protected virtual PickerEntity CreatePickerEntityHelper(AzurecpResult result)
{
PickerEntity pe = CreatePickerEntity();
SPClaim claim;
string permissionValue = result.PermissionValue;
string permissionClaimType = result.AzureObject.ClaimType;
bool isIdentityClaimType = false;
if (String.Equals(result.AzureObject.ClaimType, SPTrust.IdentityClaimTypeInformation.MappedClaimType, StringComparison.InvariantCultureIgnoreCase)
|| result.AzureObject.CreateAsIdentityClaim)
{
isIdentityClaimType = true;
}
if (result.AzureObject.CreateAsIdentityClaim)
{
// This azureObject is not directly linked to a claim type, so permission is created with identity claim type
permissionClaimType = IdentityAzureObject.ClaimType;
permissionValue = FormatPermissionValue(permissionClaimType, permissionValue, isIdentityClaimType, result);
claim = CreateClaim(
permissionClaimType,
permissionValue,
IdentityAzureObject.ClaimValueType);
pe.EntityType = IdentityAzureObject.ClaimEntityType;
}
else
{
permissionValue = FormatPermissionValue(permissionClaimType, permissionValue, isIdentityClaimType, result);
claim = CreateClaim(
permissionClaimType,
permissionValue,
result.AzureObject.ClaimValueType);
pe.EntityType = result.AzureObject.ClaimEntityType;
}
pe.DisplayText = FormatPermissionDisplayText(permissionClaimType, permissionValue, isIdentityClaimType, result);
pe.Description = String.Format(
PickerEntityOnMouseOver,
result.AzureObject.GraphProperty.ToString(),
result.QueryMatchValue);
pe.Claim = claim;
pe.IsResolved = true;
//pe.EntityGroupName = "";
int nbMetadata = 0;
// Populate metadata attributes of permission created
foreach (var entityAttrib in ProcessedAzureObjectsMetadata)
{
// if there is actally a value in the GraphObject, then it can be set
string entityAttribValue = GetGraphPropertyValue(result.DirectoryObjectResult, entityAttrib.GraphProperty.ToString());
if (!String.IsNullOrEmpty(entityAttribValue))
{
pe.EntityData[entityAttrib.EntityDataKey] = entityAttribValue;
nbMetadata++;
AzureCPLogging.Log(String.Format("[{0}] Added metadata \"{1}\" with value \"{2}\" to permission", ProviderInternalName, entityAttrib.EntityDataKey, entityAttribValue), TraceSeverity.Verbose, EventSeverity.Information, AzureCPLogging.Categories.Claims_Picking);
}
}
AzureCPLogging.Log(String.Format("[{0}] Created permission: display text: \"{1}\", value: \"{2}\", claim type: \"{3}\", and filled with {4} metadata.", ProviderInternalName, pe.DisplayText, pe.Claim.Value, pe.Claim.ClaimType, nbMetadata.ToString()), TraceSeverity.Verbose, EventSeverity.Information, AzureCPLogging.Categories.Claims_Picking);
return pe;
}
/// <summary>
/// Query a specific Azure tenant
/// </summary>
/// <param name="userFilter"></param>
/// <param name="groupFilter"></param>
/// <param name="coco"></param>
/// <returns></returns>
private List<AzurecpResult> QueryAzureAD(AzureTenant coco, Expression<Func<IUser, bool>> userQuery, Expression<Func<IGroup, bool>> groupQuery)
{
using (new SPMonitoredScope(String.Format("[{0}] Connecting to Azure AD {1}", ProviderInternalName, coco.TenantName), 1000))
{
if (coco.ADClient == null)
{
ActiveDirectoryClient activeDirectoryClient;
try
{
activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication(coco.TenantName, coco.TenantId, coco.ClientId, coco.ClientSecret);
}
catch (AuthenticationException ex)
{
//You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx
//InnerException Message will contain the HTTP error status codes mentioned in the link above
AzureCPLogging.LogException(ProviderInternalName, String.Format("while acquiring token for tenant {0}", coco.TenantName), AzureCPLogging.Categories.Lookup, ex);
return null;
}
coco.ADClient = activeDirectoryClient;
AzureCPLogging.Log(String.Format("[{0}] Got new access token for tenant '{1}'", ProviderInternalName, coco.TenantName), TraceSeverity.Medium, EventSeverity.Information, AzureCPLogging.Categories.Lookup);
//activeDirectoryClient.Oauth2PermissionGrants.
//activeDirectoryClient.Oauth2PermissionGrants.Context.
}
List<AzurecpResult> allADResults = new List<AzurecpResult>();
// Workaroud implemented to avoid deadlock when calling DataServiceContextWrapper.ExecuteBatchAsync
if (userQuery != null)
{
IUserCollection userCollection = coco.ADClient.Users;
IPagedCollection<IUser> userSearchResults = null;
do
{
userSearchResults = userCollection.Where(userQuery).ExecuteAsync().Result;
List<IUser> searchResultsList = userSearchResults.CurrentPage.ToList();
foreach (IDirectoryObject objectResult in searchResultsList)
{
AzurecpResult azurecpResult = new AzurecpResult();
azurecpResult.DirectoryObjectResult = objectResult as DirectoryObject;
azurecpResult.TenantId = coco.TenantId;
allADResults.Add(azurecpResult);
}
userSearchResults = userSearchResults.GetNextPageAsync().Result;
} while (userSearchResults != null && userSearchResults.MorePagesAvailable);
}
if (groupQuery != null)
{
IGroupCollection groupCollection = coco.ADClient.Groups;
IPagedCollection<IGroup> groupSearchResults = null;
do
{
groupSearchResults = groupCollection.Where(groupQuery).ExecuteAsync().Result;
List<IGroup> searchResultsList = groupSearchResults.CurrentPage.ToList();
foreach (IDirectoryObject objectResult in searchResultsList)
{
AzurecpResult azurecpResult = new AzurecpResult();
azurecpResult.DirectoryObjectResult = objectResult as DirectoryObject;
azurecpResult.TenantId = coco.TenantId;
allADResults.Add(azurecpResult);
}
groupSearchResults = groupSearchResults.GetNextPageAsync().Result;
} while (groupSearchResults != null && groupSearchResults.MorePagesAvailable);
}
return allADResults;
}
}
/// <summary>
/// Override this method to customize value of permission created
/// </summary>
/// <param name="claimType"></param>
/// <param name="claimValue"></param>
/// <param name="netBiosName"></param>
/// <returns></returns>
protected virtual string FormatPermissionValue(string claimType, string claimValue, bool isIdentityClaimType, AzurecpResult result)
{
return claimValue;
}
/// <summary>
/// Gets the group membership of a user
/// </summary>
/// <param name="userToAugment"></param>
/// <param name="coco"></param>
/// <returns></returns>
private List<AzurecpResult> GetUserMembership(User userToAugment, AzureTenant coco)
{
List<AzurecpResult> searchResults = new List<AzurecpResult>();
IUserFetcher retrievedUserFetcher = userToAugment;
IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
AzurecpResult result = new AzurecpResult();
Group group = directoryObject as Group;
result.DirectoryObjectResult = group;
result.TenantId = coco.TenantId;
searchResults.Add(result);
}
//if (directoryObject is DirectoryRole)
//{
// DirectoryRole role = directoryObject as DirectoryRole;
//}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null && pagedCollection.MorePagesAvailable);
return searchResults;
}
/// <summary>
/// Override this method to customize display text of permission created
/// </summary>
/// <param name="displayText"></param>
/// <param name="claimType"></param>
/// <param name="claimValue"></param>
/// <param name="isIdentityClaim"></param>
/// <param name="result"></param>
/// <returns></returns>
protected virtual string FormatPermissionDisplayText(string claimType, string claimValue, bool isIdentityClaimType, AzurecpResult result)
{
string permissionDisplayText = String.Empty;
string valueDisplayedInPermission = String.Empty;
if (result.AzureObject.GraphPropertyToDisplay != GraphProperty.None)
{
if (!isIdentityClaimType) permissionDisplayText = "(" + result.AzureObject.ClaimTypeMappingName + ") ";
string graphPropertyToDisplayValue = GetGraphPropertyValue(result.DirectoryObjectResult, result.AzureObject.GraphPropertyToDisplay.ToString());
if (!String.IsNullOrEmpty(graphPropertyToDisplayValue)) permissionDisplayText += graphPropertyToDisplayValue;
else permissionDisplayText += result.PermissionValue;
}
else
{
if (isIdentityClaimType)
{
permissionDisplayText = result.QueryMatchValue;
}
else
{
permissionDisplayText = String.Format(
PickerEntityDisplayText,
result.AzureObject.ClaimTypeMappingName,
result.PermissionValue);
}
}
return permissionDisplayText;
}