private Task <SecurityPolicyResult> EvaluateAsync(string userTenantId)
{
var credentialBuilder = new CredentialBuilder();
var fakes = new Fakes();
if (!string.IsNullOrEmpty(userTenantId))
{
fakes.User.Credentials.Add(
credentialBuilder.CreateExternalCredential(
issuer: "AzureActiveDirectory",
value: "value",
identity: "identity",
tenantId: userTenantId));
}
foreach (var policy in RequireOrganizationTenantPolicy.Create(TenantId).Policies)
{
fakes.Organization.SecurityPolicies.Add(policy);
}
var context = new UserSecurityPolicyEvaluationContext(
fakes.Organization.SecurityPolicies,
sourceAccount: fakes.Organization,
targetAccount: fakes.User
);
return(RequireOrganizationTenantPolicy
.Create()
.EvaluateAsync(context));
}
private Task <SecurityPolicyResult> EvaluateAsync(string userTenantId)
{
var credentialBuilder = new CredentialBuilder();
var fakes = new Fakes();
if (!string.IsNullOrEmpty(userTenantId))
{
// We can only have a single AAD account, remove previous one if present.
var aadCredential = fakes.User.Credentials.Single(c => c.Type.Contains(CredentialTypes.External.AzureActiveDirectoryAccount));
if (aadCredential != null)
{
fakes.User.Credentials.Remove(aadCredential);
}
// Add the new AAD credential
fakes.User.Credentials.Add(
credentialBuilder.CreateExternalCredential(
issuer: "AzureActiveDirectory",
value: "value",
identity: "identity",
tenantId: userTenantId));
}
foreach (var policy in RequireOrganizationTenantPolicy.Create(TenantId).Policies)
{
fakes.Organization.SecurityPolicies.Add(policy);
}
var context = new UserSecurityPolicyEvaluationContext(
fakes.Organization.SecurityPolicies,
sourceAccount: fakes.Organization,
targetAccount: fakes.User
);
return(RequireOrganizationTenantPolicy
.Create()
.EvaluateAsync(context));
}
