private string GetObjectIdByEmail(string email)
        {
            // In ADFS, Graph cannot handle this particular combination of filters.
            if (DefaultProfile.DefaultContext.Environment.OnPremise || string.IsNullOrWhiteSpace(email))
            {
                return(null);
            }

            string objId = null;

// TODO: Remove IfDef
#if NETSTANDARD
            var users = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions {
                Mail = email
            });
            if (users != null)
            {
                ThrowIfMultipleObjectIds(users, email);
                var user = users.FirstOrDefault();
                objId = user?.Id.ToString();
            }
#else
            var users = ActiveDirectoryClient.Users.Where(FilterByEmail(email)).ExecuteAsync().GetAwaiter().GetResult().CurrentPage;
            if (users != null)
            {
                ThrowIfMultipleObjectIds(users, email);
                var user = users.FirstOrDefault();
                objId = user?.ObjectId;
            }
#endif
            return(objId);
        }
Example #2
0
 private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments)
 {
     if (!string.IsNullOrEmpty(RoleDefinitionName))
     {
         var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
                          .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
         RoleDefinitionId = definition?.Id;
     }
     if (!string.IsNullOrEmpty(SignInName))
     {
         var filter = new ADObjectFilterOptions()
         {
             UPN = SignInName
         };
         var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
         ObjectId = user?.Id.ToString();
     }
     if (!string.IsNullOrEmpty(ApplicationId))
     {
         var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
         var app        = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
         ObjectId = app?.ObjectId.ToString();
     }
     if (!string.IsNullOrEmpty(RoleDefinitionId))
     {
         assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray();
     }
     if (!string.IsNullOrEmpty(ObjectId))
     {
         assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray();
     }
     return(assignments);
 }
        private string GetObjectIdByUpn(string upn)
        {
            if (string.IsNullOrWhiteSpace(upn))
            {
                return(null);
            }
// TODO: Remove IfDef
#if NETSTANDARD
            var user = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions {
                UPN = upn
            }).SingleOrDefault();
#else
            var user = ActiveDirectoryClient.Users.Where(u => u.UserPrincipalName.Equals(upn, StringComparison.OrdinalIgnoreCase))
                       .ExecuteAsync().ConfigureAwait(false).GetAwaiter().GetResult().CurrentPage.SingleOrDefault();
#endif
            string objId = null;
            if (user != null)
            {
// TODO: Remove IfDef
#if NETSTANDARD
                objId = user.Id.ToString();
#else
                objId = user.ObjectId;
#endif
            }
            return(objId);
        }
Example #4
0
        private string GetRoleAssignmentNameFromFilterParameters()
        {
            // convert definition name to id
            if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameObjectId ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
                                 .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
                if (definition == null)
                {
                    throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
                }
                RoleDefinitionId = definition.Id;
            }

            // convert user sign in name to object id
            if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var filter = new ADObjectFilterOptions()
                {
                    UPN = SignInName
                };
                var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
                if (user == null)
                {
                    throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
                }
                ObjectId = user.Id.ToString();
            }
            // convert service principal app id to object id
            if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameApplicationId)
            {
                var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
                var app        = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
                if (app == null)
                {
                    throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
                }
                ObjectId = app.ObjectId.ToString();
            }

            var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope)
                                 .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId));

            if (roleAssignment == null)
            {
                throw new Exception(Resources.RoleAssignmentNotFound);
            }
            else
            {
                return(roleAssignment.Name);
            }
        }
        public static (string, string) GetDetailsFromADObjectId(string objectId, ActiveDirectoryClient adClient)
        {
            var displayName = "";
            var upnOrSpn    = "";
            var objectType  = "Unknown";

            if (adClient == null || string.IsNullOrWhiteSpace(objectId))
            {
                return(displayName, objectType);
            }

            try
            {
                var obj = adClient.GetObjectsByObjectId(new List <string> {
                    objectId
                }).FirstOrDefault();
                if (obj != null)
                {
                    if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var user = adClient.FilterUsers(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = user.DisplayName;
                        upnOrSpn    = user.UserPrincipalName;
                        objectType  = "User";
                    }
                    else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var odataQuery       = new Rest.Azure.OData.ODataQuery <Graph.RBAC.Version1_6.Models.ServicePrincipal>(s => s.ObjectId == objectId);
                        var servicePrincipal = adClient.FilterServicePrincipals(odataQuery).FirstOrDefault();
                        displayName = servicePrincipal.DisplayName;
                        upnOrSpn    = servicePrincipal.ServicePrincipalNames.FirstOrDefault();
                        objectType  = "Service Principal";
                    }
                    else if (obj.Type.Equals("group", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var group = adClient.FilterGroups(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = group.DisplayName;
                        objectType  = "Group";
                    }
                }
            }
            catch
            {
                // Error occurred. Don't get the friendly name
            }

            return(
                displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : ""),
                objectType
                );
        }
        public override void ExecuteCmdlet()
        {
            // convert definition name to id
            if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameObjectId ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
                                 .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
                if (definition == null)
                {
                    throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
                }
                RoleDefinitionId = definition.Id;
            }

            // convert user sign in name to object id
            if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var filter = new ADObjectFilterOptions()
                {
                    UPN = SignInName
                };
                var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
                if (user == null)
                {
                    throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
                }
                ObjectId = user.Id.ToString();
            }
            // convert service principal app id to object id
            if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameApplicationId)
            {
                var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
                var app        = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
                if (app == null)
                {
                    throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
                }
                ObjectId = app.ObjectId.ToString();
            }

            base.ConfirmAction(
                string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope),
                HsmName, () =>
            {
                PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId);
                GetAssignmentDetails(roleAssignment, HsmName, Scope);
                WriteObject(roleAssignment);
            });
        }
        private string GetObjectIdByUpn(string upn)
        {
            string objId = null;

            if (!string.IsNullOrWhiteSpace(upn))
            {
                var user = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions()
                {
                    SPN = upn
                }).SingleOrDefault();
                if (user != null)
                {
                    objId = user.Id.ToString();
                }
            }
            return(objId);
        }
Example #8
0
        public static string GetDisplayNameForADObject(string objectId, ActiveDirectoryClient adClient)
        {
            string displayName = "";
            string upnOrSpn    = "";

            if (adClient == null || string.IsNullOrWhiteSpace(objectId))
            {
                return(displayName);
            }

            try
            {
                var obj = adClient.GetObjectsByObjectId(new List <string> {
                    objectId
                }).FirstOrDefault();
                if (obj != null)
                {
                    if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var user = adClient.FilterUsers(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = user.DisplayName;
                        upnOrSpn    = user.UserPrincipalName;
                    }
                    else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var servicePrincipal = adClient.FilterServicePrincipals(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = servicePrincipal.DisplayName;
                        upnOrSpn    = servicePrincipal.ServicePrincipalNames.FirstOrDefault();
                    }
                }
            }
            catch
            {
                // Error occured. Don't get the friendly name
            }

            return(displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : ""));
        }
        private string GetObjectIdByEmail(string email)
        {
            string objId = null;

            // In ADFS, Graph cannot handle this particular combination of filters.
            if (!DefaultProfile.DefaultContext.Environment.OnPremise && !string.IsNullOrWhiteSpace(email))
            {
                var users = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions()
                {
                    Mail = email
                });
                if (users != null)
                {
                    ThrowIfMultipleObjectIds(users, email);
                    var user = users.FirstOrDefault();
                    objId = user?.Id.ToString();
                }
            }
            return(objId);
        }
Example #10
0
        public static string GetDisplayNameForADObject(string objectId, ActiveDirectoryClient adClient)
        {
            string displayName = "";
            string upnOrSpn    = "";

            if (adClient == null || string.IsNullOrWhiteSpace(objectId))
            {
                return(displayName);
            }

            try
            {
#if NETSTANDARD
                var obj = adClient.GetObjectsByObjectId(new List <string> {
                    objectId
                }).FirstOrDefault();
                if (obj != null)
                {
                    if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var user = adClient.FilterUsers(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = user.DisplayName;
                        upnOrSpn    = user.UserPrincipalName;
                    }
                    else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var servicePrincipal = adClient.FilterServicePrincipals(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = servicePrincipal.DisplayName;
                        upnOrSpn    = servicePrincipal.ServicePrincipalNames.FirstOrDefault();
                    }
                    else if (obj.Type.Equals("group", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var group = adClient.FilterGroups(new ADObjectFilterOptions {
                            Id = objectId
                        }).FirstOrDefault();
                        displayName = group.DisplayName;
                    }
                }
#else
                var obj = adClient.GetObjectsByObjectIdsAsync(new[] { objectId }, new string[] { }).GetAwaiter().GetResult().FirstOrDefault();
                if (obj != null)
                {
                    if (obj.ObjectType.Equals("user", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var user = adClient.Users.GetByObjectId(objectId).ExecuteAsync().GetAwaiter().GetResult();
                        displayName = user.DisplayName;
                        upnOrSpn    = user.UserPrincipalName;
                    }
                    else if (obj.ObjectType.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var servicePrincipal = adClient.ServicePrincipals.GetByObjectId(objectId).ExecuteAsync().GetAwaiter().GetResult();
                        displayName = servicePrincipal.AppDisplayName;
                        upnOrSpn    = servicePrincipal.ServicePrincipalNames.FirstOrDefault();
                    }
                    else if (obj.ObjectType.Equals("group", StringComparison.InvariantCultureIgnoreCase))
                    {
                        var group = adClient.Groups.GetByObjectId(objectId).ExecuteAsync().GetAwaiter().GetResult();
                        displayName = group.DisplayName;
                        upnOrSpn    = group.MailNickname;
                    }
                }
#endif
            }
            catch
            {
                // Error occured. Don't get the friendly name
            }

            return(displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : ""));
        }