public async Task <bool> AddRoleMember(DirectoryRole role, User user, CancellationToken token) { IDirectoryRoleMembersCollectionWithReferencesRequestBuilder rb = client.DirectoryRoles[role.Id].Members; try { await rb.References.Request().AddAsync(user, token); return(true); } catch (ServiceException se) { if (se.Error.Message.ToLower().Contains("already exist")) { return(true); } Trace.WriteLine(se.ToString()); } catch (Exception ex) { Trace.WriteLine(ex.ToString()); } return(false); }
/// <summary> /// Gets details of a single <see cref="Role" /> Graph. /// </summary> /// <returns>A view with the details of a single <see cref="Role" />.</returns> public async Task <ActionResult> Details(string objectId) { DirectoryRole role = null; try { ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient(); role = (DirectoryRole)await client.DirectoryRoles.GetByObjectId(objectId).ExecuteAsync(); } catch (Exception e) { if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext() .Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // ViewBag.ErrorMessage = "AuthorizationRequired"; return(View()); } return(View(role)); }
public async static Task GetDirectoryObjects(List <string> objectIds, List <Group> groups, List <DirectoryRole> roles, List <User> users) { string userObjectId = ClaimsPrincipal.Current.FindFirst(Globals.ObjectIdClaimType).Value; string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; ActiveDirectoryClient graphClient = new ActiveDirectoryClient(new Uri(ConfigHelper.GraphResourceId + '/' + tenantId), async() => { return(await GraphHelper.AcquireToken(userObjectId)); }); int batchCount = 0; List <Task <IBatchElementResult[]> > requests = new List <Task <IBatchElementResult[]> >(); List <IReadOnlyQueryableSetBase <IDirectoryObject> > batch = new List <IReadOnlyQueryableSetBase <IDirectoryObject> >(); System.Collections.IEnumerator idIndex = objectIds.GetEnumerator(); System.Collections.IEnumerator nextId = objectIds.GetEnumerator(); nextId.MoveNext(); while (idIndex.MoveNext()) { string thisId = idIndex.Current.ToString(); // for delegate capture batch.Add(graphClient.DirectoryObjects.Where(o => o.ObjectId.Equals(thisId))); batchCount++; if (!nextId.MoveNext() || batchCount == 5) { requests.Add(graphClient.Context.ExecuteBatchAsync(batch.ToArray())); batchCount = 0; batch.Clear(); } } IBatchElementResult[][] responses = await Task.WhenAll <IBatchElementResult[]>(requests); foreach (IBatchElementResult[] batchResult in responses) { foreach (IBatchElementResult query in batchResult) { if (query.SuccessResult != null && query.FailureResult == null) { if (query.SuccessResult.CurrentPage.First() is Group) { Group group = query.SuccessResult.CurrentPage.First() as Group; groups.Add(group); } if (query.SuccessResult.CurrentPage.First() is DirectoryRole) { DirectoryRole role = query.SuccessResult.CurrentPage.First() as DirectoryRole; roles.Add(role); } if (query.SuccessResult.CurrentPage.First() is User) { User user = query.SuccessResult.CurrentPage.First() as User; users.Add(user); } } else { throw new Exception("Directory Object Not Found."); } } } return; }
private static async Task PrintUsersGroupsAndRoles(User user) { Console.WriteLine("\n Signed in user {0} is a member of the following Group and Roles (IDs)", user.DisplayName); IUserFetcher signedInUserFetcher = user; try { IPagedCollection <IDirectoryObject> pagedCollection = await signedInUserFetcher.MemberOf.ExecuteAsync(); do { List <IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is Group) { Group group = directoryObject as Group; Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description); } if (directoryObject is DirectoryRole) { DirectoryRole role = directoryObject as DirectoryRole; Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description); } } pagedCollection = await pagedCollection.GetNextPageAsync(); } while (pagedCollection != null); } catch (Exception e) { /* Program.WriteError("\nError getting Signed in user's groups and roles memberships. {0}", * Program.ExtractErrorMessage(e));*/ } }
/// <summary> /// Converts an instance of <see cref="DirectoryRole" /> to an instance of <see cref="PSDirectoryRole" />. /// </summary> /// <param name="role">An instance of <see cref="DirectoryRole" /> that will serve as the base for the new instance of <see cref="PSDirectoryRole" />.</param> public static PSDirectoryRole ToPSDirectoryRole(DirectoryRole role) { if (role == null) { return(null); } return(new PSDirectoryRole(role)); }
/// <summary> /// Gets the signed-in user groups and roles. A more efficient implementation that gets both group and role membership in one call /// </summary> /// <param name="accessToken">The access token for MS Graph.</param> /// <returns> /// A list of UserGroupsAndDirectoryRoles /// </returns> public async Task <UserGroupsAndDirectoryRoles> GetCurrentUserGroupsAndRolesAsync(string accessToken) { UserGroupsAndDirectoryRoles userGroupsAndDirectoryRoles = new UserGroupsAndDirectoryRoles(); IUserMemberOfCollectionWithReferencesPage memberOfDirectoryRoles = null; try { PrepareAuthenticatedClient(accessToken); memberOfDirectoryRoles = await graphServiceClient.Me.MemberOf.Request().GetAsync(); if (memberOfDirectoryRoles != null) { do { foreach (var directoryObject in memberOfDirectoryRoles.CurrentPage) { if (directoryObject is Group) { Group group = directoryObject as Group; // Trace.WriteLine($"Got group: {group.Id}- '{group.DisplayName}'"); userGroupsAndDirectoryRoles.Groups.Add(group); } else if (directoryObject is DirectoryRole) { DirectoryRole role = directoryObject as DirectoryRole; // Trace.WriteLine($"Got DirectoryRole: {role.Id}- '{role.DisplayName}'"); userGroupsAndDirectoryRoles.DirectoryRoles.Add(role); } } if (memberOfDirectoryRoles.NextPageRequest != null) { userGroupsAndDirectoryRoles.HasOverageClaim = true; //check if this matches 150 per token limit memberOfDirectoryRoles = await memberOfDirectoryRoles.NextPageRequest.GetAsync(); } else { memberOfDirectoryRoles = null; } } while (memberOfDirectoryRoles != null); } return(userGroupsAndDirectoryRoles); } catch (ServiceException e) { Trace.Fail("We could not get user groups and roles: " + e.Error.Message); return(null); } }
public async Task <bool> HasRoles(User user, string roleNames, CancellationToken token) { string[] names = roleNames.Split(','); bool userHasRole = true; foreach (string name in names) { string roleName = name.Trim(); try { DirectoryRole role = await FindRoleByName(roleName, token); if (role == null) { DirectoryRoleTemplate drt = await FindRoleTemplateByName(roleName, token); if (drt == default(DirectoryRoleTemplate)) { Trace.WriteLine($"Could not find role template '{roleName}'"); return(false); } await EnableRole(drt.Id, token); role = await FindRoleByName(roleName, token); if (role == default(DirectoryRole)) { Trace.WriteLine($"Could not find role '{roleName}'"); return(false); } } DirectoryObject member = await GetRoleMember(role, user, token); userHasRole &= (member != default(DirectoryObject)); } catch (Exception ex) { Trace.WriteLine(ex, $"Could not add role(s) '{roleNames}' to PowerShell user {user.UserPrincipalName}"); return(false); } } return(userHasRole); }
/// <summary> /// Retrieve the role name id string /// </summary> /// <param name="graphServiceClient"></param> /// <param name="roleName"></param> /// <param name="directoryRole"></param> /// <param name="directoryRoleTemplate"></param> /// <returns></returns> public async static Task <string> GetRoleByName(GraphServiceClient graphServiceClient, string roleName, IGraphServiceDirectoryRolesCollectionPage directoryRole, IGraphServiceDirectoryRoleTemplatesCollectionPage directoryRoleTemplate) { roleName = roleName.ToLower(); try { foreach (var role in directoryRole) { var directoryRoleName = role.DisplayName.ToLower(); if (directoryRoleName.Contains(roleName)) { return(role.Id); } } foreach (var roleTemplate in directoryRoleTemplate) { var directoryRoleTemplateName = roleTemplate.DisplayName.ToLower(); if (directoryRoleTemplateName.Contains(roleName)) { var directoryRoleCreate = new DirectoryRole() { DisplayName = roleTemplate.DisplayName, RoleTemplateId = roleTemplate.Id, }; DirectoryRole newRole = await graphServiceClient.DirectoryRoles.Request().AddAsync(directoryRoleCreate); if (newRole == null) { string errorMsg = "New role null. "; await ErrorHandling.ErrorEvent(errorMsg, "N/A"); } return(newRole.Id); } } } catch (ArgumentException ex) { string errorMsg = "Get role by name method failure."; string exMsg = ex.Message; await ErrorHandling.ErrorEvent(errorMsg, exMsg); } return(null); }
public async Task <DirectoryObject> GetRoleMember(DirectoryRole role, User user, CancellationToken token) { IDirectoryObjectWithReferenceRequestBuilder rb = client.DirectoryRoles[role.Id].Members[user.Id]; try { return(await rb.Request().GetAsync(token)); } catch (ServiceException se) { Trace.WriteLine(se.ToString()); } catch (Exception ex) { Trace.WriteLine(ex.ToString()); } return(default(DirectoryObject)); }
/// <summary> /// Add new entity to directoryRoles /// <param name="body"></param> /// <param name="requestConfiguration">Configuration for the request such as headers, query parameters, and middleware options.</param> /// </summary> public RequestInformation CreatePostRequestInformation(DirectoryRole body, Action <DirectoryRolesRequestBuilderPostRequestConfiguration> requestConfiguration = default) { _ = body ?? throw new ArgumentNullException(nameof(body)); var requestInfo = new RequestInformation { HttpMethod = Method.POST, UrlTemplate = UrlTemplate, PathParameters = PathParameters, }; requestInfo.SetContentFromParsable(RequestAdapter, "application/json", body); if (requestConfiguration != null) { var requestConfig = new DirectoryRolesRequestBuilderPostRequestConfiguration(); requestConfiguration.Invoke(requestConfig); requestInfo.AddRequestOptions(requestConfig.Options); requestInfo.AddHeaders(requestConfig.Headers); } return(requestInfo); }
/// <summary> /// Gets the current user directory roles. /// </summary> /// <param name="accessToken">The access token for MS Graph.</param> /// <returns> /// A list of directory roles /// </returns> public async Task <IList <DirectoryRole> > GetCurrentUserDirectoryRolesAsync(string accessToken) { IUserMemberOfCollectionWithReferencesPage memberOfDirectoryRoles = null; IList <DirectoryRole> DirectoryRoles = new List <DirectoryRole>(); try { PrepareAuthenticatedClient(accessToken); memberOfDirectoryRoles = await graphServiceClient.Me.MemberOf.Request().GetAsync(); if (memberOfDirectoryRoles != null) { do { foreach (var directoryObject in memberOfDirectoryRoles.CurrentPage) { if (directoryObject is DirectoryRole) { DirectoryRole DirectoryRole = directoryObject as DirectoryRole; // Trace.WriteLine("Got DirectoryRole: " + DirectoryRole.Id); DirectoryRoles.Add(DirectoryRole as DirectoryRole); } } if (memberOfDirectoryRoles.NextPageRequest != null) { memberOfDirectoryRoles = await memberOfDirectoryRoles.NextPageRequest.GetAsync(); } else { memberOfDirectoryRoles = null; } } while (memberOfDirectoryRoles != null); } return(DirectoryRoles); } catch (ServiceException e) { Trace.Fail("We could not get user DirectoryRoles: " + e.Error.Message); return(null); } }
public IEnumerable <List <DirectoryObject> > GetRoleMembers(DirectoryRole group, CancellationToken token) { IDirectoryRoleMembersCollectionWithReferencesPage page = null; try { page = client.DirectoryRoles[group.Id].Members.Request().GetAsync(token).Result; } catch (Exception ex) { HandleException(ex, null, messageOnlyExceptions, $"Get group members for group: {group.DisplayName}"); } while (page != null) { yield return(page.ToList()); if (page.NextPageRequest == null) { break; } page = page.NextPageRequest.GetAsync(token).Result; } }
private async Task <List <GraphResultItem> > GetGroupMemberOfAsync() { try { // Call to Graph API to get the current user group information. var graphRequest = await GraphClient.Me.MemberOf.Request().GetAsync(); var graphResultsItems = new List <GraphResultItem>(); if (graphRequest?.Count == 0) { return(graphResultsItems); } // Iterate graph call to get all var directoryObjects = new List <DirectoryObject>(); directoryObjects.AddRange(graphRequest); while (graphRequest.NextPageRequest != null) { graphRequest = await graphRequest.NextPageRequest.GetAsync(); directoryObjects.AddRange(graphRequest); } foreach (var directoryObject in directoryObjects) { // If groups if (directoryObject is Group) { Group group = directoryObject as Group; graphResultsItems.Add(new GraphResultItem { DisplayName = group.DisplayName, Id = group.Id }); } // If directory role object if (directoryObject is DirectoryRole) { DirectoryRole directoryRole = directoryObject as DirectoryRole; graphResultsItems.Add(new GraphResultItem { DisplayName = directoryRole.DisplayName, Id = directoryRole.Id }); } } return(graphResultsItems); } catch (ServiceException ex) { switch (ex.Error.Code) { case "Request_ResourceNotFound": case "ResourceNotFound": case "ErrorItemNotFound": case "itemNotFound": throw; case "TokenNotFound": //await HttpContext.ChallengeAsync(); throw; default: throw; } } }
/// <summary> /// Initializes a new instance of the <see cref="PSDirectoryRole" /> class. /// </summary> /// <param name="role">The base role for this instance.</param> public PSDirectoryRole(DirectoryRole role) { this.CopyFrom(role); }
private static void Main() { // record start DateTime of execution string currentDateTime = DateTime.Now.ToUniversalTime().ToString(); #region Setup Active Directory Client //********************************************************************* // setup Active Directory Client //********************************************************************* ActiveDirectoryClient activeDirectoryClient; try { activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication(); } catch (AuthenticationException ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message); if (ex.InnerException != null) { //You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx //InnerException Message will contain the HTTP error status codes mentioned in the link above Console.WriteLine("Error detail: {0}", ex.InnerException.Message); } Console.ResetColor(); Console.ReadKey(); return; } #endregion #region TenantDetails //********************************************************************* // Get Tenant Details // Note: update the string TenantId with your TenantId. // This can be retrieved from the login Federation Metadata end point: // https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml // Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization // The returned value from the first xml node "EntityDescriptor", will have a STS URL // containing your TenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com //********************************************************************* VerifiedDomain initialDomain = new VerifiedDomain(); VerifiedDomain defaultDomain = new VerifiedDomain(); ITenantDetail tenant = null; Console.WriteLine("\n Retrieving Tenant Details"); try { List <ITenantDetail> tenantsList = activeDirectoryClient.TenantDetails .Where(tenantDetail => tenantDetail.ObjectId.Equals(Constants.TenantId)) .ExecuteAsync().Result.CurrentPage.ToList(); if (tenantsList.Count > 0) { tenant = tenantsList.First(); } } catch (Exception e) { Console.WriteLine("\nError getting TenantDetails {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (tenant == null) { Console.WriteLine("Tenant not found"); } else { TenantDetail tenantDetail = (TenantDetail)tenant; Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName); // Get the Tenant's Verified Domains initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value); Console.WriteLine("Initial Domain Name: " + initialDomain.Name); defaultDomain = tenantDetail.VerifiedDomains.First(x => [email protected] && [email protected]); Console.WriteLine("Default Domain Name: " + defaultDomain.Name); // Get Tenant's Tech Contacts foreach (string techContact in tenantDetail.TechnicalNotificationMails) { Console.WriteLine("Tenant Tech Contact: " + techContact); } } #endregion #region Create a new User IUser newUser = new User(); if (defaultDomain.Name != null) { newUser.DisplayName = "demo1"; newUser.UserPrincipalName = "xuhua00101" + "@" + defaultDomain.Name; newUser.AccountEnabled = true; newUser.MailNickname = "SampleAppDemoUserManager"; newUser.PasswordPolicies = "DisablePasswordExpiration"; newUser.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; newUser.UsageLocation = "US"; try { //activeDirectoryClient.Users.AddUserAsync(newUser).Wait(); Console.WriteLine("\nNew User {0} was created", newUser.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion // IApplication APPl = new Application(); //// APPl.AppId = "12345678"; // // APPl.AppRoles = // APPl.AvailableToOtherTenants = false; // APPl.DisplayName = "vik00de"; //// APPl.IdentifierUris // APPl.Homepage = "https://ww.baidu.com"; // // APPl.IdentifierUris = "https://ww.baidu.com1"; // APPl.LogoutUrl = "https://ww.baidu.com"; // APPl.ErrorUrl = "https://ww.baidu.com1/1"; //// IList<string> ls = APPl.IdentifierUris; //APPl.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid()); Application newApp = new Application { DisplayName = "wode" + Helper.GetRandomString(8) }; newApp.IdentifierUris.Add("https://localhost/demo1/" + Guid.NewGuid()); newApp.ReplyUrls.Add("https://localhost/demo1"); newApp.PublicClient = null; AppRole appRole = new AppRole() { Id = Guid.NewGuid(), IsEnabled = true, DisplayName = "Something", Description = "Anything", Value = "policy.write" }; appRole.AllowedMemberTypes.Add("User"); newApp.AppRoles.Add(appRole); //AzureADServicePrincipal //PasswordCredential password = new PasswordCredential //{ // StartDate = DateTime.UtcNow, // EndDate = DateTime.UtcNow.AddYears(1), // Value = "password", // KeyId = Guid.NewGuid() //}; //newApp.PasswordCredentials.Add(password); try { activeDirectoryClient.Applications.AddApplicationAsync(newApp).Wait(); Console.WriteLine("New Application created: " + newApp.DisplayName); } catch (Exception e) { string a = e.Message.ToString(); // Program.WriteError("\nError ceating Application: {0}", Program.ExtractErrorMessage(e)); } ServicePrincipal s = new ServicePrincipal(); s.Tags.Add("WindowsAzureActiveDirectoryIntegratedApp"); s.AppId = newApp.AppId; try { activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(s).Wait(); } catch (Exception e) { string a = e.Message.ToString(); } //try //{ // activeDirectoryClient.Applications.AddApplicationAsync(appObject).Wait(); //} //catch (Exception e) { // string mess = e.Message.ToString(); // string a = ""; //} #region Create a User with a temp Password //********************************************************************************************* // Create a new User with a temp Password //********************************************************************************************* IUser userToBeAdded = new User(); userToBeAdded.DisplayName = "Sample App Demo User"; userToBeAdded.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name; userToBeAdded.AccountEnabled = true; userToBeAdded.MailNickname = "SampleAppDemoUser"; userToBeAdded.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; userToBeAdded.UsageLocation = "US"; try { activeDirectoryClient.Users.AddUserAsync(userToBeAdded).Wait(); Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } // activeDirectoryClient.Applications.AddApplicationAsync(iApp); #endregion #region Create a new Group //********************************************************************************************* // Create a new Group //********************************************************************************************* Group californiaEmployees = new Group { DisplayName = "California Employees" + Helper.GetRandomString(8), Description = "Employees in the state of California", MailNickname = "CalEmployees", MailEnabled = false, SecurityEnabled = true }; try { activeDirectoryClient.Groups.AddGroupAsync(californiaEmployees).Wait(); Console.WriteLine("\nNew Group {0} was created", californiaEmployees.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new Group {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Search for Group using StartWith filter //********************************************************************* // Search for a group using a startsWith filter (displayName property) //********************************************************************* Group retrievedGroup = new Group(); string searchString = "California Employees"; List <IGroup> foundGroups = null; try { foundGroups = activeDirectoryClient.Groups .Where(group => group.DisplayName.StartsWith(searchString)) .ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting Group {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (foundGroups != null && foundGroups.Count > 0) { retrievedGroup = foundGroups.First() as Group; } else { Console.WriteLine("Group Not Found"); } #endregion #region Assign Member to Group if (retrievedGroup.ObjectId != null) { try { retrievedGroup.Members.Add(newUser as DirectoryObject); retrievedGroup.UpdateAsync().Wait(); } catch (Exception e) { Console.WriteLine("\nError assigning member to group. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Add User to Group //********************************************************************************************* // Add User to the "WA" Group //********************************************************************************************* if (retrievedGroup.ObjectId != null) { try { retrievedGroup.Members.Add(userToBeAdded as DirectoryObject); retrievedGroup.UpdateAsync().Wait(); } catch (Exception e) { Console.WriteLine("\nAdding user to group failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get Group members if (retrievedGroup.ObjectId != null) { Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description); //********************************************************************* // get the groups' membership - // Note this method retrieves ALL links in one request - please use this method with care - this // may return a very large number of objects //********************************************************************* IGroupFetcher retrievedGroupFetcher = retrievedGroup; try { IPagedCollection <IDirectoryObject> members = retrievedGroupFetcher.Members.ExecuteAsync().Result; Console.WriteLine(" Members:"); do { List <IDirectoryObject> directoryObjects = members.CurrentPage.ToList(); foreach (IDirectoryObject member in directoryObjects) { if (member is User) { User user = member as User; Console.WriteLine("User DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName); } if (member is Group) { Group group = member as Group; Console.WriteLine("Group DisplayName: {0}", group.DisplayName); } if (member is Contact) { Contact contact = member as Contact; Console.WriteLine("Contact DisplayName: {0}", contact.DisplayName); } } members = members.GetNextPageAsync().Result; } while (members != null); } catch (Exception e) { Console.WriteLine("\nError getting groups' membership. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion //********************************************************************************************* // End of Demo Console App //********************************************************************************************* Console.WriteLine("\nCompleted at {0} \n Press Any Key to Exit.", currentDateTime); // Console.ReadKey(); Console.WriteLine(); #region Search User by UPN // search for a single user by UPN searchString = "" + "@" + initialDomain.Name; Console.WriteLine("\n Retrieving user with UPN {0}", searchString); User retrievedUser = new User(); List <IUser> retrievedUsers = null; try { retrievedUsers = activeDirectoryClient.Users .Where(user => user.UserPrincipalName.Equals(searchString)) .ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } // should only find one user with the specified UPN if (retrievedUsers != null && retrievedUsers.Count == 1) { retrievedUser = (User)retrievedUsers.First(); } else { Console.WriteLine("User not found {0}", searchString); } #endregion Console.WriteLine("\n {0} is a member of the following Group and Roles (IDs)", retrievedUser.DisplayName); IUserFetcher retrievedUserFetcher = retrievedUser; try { IPagedCollection <IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result; do { List <IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is Group) { Group group = directoryObject as Group; Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description); } if (directoryObject is DirectoryRole) { DirectoryRole role = directoryObject as DirectoryRole; Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description); } } pagedCollection = pagedCollection.GetNextPageAsync().Result; } while (pagedCollection != null); } catch (Exception e) { Console.WriteLine("\nError getting user's groups and roles memberships. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } Console.WriteLine("Press any key to continue...."); Console.ReadKey(); }
/// <summary> /// Configures application authentication. /// </summary> /// <param name="app">The application to configure.</param> public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions { }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = ApplicationConfiguration.ActiveDirectoryClientID, Authority = ApplicationConfiguration.ActiveDirectoryEndPoint + "common", TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = (context) => { context.ProtocolMessage.Parameters.Add("lc", Resources.Culture.LCID.ToString()); return(Task.FromResult(0)); }, AuthorizationCodeReceived = async(context) => { string userTenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string signedInUserObjectId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; // login to the user AD tenant ClientCredential webPortalcredentials = new ClientCredential(ApplicationConfiguration.ActiveDirectoryClientID, ApplicationConfiguration.ActiveDirectoryClientSecret); AuthenticationContext userAuthContext = new AuthenticationContext(ApplicationConfiguration.ActiveDirectoryEndPoint + userTenantId); AuthenticationResult userAuthResult = userAuthContext.AcquireTokenByAuthorizationCodeAsync( context.Code, new Uri( HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), webPortalcredentials, ApplicationConfiguration.ActiveDirectoryGraphEndPoint).Result; // acquire a graph token to manage the user tenant Uri serviceRoot = new Uri(new Uri(ApplicationConfiguration.ActiveDirectoryGraphEndPoint), userTenantId); ActiveDirectoryClient userAdClient = new ActiveDirectoryClient(serviceRoot, async() => await Task.FromResult(userAuthResult.AccessToken)); // add the user roles to the claims var userMemberships = userAdClient.Users.GetByObjectId(signedInUserObjectId).MemberOf.ExecuteAsync().Result; foreach (var membership in userMemberships.CurrentPage) { DirectoryRole role = membership as DirectoryRole; if (role != null) { context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, role.DisplayName)); } } if (userTenantId != ApplicationConfiguration.ActiveDirectoryTenantId) { string partnerCenterCustomerId = string.Empty; // Check to see if this login came from the tenant of a customer of the partner var customerDetails = await ApplicationDomain.Instance.PartnerCenterClient.Customers.ById(userTenantId).GetAsync(); // indeed a customer partnerCenterCustomerId = customerDetails.Id; if (!string.IsNullOrWhiteSpace(partnerCenterCustomerId)) { // add the customer ID to the claims context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("PartnerCenterCustomerID", partnerCenterCustomerId)); // fire off call to retrieve this customer's subscriptions and populate the CustomerSubscriptions Repository. } } else { if (context.AuthenticationTicket.Identity.FindFirst(System.Security.Claims.ClaimTypes.Role).Value != Startup.GlobalAdminUserRole) { // this login came from the partner's tenant, only allow admins to access the site, non admins will only // see the unauthenticated experience but they can't configure the portal nor can purchase Trace.TraceInformation("Blocked log in from non admin partner user: {0}", signedInUserObjectId); throw new AuthorizationException(System.Net.HttpStatusCode.Unauthorized, Resources.NonAdminUnauthorizedMessage); } } }, AuthenticationFailed = (context) => { // redirect to the error page context.OwinContext.Response.Redirect("/Home/Error?errorMessage=" + context.Exception.Message); context.HandleResponse(); return(Task.FromResult(0)); } } }); }
private static void Main() { // record start DateTime of execution string currentDateTime = DateTime.Now.ToUniversalTime().ToString(); #region Setup Active Directory Client //********************************************************************* // setup Active Directory Client //********************************************************************* ActiveDirectoryClient activeDirectoryClient; try { activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication(); } catch (AuthenticationException ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message); if (ex.InnerException != null) { //You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx //InnerException Message will contain the HTTP error status codes mentioned in the link above Console.WriteLine("Error detail: {0}", ex.InnerException.Message); } Console.ResetColor(); Console.ReadKey(); return; } #endregion #region TenantDetails //********************************************************************* // Get Tenant Details // Note: update the string TenantId with your TenantId. // This can be retrieved from the login Federation Metadata end point: // https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml // Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization // The returned value from the first xml node "EntityDescriptor", will have a STS URL // containing your TenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com //********************************************************************* VerifiedDomain initialDomain = new VerifiedDomain(); VerifiedDomain defaultDomain = new VerifiedDomain(); ITenantDetail tenant = null; Console.WriteLine("\n Retrieving Tenant Details"); try { List <ITenantDetail> tenantsList = activeDirectoryClient.TenantDetails .Where(tenantDetail => tenantDetail.ObjectId.Equals(Constants.TenantId)) .ExecuteAsync().Result.CurrentPage.ToList(); if (tenantsList.Count > 0) { tenant = tenantsList.First(); } } catch (Exception e) { Console.WriteLine("\nError getting TenantDetails {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (tenant == null) { Console.WriteLine("Tenant not found"); } else { TenantDetail tenantDetail = (TenantDetail)tenant; Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName); // Get the Tenant's Verified Domains initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value); Console.WriteLine("Initial Domain Name: " + initialDomain.Name); defaultDomain = tenantDetail.VerifiedDomains.First(x => [email protected] && [email protected]); Console.WriteLine("Default Domain Name: " + defaultDomain.Name); // Get Tenant's Tech Contacts foreach (string techContact in tenantDetail.TechnicalNotificationMails) { Console.WriteLine("Tenant Tech Contact: " + techContact); } } #endregion #region Create a new User IUser newUser = new User(); if (defaultDomain.Name != null) { newUser.DisplayName = "Sample App Demo User (Manager)"; newUser.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name; newUser.AccountEnabled = true; newUser.MailNickname = "SampleAppDemoUserManager"; newUser.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; newUser.UsageLocation = "US"; try { activeDirectoryClient.Users.AddUserAsync(newUser).Wait(); Console.WriteLine("\nNew User {0} was created", newUser.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region List of max 4 Users by UPN //********************************************************************* // Demonstrate Getting a list of Users with paging (get 4 users), sorted by displayName //********************************************************************* int maxUsers = 4; try { Console.WriteLine("\n Retrieving Users"); List <IUser> users = activeDirectoryClient.Users.OrderBy(user => user.UserPrincipalName).Take(maxUsers).ExecuteAsync().Result.CurrentPage.ToList(); foreach (IUser user in users) { Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName); } } catch (Exception e) { Console.WriteLine("\nError getting Users. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Create a User with a temp Password //********************************************************************************************* // Create a new User with a temp Password //********************************************************************************************* IUser userToBeAdded = new User(); userToBeAdded.DisplayName = "Sample App Demo User"; userToBeAdded.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name; userToBeAdded.AccountEnabled = true; userToBeAdded.MailNickname = "SampleAppDemoUser"; userToBeAdded.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; userToBeAdded.UsageLocation = "US"; try { activeDirectoryClient.Users.AddUserAsync(userToBeAdded).Wait(); Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Update newly created User //******************************************************************************************* // update the newly created user's Password, PasswordPolicies and City //********************************************************************************************* if (userToBeAdded.ObjectId != null) { // update User's city and reset their User's Password userToBeAdded.City = "Seattle"; userToBeAdded.Country = "UK"; PasswordProfile PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = false }; userToBeAdded.PasswordProfile = PasswordProfile; userToBeAdded.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword"; try { userToBeAdded.UpdateAsync().Wait(); Console.WriteLine("\nUser {0} was updated", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("\nError Updating the user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Search User by UPN // search for a single user by UPN string searchString = "admin@" + initialDomain.Name; Console.WriteLine("\n Retrieving user with UPN {0}", searchString); User retrievedUser = new User(); List <IUser> retrievedUsers = null; try { retrievedUsers = activeDirectoryClient.Users .Where(user => user.UserPrincipalName.Equals(searchString)) .ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } // should only find one user with the specified UPN if (retrievedUsers != null && retrievedUsers.Count == 1) { retrievedUser = (User)retrievedUsers.First(); } else { Console.WriteLine("User not found {0}", searchString); } #endregion #region User Operations if (retrievedUser.UserPrincipalName != null) { Console.WriteLine("\n Found User: "******" UPN: " + retrievedUser.UserPrincipalName); #region Assign User a Manager //Assigning User a new manager. if (newUser.ObjectId != null) { Console.WriteLine("\n Assign User {0}, {1} as Manager.", retrievedUser.DisplayName, newUser.DisplayName); retrievedUser.Manager = newUser as DirectoryObject; try { newUser.UpdateAsync().Wait(); Console.Write("User {0} is successfully assigned {1} as Manager.", retrievedUser.DisplayName, newUser.DisplayName); } catch (Exception e) { Console.WriteLine("\nError assigning manager to user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get User's Manager //Get the retrieved user's manager. Console.WriteLine("\n Retrieving User {0}'s Manager.", retrievedUser.DisplayName); DirectoryObject usersManager = retrievedUser.Manager; if (usersManager != null) { User manager = usersManager as User; if (manager != null) { Console.WriteLine("User {0} Manager details: \nManager: {1} UPN: {2}", retrievedUser.DisplayName, manager.DisplayName, manager.UserPrincipalName); } } else { Console.WriteLine("Manager not found."); } #endregion #region Get User's Direct Reports //********************************************************************* // get the user's Direct Reports //********************************************************************* if (newUser.ObjectId != null) { Console.WriteLine("\n Getting User{0}'s Direct Reports.", newUser.DisplayName); IUserFetcher newUserFetcher = (IUserFetcher)newUser; try { IPagedCollection <IDirectoryObject> directReports = newUserFetcher.DirectReports.ExecuteAsync().Result; do { List <IDirectoryObject> directoryObjects = directReports.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is User) { User directReport = directoryObject as User; Console.WriteLine("User {0} Direct Report is {1}", newUser.UserPrincipalName, directReport.UserPrincipalName); } } directReports = directReports.GetNextPageAsync().Result; } while (directReports != null && directReports.MorePagesAvailable); } catch (Exception e) { Console.WriteLine("\nError getting direct reports of user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get list of Group IDS, user is member of //********************************************************************* // get a list of Group IDs that the user is a member of //********************************************************************* //const bool securityEnabledOnly = false; //IEnumerable<string> memberGroups = retrievedUser.GetMemberGroupsAsync(securityEnabledOnly).Result; //Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName); //foreach (String memberGroup in memberGroups) //{ // Console.WriteLine("Member of Group ID: " + memberGroup); //} #endregion #region Get User's Group And Role Membership, Getting the complete set of objects //********************************************************************* // get the User's Group and Role membership, getting the complete set of objects //********************************************************************* Console.WriteLine("\n {0} is a member of the following Group and Roles (IDs)", retrievedUser.DisplayName); IUserFetcher retrievedUserFetcher = retrievedUser; try { IPagedCollection <IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result; do { List <IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is Group) { Group group = directoryObject as Group; Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description); } if (directoryObject is DirectoryRole) { DirectoryRole role = directoryObject as DirectoryRole; Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description); } } pagedCollection = pagedCollection.GetNextPageAsync().Result; } while (pagedCollection != null && pagedCollection.MorePagesAvailable); } catch (Exception e) { Console.WriteLine("\nError getting user's groups and roles memberships. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion } #endregion #region Search for User (People Picker) //********************************************************************* // People picker // Search for a user using text string "Us" match against userPrincipalName, displayName, giveName, surname //********************************************************************* searchString = "Us"; Console.WriteLine("\nSearching for any user with string {0} in UPN,DisplayName,First or Last Name", searchString); List <IUser> usersList = null; IPagedCollection <IUser> searchResults = null; try { IUserCollection userCollection = activeDirectoryClient.Users; searchResults = userCollection.Where(user => user.UserPrincipalName.StartsWith(searchString) || user.DisplayName.StartsWith(searchString) || user.GivenName.StartsWith(searchString) || user.Surname.StartsWith(searchString)).ExecuteAsync().Result; usersList = searchResults.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting User {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (usersList != null && usersList.Count > 0) { do { usersList = searchResults.CurrentPage.ToList(); foreach (IUser user in usersList) { Console.WriteLine("User DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName); } searchResults = searchResults.GetNextPageAsync().Result; } while (searchResults != null && searchResults.MorePagesAvailable); } else { Console.WriteLine("User not found"); } #endregion #region Search for Group using StartWith filter //********************************************************************* // Search for a group using a startsWith filter (displayName property) //********************************************************************* Group retrievedGroup = new Group(); searchString = "US"; List <IGroup> foundGroups = null; try { foundGroups = activeDirectoryClient.Groups .Where(group => group.DisplayName.StartsWith(searchString)) .ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting Group {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (foundGroups != null && foundGroups.Count > 0) { retrievedGroup = foundGroups.First() as Group; } else { Console.WriteLine("Group Not Found"); } #endregion #region Assign Member to Group if (retrievedGroup.ObjectId != null) { try { activeDirectoryClient.Context.AddLink(retrievedGroup, "members", newUser); activeDirectoryClient.Context.SaveChanges(); } catch (Exception e) { Console.WriteLine("\nError assigning member to group. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get Group members if (retrievedGroup.ObjectId != null) { Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description); //********************************************************************* // get the groups' membership - // Note this method retrieves ALL links in one request - please use this method with care - this // may return a very large number of objects //********************************************************************* IGroupFetcher retrievedGroupFetcher = retrievedGroup; try { IPagedCollection <IDirectoryObject> members = retrievedGroupFetcher.Members.ExecuteAsync().Result; Console.WriteLine(" Members:"); do { List <IDirectoryObject> directoryObjects = members.CurrentPage.ToList(); foreach (IDirectoryObject member in directoryObjects) { if (member is User) { User user = member as User; Console.WriteLine("User DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName); } if (member is Group) { Group group = member as Group; Console.WriteLine("Group DisplayName: {0}", group.DisplayName); } if (member is Contact) { Contact contact = member as Contact; Console.WriteLine("Contact DisplayName: {0}", contact.DisplayName); } } } while (members != null && members.MorePagesAvailable); } catch (Exception e) { Console.WriteLine("\nError getting groups' membership. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Add User to Group //********************************************************************************************* // Add User to the "WA" Group //********************************************************************************************* if (retrievedGroup.ObjectId != null) { try { activeDirectoryClient.Context.AddLink(retrievedGroup, "members", userToBeAdded); activeDirectoryClient.Context.SaveChangesAsync().Wait(); } catch (Exception e) { Console.WriteLine("\nAdding user to group failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Create a new Group //********************************************************************************************* // Create a new Group //********************************************************************************************* Group californiaEmployees = new Group { DisplayName = "California Employees" + Helper.GetRandomString(8), Description = "Employees in the state of California", MailNickname = "CalEmployees", MailEnabled = false, SecurityEnabled = true }; try { activeDirectoryClient.Groups.AddGroupAsync(californiaEmployees).Wait(); Console.WriteLine("\nNew Group {0} was created", californiaEmployees.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new Group {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Delete User //********************************************************************************************* // Delete the user that we just created //********************************************************************************************* if (userToBeAdded.ObjectId != null) { try { userToBeAdded.DeleteAsync().Wait(); Console.WriteLine("\nUser {0} was deleted", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("Deleting User failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } if (newUser.ObjectId != null) { try { newUser.DeleteAsync().Wait(); Console.WriteLine("\nUser {0} was deleted", newUser.DisplayName); } catch (Exception e) { Console.WriteLine("Deleting User failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Delete Group //********************************************************************************************* // Delete the Group that we just created //********************************************************************************************* if (californiaEmployees.ObjectId != null) { try { californiaEmployees.DeleteAsync().Wait(); Console.WriteLine("\nGroup {0} was deleted", californiaEmployees.DisplayName); } catch (Exception e) { Console.WriteLine("Deleting Group failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get All Roles //********************************************************************* // Get All Roles //********************************************************************* List <IDirectoryRole> foundRoles = null; try { foundRoles = activeDirectoryClient.DirectoryRoles.ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting Roles {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (foundRoles != null && foundRoles.Count > 0) { foreach (IDirectoryRole role in foundRoles) { Console.WriteLine("\n Found Role: {0} {1} {2} ", role.DisplayName, role.Description, role.ObjectId); } } else { Console.WriteLine("Role Not Found {0}", searchString); } #endregion #region Get Service Principals //********************************************************************* // get the Service Principals //********************************************************************* IPagedCollection <IServicePrincipal> servicePrincipals = null; try { servicePrincipals = activeDirectoryClient.ServicePrincipals.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("\nError getting Service Principal {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (servicePrincipals != null) { do { List <IServicePrincipal> servicePrincipalsList = servicePrincipals.CurrentPage.ToList(); foreach (IServicePrincipal servicePrincipal in servicePrincipalsList) { Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId, servicePrincipal.DisplayName); } servicePrincipals = servicePrincipals.GetNextPageAsync().Result; } while (servicePrincipals != null && servicePrincipals.MorePagesAvailable); } #endregion #region Get Applications //********************************************************************* // get the Application objects //********************************************************************* IPagedCollection <IApplication> applications = null; try { applications = activeDirectoryClient.Applications.Take(999).ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("\nError getting Applications {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (applications != null) { do { List <IApplication> appsList = applications.CurrentPage.ToList(); foreach (IApplication app in appsList) { Console.WriteLine("Application AppId: {0} Name: {1}", app.AppId, app.DisplayName); } applications = applications.GetNextPageAsync().Result; } while (applications != null && applications.MorePagesAvailable); } #endregion #region User License Assignment //********************************************************************************************* // User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service // first get a list of Tenant's subscriptions and find the "Enterprisepack" one // Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline // validate that Subscription is Enabled and there are enough units left to assign to users //********************************************************************************************* IPagedCollection <ISubscribedSku> skus = null; try { skus = activeDirectoryClient.SubscribedSkus.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("\nError getting Applications {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (skus != null) { do { List <ISubscribedSku> subscribedSkus = skus.CurrentPage.ToList(); foreach (ISubscribedSku sku in subscribedSkus) { if (sku.SkuPartNumber == "ENTERPRISEPACK") { if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) && (sku.CapabilityStatus == "Enabled")) { // create addLicense object and assign the Enterprise Sku GUID to the skuId // AssignedLicense addLicense = new AssignedLicense { SkuId = sku.SkuId.Value }; // find plan id of SharePoint Service Plan foreach (ServicePlanInfo servicePlan in sku.ServicePlans) { if (servicePlan.ServicePlanName.Contains("SHAREPOINT")) { addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value); break; } } IList <AssignedLicense> licensesToAdd = new[] { addLicense }; IList <Guid> licensesToRemove = new Guid[] {}; // attempt to assign the license object to the new user try { if (newUser.ObjectId != null) { newUser.AssignLicenseAsync(licensesToAdd, licensesToRemove).Wait(); Console.WriteLine("\n User {0} was assigned license {1}", newUser.DisplayName, addLicense.SkuId); } } catch (Exception e) { Console.WriteLine("\nLicense assingment failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } } } skus = skus.GetNextPageAsync().Result; } while (skus != null && skus.MorePagesAvailable); } #endregion #region Switch to OAuth Authorization Code Grant (Acting as a user) activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsUser(); #endregion #region Create Application //********************************************************************************************* // Create a new Application object with App Role Assignment (Direct permission) //********************************************************************************************* Application appObject = new Application { DisplayName = "Test-Demo App" + Helper.GetRandomString(8) }; appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid()); appObject.ReplyUrls.Add("https://localhost/demo"); AppRole appRole = new AppRole(); appRole.Id = Guid.NewGuid(); appRole.IsEnabled = true; appRole.AllowedMemberTypes.Add("User"); appRole.DisplayName = "Something"; appRole.Description = "Anything"; appRole.Value = "policy.write"; appObject.AppRoles.Add(appRole); // created Keycredential object for the new App object KeyCredential keyCredential = new KeyCredential { StartDate = DateTime.UtcNow, EndDate = DateTime.UtcNow.AddYears(1), Type = "Symmetric", Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4="), Usage = "Verify" }; appObject.KeyCredentials.Add(keyCredential); try { activeDirectoryClient.Applications.AddApplicationAsync(appObject).Wait(); Console.WriteLine("New Application created: " + appObject.ObjectId); } catch (Exception e) { Console.WriteLine("Application Creation execption: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Create Service Principal //********************************************************************************************* // create a new Service principal //********************************************************************************************* ServicePrincipal newServicePrincpal = new ServicePrincipal(); if (appObject != null) { newServicePrincpal.DisplayName = appObject.DisplayName; newServicePrincpal.AccountEnabled = true; newServicePrincpal.AppId = appObject.AppId; try { activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(newServicePrincpal).Wait(); Console.WriteLine("New Service Principal created: " + newServicePrincpal.ObjectId); } catch (Exception e) { Console.WriteLine("Service Principal Creation execption: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Assign Direct Permission try { User user = (User)activeDirectoryClient.Users.ExecuteAsync().Result.CurrentPage.ToList().FirstOrDefault(); if (appObject.ObjectId != null && user != null && newServicePrincpal.ObjectId != null) { AppRoleAssignment appRoleAssignment = new AppRoleAssignment(); appRoleAssignment.Id = appRole.Id; appRoleAssignment.ResourceId = Guid.Parse(newServicePrincpal.ObjectId); appRoleAssignment.PrincipalType = "User"; appRoleAssignment.PrincipalId = Guid.Parse(user.ObjectId); user.AppRoleAssignments.Add(appRoleAssignment); user.UpdateAsync().Wait(); Console.WriteLine("User {0} is successfully assigned direct permission.", retrievedUser.DisplayName); } } catch (Exception e) { Console.WriteLine("Direct Permission Assignment failed: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Get Devices //********************************************************************************************* // Get a list of Mobile Devices from tenant //********************************************************************************************* Console.WriteLine("\nGetting Devices"); IPagedCollection <IDevice> devices = null; try { devices = activeDirectoryClient.Devices.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("/nError getting devices {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (devices != null) { do { List <IDevice> devicesList = devices.CurrentPage.ToList(); foreach (IDevice device in devicesList) { if (device.ObjectId != null) { Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType); IPagedCollection <IDirectoryObject> registeredOwners = device.RegisteredOwners; if (registeredOwners != null) { do { List <IDirectoryObject> registeredOwnersList = registeredOwners.CurrentPage.ToList(); foreach (IDirectoryObject owner in registeredOwnersList) { Console.WriteLine("Device Owner ID: " + owner.ObjectId); } registeredOwners = registeredOwners.GetNextPageAsync().Result; } while (registeredOwners != null && registeredOwners.MorePagesAvailable); } } } devices = devices.GetNextPageAsync().Result; } while (devices != null && devices.MorePagesAvailable); } #endregion #region Create New Permission //********************************************************************************************* // Create new permission object //********************************************************************************************* OAuth2PermissionGrant permissionObject = new OAuth2PermissionGrant(); permissionObject.ConsentType = "AllPrincipals"; permissionObject.Scope = "user_impersonation"; permissionObject.StartTime = DateTime.Now; permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12); // resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API) permissionObject.ResourceId = "52620afb-80de-4096-a826-95f4ad481686"; //ClientId = objectId of servicePrincipal permissionObject.ClientId = newServicePrincpal.ObjectId; try { activeDirectoryClient.Oauth2PermissionGrants.AddOAuth2PermissionGrantAsync(permissionObject).Wait(); Console.WriteLine("New Permission object created: " + permissionObject.ObjectId); } catch (Exception e) { Console.WriteLine("Permission Creation exception: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Get All Permissions //********************************************************************************************* // get all Permission Objects //********************************************************************************************* Console.WriteLine("\n Getting Permissions"); IPagedCollection <IOAuth2PermissionGrant> permissions = null; try { permissions = activeDirectoryClient.Oauth2PermissionGrants.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("Error: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (permissions != null) { do { List <IOAuth2PermissionGrant> perms = permissions.CurrentPage.ToList(); foreach (IOAuth2PermissionGrant perm in perms) { Console.WriteLine("Permission: {0} Name: {1}", perm.ClientId, perm.Scope); } } while (permissions != null && permissions.MorePagesAvailable); } #endregion #region Delete Application //********************************************************************************************* // Delete Application Objects //********************************************************************************************* if (appObject.ObjectId != null) { try { appObject.DeleteAsync().Wait(); Console.WriteLine("Deleted Application object: " + appObject.ObjectId); } catch (Exception e) { Console.WriteLine("Application Deletion execption: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Batch Operations //********************************************************************************************* // Show Batching with 3 operators. Note: up to 5 operations can be in a batch //********************************************************************************************* IReadOnlyQueryableSet <User> userQuery = activeDirectoryClient.DirectoryObjects.OfType <User>(); IReadOnlyQueryableSet <Group> groupsQuery = activeDirectoryClient.DirectoryObjects.OfType <Group>(); IReadOnlyQueryableSet <DirectoryRole> rolesQuery = activeDirectoryClient.DirectoryObjects.OfType <DirectoryRole>(); try { IBatchElementResult[] batchResult = activeDirectoryClient.Context.ExecuteBatchAsync(userQuery, groupsQuery, rolesQuery).Result; int responseCount = 1; foreach (IBatchElementResult result in batchResult) { if (result.FailureResult != null) { Console.WriteLine("Failed: {0} ", result.FailureResult.InnerException); } if (result.SuccessResult != null) { Console.WriteLine("Batch Item Result {0} succeeded", responseCount++); } } } catch (Exception e) { Console.WriteLine("Batch execution failed. : {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion //********************************************************************************************* // End of Demo Console App //********************************************************************************************* Console.WriteLine("\nCompleted at {0} \n Press Any Key to Exit.", currentDateTime); Console.ReadKey(); }