public async Task <ActionResult> DownloadAll(string clientId = null) { SignalRMessage signalR = new SignalRMessage { clientId = clientId }; try { string ca = await GraphHelper.GetConditionalAccessPoliciesAsync(clientId); ConditionalAccessPolicies conditionalAccessPolicies = JsonConvert.DeserializeObject <ConditionalAccessPolicies>(ca); using (MemoryStream ms = new MemoryStream()) { using (var archive = new ZipArchive(ms, ZipArchiveMode.Create, true)) { foreach (ConditionalAccessPolicy item in conditionalAccessPolicies.Value) { byte[] temp = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(item, Formatting.Indented).ToString()); string displayName = item.displayName; char[] illegal = Path.GetInvalidFileNameChars(); foreach (char illegalChar in illegal) { displayName = displayName.Replace(illegalChar, '-'); } var zipArchiveEntry = archive.CreateEntry(displayName + "_" + item.id + ".json", CompressionLevel.Fastest); using (var zipStream = zipArchiveEntry.Open()) zipStream.Write(temp, 0, temp.Length); } } string domainName = await GraphHelper.GetDefaultDomain(clientId); return(File(ms.ToArray(), "application/zip", "ConditionalAccessConfig_" + domainName + ".zip")); } } catch (Exception e) { signalR.sendMessage("Error " + e); } return(new HttpStatusCodeResult(204)); }
public async Task <FileResult> CreateDocumentation(string clientId = null) { SignalRMessage signalR = new SignalRMessage { clientId = clientId }; if (!string.IsNullOrEmpty(clientId)) { signalR.sendMessage("Building report...."); } string ca = await GraphHelper.GetConditionalAccessPoliciesAsync(clientId); ConditionalAccessPolicies conditionalAccessPolicies = JsonConvert.DeserializeObject <ConditionalAccessPolicies>(ca); DataTable dataTable = new DataTable(); dataTable.BeginInit(); dataTable.Columns.Add("Name"); dataTable.Columns.Add("State"); // Assignments: first include then exclude dataTable.Columns.Add("IncludeUsers"); dataTable.Columns.Add("IncludeGroups"); dataTable.Columns.Add("IncludeRoles"); dataTable.Columns.Add("ExcludeUsers"); dataTable.Columns.Add("ExcludeGroups"); dataTable.Columns.Add("ExcludeRoles"); dataTable.Columns.Add("IncludeApps"); dataTable.Columns.Add("ExcludeApps"); dataTable.Columns.Add("IncludeUserActions"); dataTable.Columns.Add("ClientAppTypes"); dataTable.Columns.Add("IncludePlatforms"); dataTable.Columns.Add("ExcludePlatforms"); dataTable.Columns.Add("IncludeLocations"); dataTable.Columns.Add("ExcludeLocations"); dataTable.Columns.Add("IncludeDeviceStates"); dataTable.Columns.Add("ExcludeDeviceStates"); dataTable.Columns.Add("GrantControls"); dataTable.Columns.Add("GrantControlsOperator"); dataTable.Columns.Add("ApplicationEnforcedRestrictions"); dataTable.Columns.Add("CloudAppSecurity"); dataTable.Columns.Add("PersistentBrowser"); dataTable.Columns.Add("SignInFrequency"); // Init cache for AAD Object ID's in CA policies AzureADIDCache azureADIDCache = new AzureADIDCache(clientId); foreach (ConditionalAccessPolicy conditionalAccessPolicy in conditionalAccessPolicies.Value) { try { // Init a new row DataRow row = dataTable.NewRow(); row["Name"] = conditionalAccessPolicy.displayName; row["State"] = conditionalAccessPolicy.state; row["IncludeUsers"] = $"\"{String.Join("\n", await azureADIDCache.getUserDisplayNamesAsync(conditionalAccessPolicy.conditions.users.includeUsers))}\""; row["ExcludeUsers"] = $"\"{String.Join("\n", await azureADIDCache.getUserDisplayNamesAsync(conditionalAccessPolicy.conditions.users.excludeUsers))}\""; row["IncludeGroups"] = $"\"{String.Join("\n", await azureADIDCache.getGroupDisplayNamesAsync(conditionalAccessPolicy.conditions.users.includeGroups))}\""; row["ExcludeGroups"] = $"\"{String.Join("\n", await azureADIDCache.getGroupDisplayNamesAsync(conditionalAccessPolicy.conditions.users.excludeGroups))}\""; row["IncludeRoles"] = $"\"{String.Join("\n", await azureADIDCache.getRoleDisplayNamesAsync(conditionalAccessPolicy.conditions.users.includeRoles))}\""; row["ExcludeRoles"] = $"\"{String.Join("\n", await azureADIDCache.getRoleDisplayNamesAsync(conditionalAccessPolicy.conditions.users.excludeRoles))}\""; row["IncludeApps"] = $"\"{String.Join("\n", await azureADIDCache.getApplicationDisplayNamesAsync(conditionalAccessPolicy.conditions.applications.includeApplications))}\""; row["ExcludeApps"] = $"\"{String.Join("\n", await azureADIDCache.getApplicationDisplayNamesAsync(conditionalAccessPolicy.conditions.applications.excludeApplications))}\""; row["IncludeUserActions"] = $"\"{String.Join("\n", await azureADIDCache.getApplicationDisplayNamesAsync(conditionalAccessPolicy.conditions.applications.includeUserActions))}\""; if (conditionalAccessPolicy.conditions.platforms != null && conditionalAccessPolicy.conditions.platforms.includePlatforms != null) { row["IncludePlatforms"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.platforms.includePlatforms)}\""; } if (conditionalAccessPolicy.conditions.platforms != null && conditionalAccessPolicy.conditions.platforms.excludePlatforms != null) { row["ExcludePlatforms"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.platforms.excludePlatforms)}\""; } if (conditionalAccessPolicy.conditions.locations != null && conditionalAccessPolicy.conditions.locations.includeLocations != null) { row["IncludeLocations"] = $"\"{String.Join("\n", await azureADIDCache.getNamedLocationDisplayNamesAsync(conditionalAccessPolicy.conditions.locations.includeLocations))}\""; } if (conditionalAccessPolicy.conditions.locations != null && conditionalAccessPolicy.conditions.locations.excludeLocations != null) { row["ExcludeLocations"] = $"\"{String.Join("\n", await azureADIDCache.getNamedLocationDisplayNamesAsync(conditionalAccessPolicy.conditions.locations.excludeLocations))}\""; } row["ClientAppTypes"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.clientAppTypes)}\""; if (conditionalAccessPolicy.conditions.deviceStates != null && conditionalAccessPolicy.conditions.deviceStates.includeStates != null) { row["IncludeDeviceStates"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.deviceStates.includeStates)}\""; } if (conditionalAccessPolicy.conditions.deviceStates != null && conditionalAccessPolicy.conditions.deviceStates.excludeStates != null) { row["IncludeDeviceStates"] = $"\"{String.Join("\n", conditionalAccessPolicy.conditions.deviceStates.excludeStates)}\""; } if (conditionalAccessPolicy.grantControls != null && conditionalAccessPolicy.grantControls.builtInControls != null) { row["GrantControls"] = $"\"{String.Join("\n", conditionalAccessPolicy.grantControls.builtInControls)}\""; row["GrantControlsOperator"] = $"\"{String.Join("\n", conditionalAccessPolicy.grantControls.op)}\""; } if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.applicationEnforcedRestrictions != null) { row["ApplicationEnforcedRestrictions"] = $"\"{String.Join("\n", conditionalAccessPolicy.sessionControls.applicationEnforcedRestrictions.isEnabled)}\""; } if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.cloudAppSecurity != null) { row["CloudAppSecurity"] = $"\"{String.Join("\n", conditionalAccessPolicy.sessionControls.cloudAppSecurity)}\""; } if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.persistentBrowser != null) { row["PersistentBrowser"] = conditionalAccessPolicy.sessionControls.persistentBrowser.mode; } if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.signInFrequency != null) { row["SignInFrequency"] = conditionalAccessPolicy.sessionControls.signInFrequency.value + " " + conditionalAccessPolicy.sessionControls.signInFrequency.type; } // Add new row to table dataTable.Rows.Add(row); } catch (Exception e) { signalR.sendMessage("Error: " + e); } } // Convert datatable to CSV string output StringBuilder sb = new StringBuilder(); IEnumerable <string> columnNames = dataTable.Columns.Cast <DataColumn>().Select(column => column.ColumnName); sb.AppendLine(string.Join(",", columnNames)); foreach (DataRow row in dataTable.Rows) { IEnumerable <string> fields = row.ItemArray.Select(field => field.ToString()); sb.AppendLine(string.Join(",", fields)); } string domainName = await GraphHelper.GetDefaultDomain(clientId); if (!string.IsNullOrEmpty(clientId)) { signalR.sendMessage("Success: Report generated"); } return(File(Encoding.ASCII.GetBytes(sb.ToString()), "text/csvt", "ConditionalAccessReport_" + domainName + ".csv")); }