Beispiel #1
0
        public async Task <ActionResult> InstallApp()
        {
            var client = await AuthenticationHelper.GetActiveDirectoryClientAsync(Permissions.Delegated);

            var servicePrincipal = await client.ServicePrincipals
                                   .Where(i => i.AppId == Constants.AADClientId)
                                   .ExecuteSingleAsync();

            var resourceId = new Guid(servicePrincipal.ObjectId);

            int count = 0;
            var users = await client.Users.ExecuteAllAsync();

            foreach (var user in users)
            {
                var userFetcher = client.Users.GetByObjectId(user.ObjectId);

                var appRoleAssignment = await userFetcher.AppRoleAssignments
                                        .Where(i => i.ResourceId == resourceId)
                                        .ExecuteFirstOrDefaultAsync();

                if (appRoleAssignment != null)
                {
                    continue;
                }

                // https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/resources/approleassignment.md
                appRoleAssignment = new AAD.AppRoleAssignment
                {
                    CreationTimestamp = DateTime.UtcNow,
                    //Id = Guid.Empty,
                    PrincipalDisplayName = user.DisplayName,
                    PrincipalId          = new Guid(user.ObjectId),
                    PrincipalType        = "User",
                    ResourceId           = resourceId,
                    ResourceDisplayName  = servicePrincipal.DisplayName
                };

                try
                {
                    await userFetcher.AppRoleAssignments.AddAppRoleAssignmentAsync(appRoleAssignment);
                }
                catch (DataServiceRequestException)
                {
                    // Ignore this exception.
                }
                catch (ODataErrorException)
                {
                    // Ignore this exception.
                }
                count++;
            }

            TempData["Message"] = count > 0
                ? $"The App was successfully installed for {count} user(s)."
                : "The App had been installed for all users.";
            return(RedirectToAction("Index"));
        }
        public async Task <ActionResult> AddAppRoleAssignments()
        {
            var client = await AuthenticationHelper.GetActiveDirectoryClientAsync(Permissions.Delegated);

            var servicePrincipal = await client.ServicePrincipals
                                   .Where(i => i.AppId == Constants.AADClientId)
                                   .ExecuteSingleAsync();

            if (servicePrincipal == null)
            {
                TempData["Error"] = "Could not found the service principal. Please provdie the admin consent.";
                return(RedirectToAction("Index"));
            }

            int count      = 0;
            var tasks      = new List <Task>();
            var resourceId = new Guid(servicePrincipal.ObjectId);
            var users      = await client.Users
                             .Expand(i => i.AppRoleAssignments)
                             .ExecuteAllAsync();

            foreach (var user in users)
            {
                var task = Task.Run(async() =>
                {
                    if (await user.AppRoleAssignments.AnyAsync(i => i.ResourceId == resourceId))
                    {
                        return;
                    }

                    // https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/resources/approleassignment.md
                    var appRoleAssignment = new AAD.AppRoleAssignment
                    {
                        CreationTimestamp = DateTime.UtcNow,
                        //Id = Guid.Empty,
                        PrincipalDisplayName = user.DisplayName,
                        PrincipalId          = new Guid(user.ObjectId),
                        PrincipalType        = "User",
                        ResourceId           = resourceId,
                        ResourceDisplayName  = servicePrincipal.DisplayName
                    };
                    var userFetcher = client.Users.GetByObjectId(user.ObjectId);
                    try
                    {
                        await userFetcher.AppRoleAssignments.AddAppRoleAssignmentAsync(appRoleAssignment);
                    }
                    catch { }
                    Interlocked.Increment(ref count);
                });
                tasks.Add(task);
            }
            Task.WaitAll(tasks.ToArray());

            TempData["Message"] = count > 0
                ? $"User access was successfully enabled for {count} user(s)."
                : "User access was enabled for all users.";
            return(RedirectToAction("Index"));
        }
Beispiel #3
0
        // see: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/approleassignment_update for Microsoft Graph reference
        // this uses the AAD Graph since it appears to be the only place it is implemented currently (12/2017)
        // todo: this sucks, the object model for graph v1 is a joke and graph v2 doesn't work
        public async Task <bool> AddUserToRole2(string userIdentifier)
        {
            var appRef           = _aadClient.Applications.GetByObjectId(_config.AppObjectId);
            var app              = (AAD.Application)appRef.ToApplication();
            var servicePrincipal = (AAD.ServicePrincipal)appRef.ToServicePrincipal();
            var user             = (AAD.User)(await _aadClient.Users.Where(x => x.UserPrincipalName == userIdentifier).ExecuteSingleAsync());

            if (app.ObjectId != null && user != null && servicePrincipal.ObjectId != null)
            {
                var appRoleAssignment = new AAD.AppRoleAssignment
                {
                    Id            = app.AppRoles.FirstOrDefault().Id,
                    ResourceId    = Guid.Parse(servicePrincipal.ObjectId),
                    PrincipalType = "User",
                    PrincipalId   = Guid.Parse(user.ObjectId)
                };
                user.AppRoleAssignments.Add(appRoleAssignment);
                await user.UpdateAsync();

                return(true);
            }
            return(false);
        }