public ActionResult Index()
{
//check for tenantId in session
if (Session["TenantID"] == null)
return RedirectToAction("Error", "Home", new { error = "Session expired" });
var tenantId = Session["TenantID"].ToString();
//get all registered apps for this tenant
var apps = new List<ApplicationModel>();
using (ApplicationEntities entities = new ApplicationEntities())
{
var tenantIdGuid = new Guid(tenantId);
var regs = entities.Applications.Where(i => i.TenantId == tenantIdGuid);
foreach (var reg in regs)
{
var app = new ApplicationModel()
{
CliendId = reg.Id,
Name = reg.Name,
AppOriginsFlat = reg.Origins,
};
app.AppOrigins = app.AppOriginsFlat.Split(';').ToList();
apps.Add(app);
}
}
return View(apps);
}
public async Task<ActionResult> Update(Guid id)
{
//check for tenantId and refresh token in session
if (Session["TenantID"] == null || Session["RefreshToken"] == null)
return RedirectToAction("Error", "Home", new { error = "Session expired" });
var tenantId = Session["TenantID"].ToString();
var refreshToken = Session["RefreshToken"].ToString();
//use authentication context to get access token to azure graph
AuthenticationContext context = new AuthenticationContext(string.Format("{0}/{1}", SettingsHelper.AuthorizationUri, tenantId));
var result = await context.AcquireTokenByRefreshTokenAsync(refreshToken, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret), SettingsHelper.AADGraphResourceId);
//get the registered app
using (ApplicationEntities entities = new ApplicationEntities())
{
var tenantIdGuid = new Guid(tenantId);
var dbApp = entities.Applications.FirstOrDefault(i => i.TenantId == tenantIdGuid && i.Id == id);
var app = new ApplicationModel()
{
CliendId = dbApp.Id,
Name = dbApp.Name,
AppOriginsFlat = dbApp.Origins,
};
app.AppOrigins = app.AppOriginsFlat.Split(';').ToList();
//get the application from Azure AD to validate settings
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + result.AccessToken);
client.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
using (HttpResponseMessage response = await client.GetAsync(new Uri(string.Format("https://graph.windows.net/{0}/applications?$filter=appId eq '{1}'&api-version=1.5", tenantId, id.ToString()), UriKind.Absolute)))
{
if (response.IsSuccessStatusCode)
{
var json = await response.Content.ReadAsStringAsync();
JObject oResponse = JObject.Parse(json);
var item = oResponse.SelectToken("d.results").ToObject<List<JsonApplication>>().FirstOrDefault();
app.SignOnURL = item.homepage;
//flatten the actual scopes
List<string> scopeIds = new List<string>();
foreach (var resource in item.requiredResourceAccess.results)
{
foreach (var scope in resource.resourceAccess.results)
scopeIds.Add(scope.id);
}
//update scopes based on what is selected
app.Permissions = PermissionModel.GetAllPermissions();
foreach (var perm in app.Permissions)
{
perm.Selected = scopeIds.Contains(perm.ScopeId.ToString());
}
}
}
return View(app);
}
}
public async Task<ActionResult> Add(ApplicationModel application)
{
//check for tenantId and refresh token in session
if (Session["TenantID"] == null || Session["RefreshToken"] == null)
return RedirectToAction("Error", "Home", new { error = "Session expired" });
var tenantId = Session["TenantID"].ToString();
var refreshToken = Session["RefreshToken"].ToString();
//use authentication context to get access token to azure graph
AuthenticationContext context = new AuthenticationContext(string.Format("{0}/{1}", SettingsHelper.AuthorizationUri, tenantId));
var result = await context.AcquireTokenByRefreshTokenAsync(refreshToken, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret), SettingsHelper.AADGraphResourceId);
//determine which scopes are selected
List<Scopes> scopes = new List<Scopes>();
foreach (var scope in AppScopes.ScopeIds.Keys)
{
if (Request[AppScopes.ScopeIds[scope]] != null)
{
scopes.Add(scope);
}
}
//get the domain
var upn = ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn").Value;
upn = upn.Substring(upn.IndexOf('@') + 1);
upn = upn.Substring(0, upn.IndexOf('.'));
//create the application registration
var appResult = AppRegistration.CreateWebAppRegistration(result.AccessToken, tenantId, application.Name, Request["hdnSignOnUrlPrefix"] + application.SignOnURL,
String.Format("https://{0}.onmicrosoft.com/{1}", upn, application.Name.Replace(" ", "")), "https://easyauth.azurewebsites.net/OAuth/AuthCode", true, true, scopes);
//Add to database
using (ApplicationEntities entities = new ApplicationEntities())
{
Application app = new Application()
{
Id = new Guid(appResult["client_id"]),
Secret = appResult["client_secret"],
Origins = Request["AppOriginsFlat"],
Name = application.Name,
TenantId = new Guid(tenantId)
};
entities.Applications.Add(app);
entities.SaveChanges();
}
return Redirect("/Application");
}
public async Task<ActionResult> Update(Guid id, ApplicationModel application)
{
//TODO
return Redirect("/Application");
}
