeAdded as DirectoryObject);
retrievedGroup.UpdateAsync().Wait();
}
catch (Exception e)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get Group members
if (retrievedGroup.ObjectId != null)
{
Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description);
//*********************************************************************
// get the groups' membership -
// Note this method retrieves ALL links in one request - please use this method with care - this
// may return a very large number of objects
//*********************************************************************
IGroupFetcher retrievedGroupFetcher = retrievedGroup;
try
{
IPagedCollection <IDirectoryObject> members = retrievedGroupFetcher.Members.ExecuteAsync().Result;
Console.WriteLine(" Members:");
do
{
List <IDirectoryObject> directoryObjects = members.CurrentPage.ToList();
foreach (IDirectoryObject member in directoryObjects)
{
if (member is User)
{
User user = member as User;
Console.WriteLine("User DisplayName: {0} UPN: {1}",
user.DisplayName,
user.UserPrincipalName);
}
if (member is Group)
{
Group group = member as Group;
Console.WriteLine("Group DisplayName: {0}", group.DisplayName);
}
if (member is Contact)
{
Contact contact = member as Contact;
Console.WriteLine("Contact DisplayName: {0}", contact.DisplayName);
}
}
members = members.GetNextPageAsync().Result;
} while (members != null);
}
catch (Exception e)
{
Console.WriteLine("\nError getting groups' membership. {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
//*********************************************************************************************
// End of Demo Console App
//*********************************************************************************************
Console.WriteLine("\nCompleted at {0} \n Press Any Key to Exit.", currentDateTime);
// Console.ReadKey();
Console.WriteLine();
#region Search User by UPN
// search for a single user by UPN
searchString = "" + "@" + initialDomain.Name;
Console.WriteLine("\n Retrieving user with UPN {0}", searchString);
User retrievedUser = new User();
List <IUser> retrievedUsers = null;
try
{
retrievedUsers = activeDirectoryClient.Users
.Where(user => user.UserPrincipalName.Equals(searchString))
.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting new user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
// should only find one user with the specified UPN
if (retrievedUsers != null && retrievedUsers.Count == 1)
{
retrievedUser = (User)retrievedUsers.First();
}
else
{
Console.WriteLine("User not found {0}", searchString);
}
#endregion
Console.WriteLine("\n {0} is a member of the following Group and Roles (IDs)", retrievedUser.DisplayName);
IUserFetcher retrievedUserFetcher = retrievedUser;
try
{
IPagedCollection <IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
do
{
List <IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
Group group = directoryObject as Group;
Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description);
}
if (directoryObject is DirectoryRole)
{
DirectoryRole role = directoryObject as DirectoryRole;
Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description);
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null);
}
catch (Exception e)
{
Console.WriteLine("\nError getting user's groups and roles memberships. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
Console.WriteLine("Press any key to continue....");
Console.ReadKey();
}
/// <summary>
/// Configures application authentication.
/// </summary>
/// <param name="app">The application to configure.</param>
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions {
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ApplicationConfiguration.ActiveDirectoryClientID,
Authority = ApplicationConfiguration.ActiveDirectoryEndPoint + "common",
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.Parameters.Add("lc", Resources.Culture.LCID.ToString());
return(Task.FromResult(0));
},
AuthorizationCodeReceived = async(context) =>
{
string userTenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserObjectId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// login to the user AD tenant
ClientCredential webPortalcredentials = new ClientCredential(ApplicationConfiguration.ActiveDirectoryClientID, ApplicationConfiguration.ActiveDirectoryClientSecret);
AuthenticationContext userAuthContext = new AuthenticationContext(ApplicationConfiguration.ActiveDirectoryEndPoint + userTenantId);
AuthenticationResult userAuthResult = userAuthContext.AcquireTokenByAuthorizationCodeAsync(
context.Code,
new Uri(
HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
webPortalcredentials,
ApplicationConfiguration.ActiveDirectoryGraphEndPoint).Result;
// acquire a graph token to manage the user tenant
Uri serviceRoot = new Uri(new Uri(ApplicationConfiguration.ActiveDirectoryGraphEndPoint), userTenantId);
ActiveDirectoryClient userAdClient = new ActiveDirectoryClient(serviceRoot, async() => await Task.FromResult(userAuthResult.AccessToken));
// add the user roles to the claims
var userMemberships = userAdClient.Users.GetByObjectId(signedInUserObjectId).MemberOf.ExecuteAsync().Result;
foreach (var membership in userMemberships.CurrentPage)
{
DirectoryRole role = membership as DirectoryRole;
if (role != null)
{
context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, role.DisplayName));
}
}
if (userTenantId != ApplicationConfiguration.ActiveDirectoryTenantId)
{
string partnerCenterCustomerId = string.Empty;
// Check to see if this login came from the tenant of a customer of the partner
var customerDetails = await ApplicationDomain.Instance.PartnerCenterClient.Customers.ById(userTenantId).GetAsync();
// indeed a customer
partnerCenterCustomerId = customerDetails.Id;
if (!string.IsNullOrWhiteSpace(partnerCenterCustomerId))
{
// add the customer ID to the claims
context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("PartnerCenterCustomerID", partnerCenterCustomerId));
// fire off call to retrieve this customer's subscriptions and populate the CustomerSubscriptions Repository.
}
}
else
{
if (context.AuthenticationTicket.Identity.FindFirst(System.Security.Claims.ClaimTypes.Role).Value != Startup.GlobalAdminUserRole)
{
// this login came from the partner's tenant, only allow admins to access the site, non admins will only
// see the unauthenticated experience but they can't configure the portal nor can purchase
Trace.TraceInformation("Blocked log in from non admin partner user: {0}", signedInUserObjectId);
throw new AuthorizationException(System.Net.HttpStatusCode.Unauthorized, Resources.NonAdminUnauthorizedMessage);
}
}
},
AuthenticationFailed = (context) =>
{
// redirect to the error page
context.OwinContext.Response.Redirect("/Home/Error?errorMessage=" + context.Exception.Message);
context.HandleResponse();
return(Task.FromResult(0));
}
}
});
}
private static void Main()
{
// record start DateTime of execution
string currentDateTime = DateTime.Now.ToUniversalTime().ToString();
#region Setup Active Directory Client
//*********************************************************************
// setup Active Directory Client
//*********************************************************************
ActiveDirectoryClient activeDirectoryClient;
try
{
activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication();
}
catch (AuthenticationException ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
if (ex.InnerException != null)
{
//You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx
//InnerException Message will contain the HTTP error status codes mentioned in the link above
Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
}
Console.ResetColor();
Console.ReadKey();
return;
}
#endregion
#region TenantDetails
//*********************************************************************
// Get Tenant Details
// Note: update the string TenantId with your TenantId.
// This can be retrieved from the login Federation Metadata end point:
// https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
// Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization
// The returned value from the first xml node "EntityDescriptor", will have a STS URL
// containing your TenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com
//*********************************************************************
VerifiedDomain initialDomain = new VerifiedDomain();
VerifiedDomain defaultDomain = new VerifiedDomain();
ITenantDetail tenant = null;
Console.WriteLine("\n Retrieving Tenant Details");
try
{
List <ITenantDetail> tenantsList = activeDirectoryClient.TenantDetails
.Where(tenantDetail => tenantDetail.ObjectId.Equals(Constants.TenantId))
.ExecuteAsync().Result.CurrentPage.ToList();
if (tenantsList.Count > 0)
{
tenant = tenantsList.First();
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting TenantDetails {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (tenant == null)
{
Console.WriteLine("Tenant not found");
}
else
{
TenantDetail tenantDetail = (TenantDetail)tenant;
Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName);
// Get the Tenant's Verified Domains
initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value);
Console.WriteLine("Initial Domain Name: " + initialDomain.Name);
defaultDomain = tenantDetail.VerifiedDomains.First(x => [email protected] && [email protected]);
Console.WriteLine("Default Domain Name: " + defaultDomain.Name);
// Get Tenant's Tech Contacts
foreach (string techContact in tenantDetail.TechnicalNotificationMails)
{
Console.WriteLine("Tenant Tech Contact: " + techContact);
}
}
#endregion
#region Create a new User
IUser newUser = new User();
if (defaultDomain.Name != null)
{
newUser.DisplayName = "Sample App Demo User (Manager)";
newUser.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name;
newUser.AccountEnabled = true;
newUser.MailNickname = "SampleAppDemoUserManager";
newUser.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
newUser.UsageLocation = "US";
try
{
activeDirectoryClient.Users.AddUserAsync(newUser).Wait();
Console.WriteLine("\nNew User {0} was created", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region List of max 4 Users by UPN
//*********************************************************************
// Demonstrate Getting a list of Users with paging (get 4 users), sorted by displayName
//*********************************************************************
int maxUsers = 4;
try
{
Console.WriteLine("\n Retrieving Users");
List <IUser> users = activeDirectoryClient.Users.OrderBy(user =>
user.UserPrincipalName).Take(maxUsers).ExecuteAsync().Result.CurrentPage.ToList();
foreach (IUser user in users)
{
Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName);
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting Users. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Create a User with a temp Password
//*********************************************************************************************
// Create a new User with a temp Password
//*********************************************************************************************
IUser userToBeAdded = new User();
userToBeAdded.DisplayName = "Sample App Demo User";
userToBeAdded.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name;
userToBeAdded.AccountEnabled = true;
userToBeAdded.MailNickname = "SampleAppDemoUser";
userToBeAdded.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
userToBeAdded.UsageLocation = "US";
try
{
activeDirectoryClient.Users.AddUserAsync(userToBeAdded).Wait();
Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Update newly created User
//*******************************************************************************************
// update the newly created user's Password, PasswordPolicies and City
//*********************************************************************************************
if (userToBeAdded.ObjectId != null)
{
// update User's city and reset their User's Password
userToBeAdded.City = "Seattle";
userToBeAdded.Country = "UK";
PasswordProfile PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = false
};
userToBeAdded.PasswordProfile = PasswordProfile;
userToBeAdded.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword";
try
{
userToBeAdded.UpdateAsync().Wait();
Console.WriteLine("\nUser {0} was updated", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError Updating the user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Search User by UPN
// search for a single user by UPN
string searchString = "admin@" + initialDomain.Name;
Console.WriteLine("\n Retrieving user with UPN {0}", searchString);
User retrievedUser = new User();
List <IUser> retrievedUsers = null;
try
{
retrievedUsers = activeDirectoryClient.Users
.Where(user => user.UserPrincipalName.Equals(searchString))
.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting new user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
// should only find one user with the specified UPN
if (retrievedUsers != null && retrievedUsers.Count == 1)
{
retrievedUser = (User)retrievedUsers.First();
}
else
{
Console.WriteLine("User not found {0}", searchString);
}
#endregion
#region User Operations
if (retrievedUser.UserPrincipalName != null)
{
Console.WriteLine("\n Found User: "******" UPN: " +
retrievedUser.UserPrincipalName);
#region Assign User a Manager
//Assigning User a new manager.
if (newUser.ObjectId != null)
{
Console.WriteLine("\n Assign User {0}, {1} as Manager.", retrievedUser.DisplayName,
newUser.DisplayName);
retrievedUser.Manager = newUser as DirectoryObject;
try
{
newUser.UpdateAsync().Wait();
Console.Write("User {0} is successfully assigned {1} as Manager.", retrievedUser.DisplayName,
newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError assigning manager to user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get User's Manager
//Get the retrieved user's manager.
Console.WriteLine("\n Retrieving User {0}'s Manager.", retrievedUser.DisplayName);
DirectoryObject usersManager = retrievedUser.Manager;
if (usersManager != null)
{
User manager = usersManager as User;
if (manager != null)
{
Console.WriteLine("User {0} Manager details: \nManager: {1} UPN: {2}",
retrievedUser.DisplayName, manager.DisplayName, manager.UserPrincipalName);
}
}
else
{
Console.WriteLine("Manager not found.");
}
#endregion
#region Get User's Direct Reports
//*********************************************************************
// get the user's Direct Reports
//*********************************************************************
if (newUser.ObjectId != null)
{
Console.WriteLine("\n Getting User{0}'s Direct Reports.", newUser.DisplayName);
IUserFetcher newUserFetcher = (IUserFetcher)newUser;
try
{
IPagedCollection <IDirectoryObject> directReports =
newUserFetcher.DirectReports.ExecuteAsync().Result;
do
{
List <IDirectoryObject> directoryObjects = directReports.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is User)
{
User directReport = directoryObject as User;
Console.WriteLine("User {0} Direct Report is {1}", newUser.UserPrincipalName,
directReport.UserPrincipalName);
}
}
directReports = directReports.GetNextPageAsync().Result;
} while (directReports != null && directReports.MorePagesAvailable);
}
catch (Exception e)
{
Console.WriteLine("\nError getting direct reports of user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get list of Group IDS, user is member of
//*********************************************************************
// get a list of Group IDs that the user is a member of
//*********************************************************************
//const bool securityEnabledOnly = false;
//IEnumerable<string> memberGroups = retrievedUser.GetMemberGroupsAsync(securityEnabledOnly).Result;
//Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName);
//foreach (String memberGroup in memberGroups)
//{
// Console.WriteLine("Member of Group ID: " + memberGroup);
//}
#endregion
#region Get User's Group And Role Membership, Getting the complete set of objects
//*********************************************************************
// get the User's Group and Role membership, getting the complete set of objects
//*********************************************************************
Console.WriteLine("\n {0} is a member of the following Group and Roles (IDs)", retrievedUser.DisplayName);
IUserFetcher retrievedUserFetcher = retrievedUser;
try
{
IPagedCollection <IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
do
{
List <IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
Group group = directoryObject as Group;
Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description);
}
if (directoryObject is DirectoryRole)
{
DirectoryRole role = directoryObject as DirectoryRole;
Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description);
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null && pagedCollection.MorePagesAvailable);
}
catch (Exception e)
{
Console.WriteLine("\nError getting user's groups and roles memberships. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
}
#endregion
#region Search for User (People Picker)
//*********************************************************************
// People picker
// Search for a user using text string "Us" match against userPrincipalName, displayName, giveName, surname
//*********************************************************************
searchString = "Us";
Console.WriteLine("\nSearching for any user with string {0} in UPN,DisplayName,First or Last Name",
searchString);
List <IUser> usersList = null;
IPagedCollection <IUser> searchResults = null;
try
{
IUserCollection userCollection = activeDirectoryClient.Users;
searchResults = userCollection.Where(user =>
user.UserPrincipalName.StartsWith(searchString) ||
user.DisplayName.StartsWith(searchString) ||
user.GivenName.StartsWith(searchString) ||
user.Surname.StartsWith(searchString)).ExecuteAsync().Result;
usersList = searchResults.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting User {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (usersList != null && usersList.Count > 0)
{
do
{
usersList = searchResults.CurrentPage.ToList();
foreach (IUser user in usersList)
{
Console.WriteLine("User DisplayName: {0} UPN: {1}",
user.DisplayName, user.UserPrincipalName);
}
searchResults = searchResults.GetNextPageAsync().Result;
} while (searchResults != null && searchResults.MorePagesAvailable);
}
else
{
Console.WriteLine("User not found");
}
#endregion
#region Search for Group using StartWith filter
//*********************************************************************
// Search for a group using a startsWith filter (displayName property)
//*********************************************************************
Group retrievedGroup = new Group();
searchString = "US";
List <IGroup> foundGroups = null;
try
{
foundGroups = activeDirectoryClient.Groups
.Where(group => group.DisplayName.StartsWith(searchString))
.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting Group {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Group;
}
else
{
Console.WriteLine("Group Not Found");
}
#endregion
#region Assign Member to Group
if (retrievedGroup.ObjectId != null)
{
try
{
activeDirectoryClient.Context.AddLink(retrievedGroup, "members", newUser);
activeDirectoryClient.Context.SaveChanges();
}
catch (Exception e)
{
Console.WriteLine("\nError assigning member to group. {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get Group members
if (retrievedGroup.ObjectId != null)
{
Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description);
//*********************************************************************
// get the groups' membership -
// Note this method retrieves ALL links in one request - please use this method with care - this
// may return a very large number of objects
//*********************************************************************
IGroupFetcher retrievedGroupFetcher = retrievedGroup;
try
{
IPagedCollection <IDirectoryObject> members = retrievedGroupFetcher.Members.ExecuteAsync().Result;
Console.WriteLine(" Members:");
do
{
List <IDirectoryObject> directoryObjects = members.CurrentPage.ToList();
foreach (IDirectoryObject member in directoryObjects)
{
if (member is User)
{
User user = member as User;
Console.WriteLine("User DisplayName: {0} UPN: {1}",
user.DisplayName,
user.UserPrincipalName);
}
if (member is Group)
{
Group group = member as Group;
Console.WriteLine("Group DisplayName: {0}", group.DisplayName);
}
if (member is Contact)
{
Contact contact = member as Contact;
Console.WriteLine("Contact DisplayName: {0}", contact.DisplayName);
}
}
} while (members != null && members.MorePagesAvailable);
}
catch (Exception e)
{
Console.WriteLine("\nError getting groups' membership. {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Add User to Group
//*********************************************************************************************
// Add User to the "WA" Group
//*********************************************************************************************
if (retrievedGroup.ObjectId != null)
{
try
{
activeDirectoryClient.Context.AddLink(retrievedGroup, "members", userToBeAdded);
activeDirectoryClient.Context.SaveChangesAsync().Wait();
}
catch (Exception e)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Create a new Group
//*********************************************************************************************
// Create a new Group
//*********************************************************************************************
Group californiaEmployees = new Group
{
DisplayName = "California Employees" + Helper.GetRandomString(8),
Description = "Employees in the state of California",
MailNickname = "CalEmployees",
MailEnabled = false,
SecurityEnabled = true
};
try
{
activeDirectoryClient.Groups.AddGroupAsync(californiaEmployees).Wait();
Console.WriteLine("\nNew Group {0} was created", californiaEmployees.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new Group {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Delete User
//*********************************************************************************************
// Delete the user that we just created
//*********************************************************************************************
if (userToBeAdded.ObjectId != null)
{
try
{
userToBeAdded.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
if (newUser.ObjectId != null)
{
try
{
newUser.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Delete Group
//*********************************************************************************************
// Delete the Group that we just created
//*********************************************************************************************
if (californiaEmployees.ObjectId != null)
{
try
{
californiaEmployees.DeleteAsync().Wait();
Console.WriteLine("\nGroup {0} was deleted", californiaEmployees.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting Group failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get All Roles
//*********************************************************************
// Get All Roles
//*********************************************************************
List <IDirectoryRole> foundRoles = null;
try
{
foundRoles = activeDirectoryClient.DirectoryRoles.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting Roles {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (foundRoles != null && foundRoles.Count > 0)
{
foreach (IDirectoryRole role in foundRoles)
{
Console.WriteLine("\n Found Role: {0} {1} {2} ",
role.DisplayName, role.Description, role.ObjectId);
}
}
else
{
Console.WriteLine("Role Not Found {0}", searchString);
}
#endregion
#region Get Service Principals
//*********************************************************************
// get the Service Principals
//*********************************************************************
IPagedCollection <IServicePrincipal> servicePrincipals = null;
try
{
servicePrincipals = activeDirectoryClient.ServicePrincipals.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("\nError getting Service Principal {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (servicePrincipals != null)
{
do
{
List <IServicePrincipal> servicePrincipalsList = servicePrincipals.CurrentPage.ToList();
foreach (IServicePrincipal servicePrincipal in servicePrincipalsList)
{
Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId,
servicePrincipal.DisplayName);
}
servicePrincipals = servicePrincipals.GetNextPageAsync().Result;
} while (servicePrincipals != null && servicePrincipals.MorePagesAvailable);
}
#endregion
#region Get Applications
//*********************************************************************
// get the Application objects
//*********************************************************************
IPagedCollection <IApplication> applications = null;
try
{
applications = activeDirectoryClient.Applications.Take(999).ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("\nError getting Applications {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (applications != null)
{
do
{
List <IApplication> appsList = applications.CurrentPage.ToList();
foreach (IApplication app in appsList)
{
Console.WriteLine("Application AppId: {0} Name: {1}", app.AppId, app.DisplayName);
}
applications = applications.GetNextPageAsync().Result;
} while (applications != null && applications.MorePagesAvailable);
}
#endregion
#region User License Assignment
//*********************************************************************************************
// User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service
// first get a list of Tenant's subscriptions and find the "Enterprisepack" one
// Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline
// validate that Subscription is Enabled and there are enough units left to assign to users
//*********************************************************************************************
IPagedCollection <ISubscribedSku> skus = null;
try
{
skus = activeDirectoryClient.SubscribedSkus.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("\nError getting Applications {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (skus != null)
{
do
{
List <ISubscribedSku> subscribedSkus = skus.CurrentPage.ToList();
foreach (ISubscribedSku sku in subscribedSkus)
{
if (sku.SkuPartNumber == "ENTERPRISEPACK")
{
if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) &&
(sku.CapabilityStatus == "Enabled"))
{
// create addLicense object and assign the Enterprise Sku GUID to the skuId
//
AssignedLicense addLicense = new AssignedLicense {
SkuId = sku.SkuId.Value
};
// find plan id of SharePoint Service Plan
foreach (ServicePlanInfo servicePlan in sku.ServicePlans)
{
if (servicePlan.ServicePlanName.Contains("SHAREPOINT"))
{
addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value);
break;
}
}
IList <AssignedLicense> licensesToAdd = new[] { addLicense };
IList <Guid> licensesToRemove = new Guid[] {};
// attempt to assign the license object to the new user
try
{
if (newUser.ObjectId != null)
{
newUser.AssignLicenseAsync(licensesToAdd, licensesToRemove).Wait();
Console.WriteLine("\n User {0} was assigned license {1}",
newUser.DisplayName,
addLicense.SkuId);
}
}
catch (Exception e)
{
Console.WriteLine("\nLicense assingment failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
}
}
skus = skus.GetNextPageAsync().Result;
} while (skus != null && skus.MorePagesAvailable);
}
#endregion
#region Switch to OAuth Authorization Code Grant (Acting as a user)
activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsUser();
#endregion
#region Create Application
//*********************************************************************************************
// Create a new Application object with App Role Assignment (Direct permission)
//*********************************************************************************************
Application appObject = new Application {
DisplayName = "Test-Demo App" + Helper.GetRandomString(8)
};
appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid());
appObject.ReplyUrls.Add("https://localhost/demo");
AppRole appRole = new AppRole();
appRole.Id = Guid.NewGuid();
appRole.IsEnabled = true;
appRole.AllowedMemberTypes.Add("User");
appRole.DisplayName = "Something";
appRole.Description = "Anything";
appRole.Value = "policy.write";
appObject.AppRoles.Add(appRole);
// created Keycredential object for the new App object
KeyCredential keyCredential = new KeyCredential
{
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddYears(1),
Type = "Symmetric",
Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4="),
Usage = "Verify"
};
appObject.KeyCredentials.Add(keyCredential);
try
{
activeDirectoryClient.Applications.AddApplicationAsync(appObject).Wait();
Console.WriteLine("New Application created: " + appObject.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Application Creation execption: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Create Service Principal
//*********************************************************************************************
// create a new Service principal
//*********************************************************************************************
ServicePrincipal newServicePrincpal = new ServicePrincipal();
if (appObject != null)
{
newServicePrincpal.DisplayName = appObject.DisplayName;
newServicePrincpal.AccountEnabled = true;
newServicePrincpal.AppId = appObject.AppId;
try
{
activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(newServicePrincpal).Wait();
Console.WriteLine("New Service Principal created: " + newServicePrincpal.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Service Principal Creation execption: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Assign Direct Permission
try
{
User user =
(User)activeDirectoryClient.Users.ExecuteAsync().Result.CurrentPage.ToList().FirstOrDefault();
if (appObject.ObjectId != null && user != null && newServicePrincpal.ObjectId != null)
{
AppRoleAssignment appRoleAssignment = new AppRoleAssignment();
appRoleAssignment.Id = appRole.Id;
appRoleAssignment.ResourceId = Guid.Parse(newServicePrincpal.ObjectId);
appRoleAssignment.PrincipalType = "User";
appRoleAssignment.PrincipalId = Guid.Parse(user.ObjectId);
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
Console.WriteLine("User {0} is successfully assigned direct permission.", retrievedUser.DisplayName);
}
}
catch (Exception e)
{
Console.WriteLine("Direct Permission Assignment failed: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Get Devices
//*********************************************************************************************
// Get a list of Mobile Devices from tenant
//*********************************************************************************************
Console.WriteLine("\nGetting Devices");
IPagedCollection <IDevice> devices = null;
try
{
devices = activeDirectoryClient.Devices.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("/nError getting devices {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (devices != null)
{
do
{
List <IDevice> devicesList = devices.CurrentPage.ToList();
foreach (IDevice device in devicesList)
{
if (device.ObjectId != null)
{
Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType);
IPagedCollection <IDirectoryObject> registeredOwners = device.RegisteredOwners;
if (registeredOwners != null)
{
do
{
List <IDirectoryObject> registeredOwnersList = registeredOwners.CurrentPage.ToList();
foreach (IDirectoryObject owner in registeredOwnersList)
{
Console.WriteLine("Device Owner ID: " + owner.ObjectId);
}
registeredOwners = registeredOwners.GetNextPageAsync().Result;
} while (registeredOwners != null && registeredOwners.MorePagesAvailable);
}
}
}
devices = devices.GetNextPageAsync().Result;
} while (devices != null && devices.MorePagesAvailable);
}
#endregion
#region Create New Permission
//*********************************************************************************************
// Create new permission object
//*********************************************************************************************
OAuth2PermissionGrant permissionObject = new OAuth2PermissionGrant();
permissionObject.ConsentType = "AllPrincipals";
permissionObject.Scope = "user_impersonation";
permissionObject.StartTime = DateTime.Now;
permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12);
// resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API)
permissionObject.ResourceId = "52620afb-80de-4096-a826-95f4ad481686";
//ClientId = objectId of servicePrincipal
permissionObject.ClientId = newServicePrincpal.ObjectId;
try
{
activeDirectoryClient.Oauth2PermissionGrants.AddOAuth2PermissionGrantAsync(permissionObject).Wait();
Console.WriteLine("New Permission object created: " + permissionObject.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Permission Creation exception: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Get All Permissions
//*********************************************************************************************
// get all Permission Objects
//*********************************************************************************************
Console.WriteLine("\n Getting Permissions");
IPagedCollection <IOAuth2PermissionGrant> permissions = null;
try
{
permissions = activeDirectoryClient.Oauth2PermissionGrants.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("Error: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (permissions != null)
{
do
{
List <IOAuth2PermissionGrant> perms = permissions.CurrentPage.ToList();
foreach (IOAuth2PermissionGrant perm in perms)
{
Console.WriteLine("Permission: {0} Name: {1}", perm.ClientId, perm.Scope);
}
} while (permissions != null && permissions.MorePagesAvailable);
}
#endregion
#region Delete Application
//*********************************************************************************************
// Delete Application Objects
//*********************************************************************************************
if (appObject.ObjectId != null)
{
try
{
appObject.DeleteAsync().Wait();
Console.WriteLine("Deleted Application object: " + appObject.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Application Deletion execption: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Batch Operations
//*********************************************************************************************
// Show Batching with 3 operators. Note: up to 5 operations can be in a batch
//*********************************************************************************************
IReadOnlyQueryableSet <User> userQuery = activeDirectoryClient.DirectoryObjects.OfType <User>();
IReadOnlyQueryableSet <Group> groupsQuery = activeDirectoryClient.DirectoryObjects.OfType <Group>();
IReadOnlyQueryableSet <DirectoryRole> rolesQuery =
activeDirectoryClient.DirectoryObjects.OfType <DirectoryRole>();
try
{
IBatchElementResult[] batchResult =
activeDirectoryClient.Context.ExecuteBatchAsync(userQuery, groupsQuery, rolesQuery).Result;
int responseCount = 1;
foreach (IBatchElementResult result in batchResult)
{
if (result.FailureResult != null)
{
Console.WriteLine("Failed: {0} ",
result.FailureResult.InnerException);
}
if (result.SuccessResult != null)
{
Console.WriteLine("Batch Item Result {0} succeeded",
responseCount++);
}
}
}
catch (Exception e)
{
Console.WriteLine("Batch execution failed. : {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
//*********************************************************************************************
// End of Demo Console App
//*********************************************************************************************
Console.WriteLine("\nCompleted at {0} \n Press Any Key to Exit.", currentDateTime);
Console.ReadKey();
}
