private List <string> GetDnnB2cRoles()
{
// This is the list of DNN roles coming from B2C
var result = RoleController.Instance.GetRoles(PortalSettings.Current.PortalId)
.Where(r => r.Settings.ContainsKey(RoleSettingsB2cPropertyName) && r.Settings[RoleSettingsB2cPropertyName] == RoleSettingsB2cPropertyValue)
.Select((roleInfo) => roleInfo.RoleName)
.ToList();
// We have to add also to this list the list of mapped roles, because those roles are also synchronized with B2C
result.AddRange(CustomRoleMappings.Select((role) => role.DnnRoleName).ToList());
return(result);
}
private void UpdateUserRoles(string aadUserId, UserInfo userInfo)
{
if (!Settings.RoleSyncEnabled)
{
return;
}
try
{
var syncOnlyMappedRoles = (CustomRoleMappings != null && CustomRoleMappings.Count > 0);
var aadGroups = GraphClient.GetUserGroups(aadUserId);
if (aadGroups != null && aadGroups.Values != null)
{
var groupPrefix = PrefixServiceToGroupName ? $"{Service}-" : "";
var groups = aadGroups.Values;
var filter = ConfigurationManager.AppSettings["AzureAD.GetUserGroups.Filter"];
if (!string.IsNullOrEmpty(filter))
{
var onlyGroups = filter.Split(';');
var g = new List <Graph.Models.Group>();
foreach (var f in onlyGroups)
{
var r = groups.Where(x => x.DisplayName.StartsWith(f));
if (r.Count() > 0)
{
g.AddRange(r);
}
}
groups = g;
}
if (syncOnlyMappedRoles)
{
groupPrefix = "";
var aadRoles = CustomRoleMappings.Select(rm => rm.AadRoleName);
groups.RemoveAll(x => !aadRoles.Contains(x.DisplayName));
}
var dnnAadRoles = GetDnnAadRoles();
// In DNN, remove user from roles where the user doesn't belong to in AAD (we'll take care only AAD roles)
foreach (var dnnUserRole in userInfo.Roles.Where(role => dnnAadRoles.Contains(role)))
{
var aadGroupName = dnnUserRole;
var roleName = dnnUserRole;
var mapping = CustomRoleMappings?.FirstOrDefault(x => x.DnnRoleName == dnnUserRole);
if (mapping != null)
{
aadGroupName = mapping.AadRoleName;
roleName = mapping.DnnRoleName;
}
if (groups.FirstOrDefault(aadGroup => $"{groupPrefix}{aadGroup.DisplayName}" == aadGroupName) == null)
{
var role = RoleController.Instance.GetRoleByName(PortalSettings.Current.PortalId, roleName);
RoleController.DeleteUserRole(userInfo, role, PortalSettings.Current, false);
}
}
foreach (var group in groups)
{
var roleToAssign = syncOnlyMappedRoles ? CustomRoleMappings.Find(r => r.AadRoleName == group.DisplayName).DnnRoleName : $"{groupPrefix}{group.DisplayName}";
var dnnRole = RoleController.Instance.GetRoleByName(PortalSettings.Current.PortalId, roleToAssign);
if (dnnRole == null)
{
// Create role
var roleId = AddRole(roleToAssign, group.Description, true);
dnnRole = RoleController.Instance.GetRoleById(PortalSettings.Current.PortalId, roleId);
// Add user to Role
RoleController.Instance.AddUserRole(PortalSettings.Current.PortalId,
userInfo.UserID,
roleId,
RoleStatus.Approved,
false,
group.CreatedDateTime.HasValue ? group.CreatedDateTime.Value.DateTime : Null.NullDate,
group.DeletedDateTime.HasValue ? group.DeletedDateTime.Value.DateTime : Null.NullDate);
}
else
{
// If user doesn't belong to that DNN role, let's add it
if (!userInfo.Roles.Contains(roleToAssign))
{
RoleController.Instance.AddUserRole(PortalSettings.Current.PortalId,
userInfo.UserID,
dnnRole.RoleID,
RoleStatus.Approved,
false,
group.CreatedDateTime.HasValue ? group.CreatedDateTime.Value.DateTime : Null.NullDate,
group.DeletedDateTime.HasValue ? group.DeletedDateTime.Value.DateTime : Null.NullDate);
}
}
}
}
}
catch (Exception e)
{
Logger.Warn($"Error while synchronizing the user roles from user {aadUserId}", e);
}
}
private void UpdateUserRoles(string aadUserId, UserInfo userInfo)
{
if (!Settings.RoleSyncEnabled)
{
return;
}
try
{
var syncOnlyMappedRoles = (CustomRoleMappings != null && CustomRoleMappings.Count > 0);
var aadGroups = GraphClient.GetUserGroups(aadUserId);
if (aadGroups != null && aadGroups.Values != null)
{
var groupPrefix = PrefixServiceToGroupName ? $"{Service}-" : "";
var groups = aadGroups.Values;
if (syncOnlyMappedRoles)
{
groupPrefix = "";
var b2cRoles = CustomRoleMappings.Select(rm => rm.B2cRoleName);
groups.RemoveAll(x => !b2cRoles.Contains(x.DisplayName));
}
var dnnB2cRoles = GetDnnB2cRoles();
// In DNN, remove user from roles where the user doesn't belong to in AAD (we'll take care only the roles that we are synchronizing with B2C)
foreach (var dnnUserRole in userInfo.Roles.Where(role => dnnB2cRoles.Contains(role)))
{
var aadGroupName = dnnUserRole;
var roleName = dnnUserRole;
var mapping = CustomRoleMappings?.FirstOrDefault(x => x.DnnRoleName == dnnUserRole);
if (mapping != null)
{
aadGroupName = mapping.B2cRoleName;
roleName = mapping.DnnRoleName;
}
if (groups.FirstOrDefault(aadGroup => $"{groupPrefix}{aadGroup.DisplayName}" == aadGroupName) == null)
{
var role = RoleController.Instance.GetRoleByName(PortalSettings.Current.PortalId, roleName);
RoleController.DeleteUserRole(userInfo, role, PortalSettings.Current, false);
}
}
foreach (var group in groups)
{
var roleToAssign = syncOnlyMappedRoles ? CustomRoleMappings.Find(r => r.B2cRoleName == group.DisplayName).DnnRoleName : $"{groupPrefix}{group.DisplayName}";
var dnnRole = RoleController.Instance.GetRoleByName(PortalSettings.Current.PortalId, roleToAssign);
if (dnnRole == null)
{
// Create role
var roleId = AddRole($"{groupPrefix}{group.DisplayName}", group.Description, true);
dnnRole = RoleController.Instance.GetRoleById(PortalSettings.Current.PortalId, roleId);
// Add user to Role
RoleController.Instance.AddUserRole(PortalSettings.Current.PortalId,
userInfo.UserID,
roleId,
RoleStatus.Approved,
false,
group.CreatedDateTime.HasValue ? group.CreatedDateTime.Value.DateTime : DotNetNuke.Common.Utilities.Null.NullDate,
DotNetNuke.Common.Utilities.Null.NullDate);
}
else
{
// If user doesn't belong to that DNN role, let's add it
if (!userInfo.Roles.Contains(roleToAssign))
{
RoleController.Instance.AddUserRole(PortalSettings.Current.PortalId,
userInfo.UserID,
dnnRole.RoleID,
Security.Roles.RoleStatus.Approved,
false,
group.CreatedDateTime.HasValue ? group.CreatedDateTime.Value.DateTime : DateTime.Today,
DotNetNuke.Common.Utilities.Null.NullDate);
}
}
}
}
}
catch (Exception e)
{
Logger.Warn($"Error while synchronizing the user roles from user {aadUserId}", e);
}
}
