private static async Task <string> CreateGroup(string name)
{
Microsoft.Graph.Group newGroup = await GraphHelper.CreateNewGroup(name);
InfoLine("New Group '" + newGroup.DisplayName + "' created");
return(newGroup.Id);
}
public static Group GroupProperty(Microsoft.Graph.Group graphGroup)
{
Group group = new Group();
group.id = graphGroup.Id;
group.displayName = graphGroup.DisplayName;
return(group);
}
public static void AddMember(this Microsoft.Graph.Group group, string userId)
{
if (group.AdditionalData == null)
{
group.AdditionalData = new Dictionary <string, object>();
}
string[] membersToAdd = new string[1];
membersToAdd[0] = $"https://graph.microsoft.com/v1.0/users/{userId}";
group.AdditionalData.Add("*****@*****.**", membersToAdd);
}
public async Task Should_get_group_by_given_id()
{
var accessUri = $"{GraphApiSettings.GraphApiBaseUri}v1.0/groups/{GroupId}";
var group = new Microsoft.Graph.Group()
{
Id = GroupId
};
SecureHttpRequest.Setup(s => s.GetAsync(GraphApiSettings.AccessToken, accessUri)).ReturnsAsync(ApiRequestHelper.CreateHttpResponseMessage(group, HttpStatusCode.OK));
var response = await Service.GetGroupByIdAsync(GroupId);
response.Should().NotBeNull();
response.Id.Should().Be(GroupId);
SecureHttpRequest.Verify(s => s.GetAsync(GraphApiSettings.AccessToken, accessUri), Times.Once);
}
public void TestIntialize()
{
user = new Microsoft.Graph.User()
{
Id = "1"
};
group = new Microsoft.Graph.Group()
{
Id = "2"
};
customDirectoryObject = new CustomDirectoryObject
{
ObjectDataId = $"{GraphApiSettings.GraphApiBaseUri}v1.0/{GraphApiSettings.TenantId}/directoryObjects/{user.Id}"
};
groupAccessUri = $"{GraphApiSettings.GraphApiBaseUri}v1.0/{GraphApiSettings.TenantId}/groups/{group.Id}/members/$ref";
}
public ActiveDirectoryServiceTests()
{
_mockRemoteGraphService = new Mock <IRemoteGraphService>();
_mockLogger = new Mock <ILogger <ActiveDirectoryService> >();
var configuration = new MapperConfiguration(cfg => cfg.AddProfile(new MappingProfiles()));
var mapper = new Mapper(configuration);
//var cache = new NoCacheService();
_mockCache = new Mock <ICacheService>();
_activeDirectoryService = new ActiveDirectoryService(_mockRemoteGraphService.Object,
mapper, _mockCache.Object, _mockLogger.Object);
// Init testdata
var inMemoryGraphService = new InMemoryGraphService();
var userId = Guid.NewGuid().ToString();
var groupId = Guid.NewGuid().ToString();
_user = inMemoryGraphService.GetUserAsync(userId).Result;
_group = inMemoryGraphService.GetGroupAsync(groupId).Result;
_managerId = Guid.NewGuid().ToString();
var users = inMemoryGraphService.FindActiveUserAsync(string.Empty).Result;
var groups = inMemoryGraphService.FindGroupAsync(string.Empty).Result;
// Init mock behaviour
_mockRemoteGraphService.Setup(x => x.GetUserAsync(It.IsAny <string>()))
.Returns(Task.FromResult(_user));
_mockRemoteGraphService.Setup(x => x.FindActiveUserAsync(It.IsAny <string>()))
.Returns(Task.FromResult(users));
_mockRemoteGraphService.Setup(x => x.GetManagerIdOfUserAsync(It.IsAny <string>()))
.Returns(Task.FromResult(_managerId));
_mockRemoteGraphService.Setup(x => x.GetGroupAsync(It.IsAny <string>()))
.Returns(Task.FromResult(_group));
_mockRemoteGraphService.Setup(x => x.FindGroupAsync(It.IsAny <string>()))
.Returns(Task.FromResult(groups));
}
public GroupModel(Microsoft.Graph.Group group)
{
GUID = group.Id;
Name = group.DisplayName;
}
public async Task <ActionResult> DeployBaseline(string displayName, string selectedBaseline, string policyPrefix, string allowLegacyAuth, string clientId = null)
{
SignalRMessage signalR = new SignalRMessage
{
clientId = clientId
};
signalR.sendMessage("Selected baseline: " + selectedBaseline);
try
{
// Create exclusion group (if the group already exists we retrieve the ID)
Microsoft.Graph.Group createdGroup = await GraphHelper.CreateGroup(displayName, clientId);
List <string> groupsCreated = new List <string>
{
createdGroup.Id
};
// Load CA policies for policy set
string[] filePaths = Directory.GetFiles(Server.MapPath(TEMPLATE_CA_POLICY_FOLDER_PATH + selectedBaseline), "*.json");
if (filePaths.Length == 0)
{
signalR.sendMessage($"Warning no Conditional Access Policies found within selected set ({selectedBaseline})!");
}
// Modify exclusions & Display Name
List <ConditionalAccessPolicy> conditionalAccessPolicies = new List <ConditionalAccessPolicy>();
foreach (string filePath in filePaths)
{
try
{
if (System.IO.File.Exists(filePath))
{
using (var streamReader = new StreamReader(filePath, Encoding.UTF8))
{
string textCaPolicy = streamReader.ReadToEnd();
// Modify properties on template
ConditionalAccessPolicy conditionalAccessPolicy = JsonConvert.DeserializeObject <ConditionalAccessPolicy>(textCaPolicy);
conditionalAccessPolicy.conditions.users.excludeGroups = groupsCreated.ToArray();
conditionalAccessPolicy.displayName = conditionalAccessPolicy.displayName.Insert(0, policyPrefix).Replace("<PREFIX> -", "").Trim();
// Check for legacy auth exclusion group
if (conditionalAccessPolicy.conditions.clientAppTypes.Contains("other") && conditionalAccessPolicy.grantControls.builtInControls.Contains("block"))
{
// Wee need to initialize a new list to avoid modifications to the existing!
List <String> newGroupsCreated = new List <String>(groupsCreated);
Microsoft.Graph.Group allowLegacyAuthGroup = await GraphHelper.CreateGroup(allowLegacyAuth, clientId);
newGroupsCreated.Add(allowLegacyAuthGroup.Id);
conditionalAccessPolicy.conditions.users.excludeGroups = newGroupsCreated.ToArray();
}
// Create the policy
await GraphHelper.ImportCaConfig(JsonConvert.SerializeObject(conditionalAccessPolicy), clientId);
}
}
}
catch (Exception e)
{
signalR.sendMessage("Error: " + e.Message);
}
}
}
catch (Exception e)
{
signalR.sendMessage("Error: " + e.Message);
}
signalR.sendMessage("Done#!");
return(new HttpStatusCodeResult(204));
}
