public async Task <ActionResult> DownloadAll(string clientId = null)
{
SignalRMessage signalR = new SignalRMessage
{
clientId = clientId
};
try {
string ca = await GraphHelper.GetConditionalAccessPoliciesAsync(clientId);
ConditionalAccessPolicies conditionalAccessPolicies = JsonConvert.DeserializeObject <ConditionalAccessPolicies>(ca);
using (MemoryStream ms = new MemoryStream())
{
using (var archive = new ZipArchive(ms, ZipArchiveMode.Create, true))
{
foreach (ConditionalAccessPolicy item in conditionalAccessPolicies.Value)
{
byte[] temp = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(item, Formatting.Indented).ToString());
string displayName = item.displayName;
char[] illegal = Path.GetInvalidFileNameChars();
foreach (char illegalChar in illegal)
{
displayName = displayName.Replace(illegalChar, '-');
}
var zipArchiveEntry = archive.CreateEntry(displayName + "_" + item.id + ".json", CompressionLevel.Fastest);
using (var zipStream = zipArchiveEntry.Open()) zipStream.Write(temp, 0, temp.Length);
}
}
string domainName = await GraphHelper.GetDefaultDomain(clientId);
return(File(ms.ToArray(), "application/zip", "ConditionalAccessConfig_" + domainName + ".zip"));
}
}
catch (Exception e)
{
signalR.sendMessage("Error " + e);
}
return(new HttpStatusCodeResult(204));
}
public async Task <FileResult> CreateDocumentation(string clientId = null)
{
SignalRMessage signalR = new SignalRMessage
{
clientId = clientId
};
if (!string.IsNullOrEmpty(clientId))
{
signalR.sendMessage("Building report....");
}
string ca = await GraphHelper.GetConditionalAccessPoliciesAsync(clientId);
ConditionalAccessPolicies conditionalAccessPolicies = JsonConvert.DeserializeObject <ConditionalAccessPolicies>(ca);
DataTable dataTable = new DataTable();
dataTable.BeginInit();
dataTable.Columns.Add("Name");
dataTable.Columns.Add("State");
// Assignments: first include then exclude
dataTable.Columns.Add("IncludeUsers");
dataTable.Columns.Add("IncludeGroups");
dataTable.Columns.Add("IncludeRoles");
dataTable.Columns.Add("ExcludeUsers");
dataTable.Columns.Add("ExcludeGroups");
dataTable.Columns.Add("ExcludeRoles");
dataTable.Columns.Add("IncludeApps");
dataTable.Columns.Add("ExcludeApps");
dataTable.Columns.Add("IncludeUserActions");
dataTable.Columns.Add("ClientAppTypes");
dataTable.Columns.Add("IncludePlatforms");
dataTable.Columns.Add("ExcludePlatforms");
dataTable.Columns.Add("IncludeLocations");
dataTable.Columns.Add("ExcludeLocations");
dataTable.Columns.Add("IncludeDeviceStates");
dataTable.Columns.Add("ExcludeDeviceStates");
dataTable.Columns.Add("GrantControls");
dataTable.Columns.Add("GrantControlsOperator");
dataTable.Columns.Add("ApplicationEnforcedRestrictions");
dataTable.Columns.Add("CloudAppSecurity");
dataTable.Columns.Add("PersistentBrowser");
dataTable.Columns.Add("SignInFrequency");
// Init cache for AAD Object ID's in CA policies
AzureADIDCache azureADIDCache = new AzureADIDCache(clientId);
foreach (ConditionalAccessPolicy conditionalAccessPolicy in conditionalAccessPolicies.Value)
{
try
{
// Init a new row
DataRow row = dataTable.NewRow();
row["Name"] = conditionalAccessPolicy.displayName;
row["State"] = conditionalAccessPolicy.state;
row["IncludeUsers"] = $"\"{String.Join("\n", await azureADIDCache.getUserDisplayNamesAsync(conditionalAccessPolicy.conditions.users.includeUsers))}\"";
row["ExcludeUsers"] = $"\"{String.Join("\n", await azureADIDCache.getUserDisplayNamesAsync(conditionalAccessPolicy.conditions.users.excludeUsers))}\"";
row["IncludeGroups"] = $"\"{String.Join("\n", await azureADIDCache.getGroupDisplayNamesAsync(conditionalAccessPolicy.conditions.users.includeGroups))}\"";
row["ExcludeGroups"] = $"\"{String.Join("\n", await azureADIDCache.getGroupDisplayNamesAsync(conditionalAccessPolicy.conditions.users.excludeGroups))}\"";
row["IncludeRoles"] = $"\"{String.Join("\n", await azureADIDCache.getRoleDisplayNamesAsync(conditionalAccessPolicy.conditions.users.includeRoles))}\"";
row["ExcludeRoles"] = $"\"{String.Join("\n", await azureADIDCache.getRoleDisplayNamesAsync(conditionalAccessPolicy.conditions.users.excludeRoles))}\"";
row["IncludeApps"] = $"\"{String.Join("\n", await azureADIDCache.getApplicationDisplayNamesAsync(conditionalAccessPolicy.conditions.applications.includeApplications))}\"";
row["ExcludeApps"] = $"\"{String.Join("\n", await azureADIDCache.getApplicationDisplayNamesAsync(conditionalAccessPolicy.conditions.applications.excludeApplications))}\"";
row["IncludeUserActions"] = $"\"{String.Join("\n", await azureADIDCache.getApplicationDisplayNamesAsync(conditionalAccessPolicy.conditions.applications.includeUserActions))}\"";
if (conditionalAccessPolicy.conditions.platforms != null && conditionalAccessPolicy.conditions.platforms.includePlatforms != null)
{
row["IncludePlatforms"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.platforms.includePlatforms)}\"";
}
if (conditionalAccessPolicy.conditions.platforms != null && conditionalAccessPolicy.conditions.platforms.excludePlatforms != null)
{
row["ExcludePlatforms"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.platforms.excludePlatforms)}\"";
}
if (conditionalAccessPolicy.conditions.locations != null && conditionalAccessPolicy.conditions.locations.includeLocations != null)
{
row["IncludeLocations"] = $"\"{String.Join("\n", await azureADIDCache.getNamedLocationDisplayNamesAsync(conditionalAccessPolicy.conditions.locations.includeLocations))}\"";
}
if (conditionalAccessPolicy.conditions.locations != null && conditionalAccessPolicy.conditions.locations.excludeLocations != null)
{
row["ExcludeLocations"] = $"\"{String.Join("\n", await azureADIDCache.getNamedLocationDisplayNamesAsync(conditionalAccessPolicy.conditions.locations.excludeLocations))}\"";
}
row["ClientAppTypes"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.clientAppTypes)}\"";
if (conditionalAccessPolicy.conditions.deviceStates != null && conditionalAccessPolicy.conditions.deviceStates.includeStates != null)
{
row["IncludeDeviceStates"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.deviceStates.includeStates)}\"";
}
if (conditionalAccessPolicy.conditions.deviceStates != null && conditionalAccessPolicy.conditions.deviceStates.excludeStates != null)
{
row["IncludeDeviceStates"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.deviceStates.excludeStates)}\"";
}
if (conditionalAccessPolicy.grantControls != null && conditionalAccessPolicy.grantControls.builtInControls != null)
{
row["GrantControls"] = $"\"{String.Join("\n", conditionalAccessPolicy.grantControls.builtInControls)}\"";
row["GrantControlsOperator"] = $"\"{String.Join("\n", conditionalAccessPolicy.grantControls.op)}\"";
}
if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.applicationEnforcedRestrictions != null)
{
row["ApplicationEnforcedRestrictions"] = $"\"{String.Join("\n", conditionalAccessPolicy.sessionControls.applicationEnforcedRestrictions.isEnabled)}\"";
}
if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.cloudAppSecurity != null)
{
row["CloudAppSecurity"] = $"\"{String.Join("\n", conditionalAccessPolicy.sessionControls.cloudAppSecurity)}\"";
}
if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.persistentBrowser != null)
{
row["PersistentBrowser"] = conditionalAccessPolicy.sessionControls.persistentBrowser.mode;
}
if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.signInFrequency != null)
{
row["SignInFrequency"] = conditionalAccessPolicy.sessionControls.signInFrequency.value + " " + conditionalAccessPolicy.sessionControls.signInFrequency.type;
}
// Add new row to table
dataTable.Rows.Add(row);
}
catch (Exception e)
{
signalR.sendMessage("Error: " + e);
}
}
// Convert datatable to CSV string output
StringBuilder sb = new StringBuilder();
IEnumerable <string> columnNames = dataTable.Columns.Cast <DataColumn>().Select(column => column.ColumnName);
sb.AppendLine(string.Join(",", columnNames));
foreach (DataRow row in dataTable.Rows)
{
IEnumerable <string> fields = row.ItemArray.Select(field => field.ToString());
sb.AppendLine(string.Join(",", fields));
}
string domainName = await GraphHelper.GetDefaultDomain(clientId);
if (!string.IsNullOrEmpty(clientId))
{
signalR.sendMessage("Success: Report generated");
}
return(File(Encoding.ASCII.GetBytes(sb.ToString()), "text/csvt", "ConditionalAccessReport_" + domainName + ".csv"));
}
