public async Task <Tuple <bool, string, string, string, string> > RemoveApplicationRoleFromUser(ActiveDirectoryClient azureGraphclient, string accessToken, string AzureADGraphUrl, string Tenant,
                                                                                                        string AppName, string UserEmailAddress, string AppRoleName)
        {
            List <ResultsItem> obj = new List <ResultsItem>();
            Guid userObjectID = Guid.Empty, approleid = Guid.Empty, srvpr = Guid.Empty;

            bool   ActionStatus = false;
            string message      = string.Empty;

            if (azureGraphclient == null || string.IsNullOrEmpty(AzureADGraphUrl) || string.IsNullOrEmpty(Tenant) ||
                string.IsNullOrEmpty(AppName) || string.IsNullOrEmpty(UserEmailAddress) || string.IsNullOrEmpty(AppRoleName))
            {
                return(new Tuple <bool, string, string, string, string>(ActionStatus, "Invalid input", null, null, null));
            }
            else
            {
                try
                {
                    var _usersFiltered = azureGraphclient.Users.Where(a => a.Mail.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) ||
                                                                      a.UserPrincipalName.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)).Expand(p => p.AppRoleAssignments).ExecuteAsync().Result;
                    if (_usersFiltered != null)
                    {
                        userObjectID = Guid.Parse(_usersFiltered.CurrentPage.Select(a => a.ObjectId).SingleOrDefault().ToString());

                        var application = azureGraphclient.Applications.Where(a => a.DisplayName == AppName).ExecuteAsync().Result;
                        if (application != null)
                        {
                            var approle = application.CurrentPage.FirstOrDefault().AppRoles.Where(a => a.DisplayName == AppRoleName).FirstOrDefault();

                            if (approle != null)
                            {
                                approleid = Guid.Parse(approle.Id.ToString());

                                srvpr = Guid.Parse(azureGraphclient.ServicePrincipals.Where(a => a.DisplayName == AppName).ExecuteAsync().Result.CurrentPage.FirstOrDefault().ObjectId);

                                //check if assignment is already made
                                var cc = _usersFiltered.CurrentPage.FirstOrDefault();
                                var approlesassigns = AzureADExtensions.EnumerateAllAsync(cc.AppRoleAssignments).Result;
                                var filtered        = approlesassigns.Where(a => a.Id == approleid && a.PrincipalType == "User").FirstOrDefault();

                                if (filtered != null)
                                {
                                    var roleassignObjectID = filtered.ObjectId;

                                    await RemoveRoleFromUser(accessToken, AzureADGraphUrl, Tenant, userObjectID, roleassignObjectID.ToString());

                                    ActionStatus = true;
                                    message      = "Application role was succefully removed from user";
                                }
                                else
                                {
                                    message = "User not associated with application role";
                                }
                            }
                            else
                            {
                                message = "Invalid application role";
                            }
                        }
                        else
                        {
                            message = "Invalid application";
                        }
                    }
                    else
                    {
                        message = "Invalid user";
                    }
                }
                catch (Exception ex)
                {
                    message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
                }
            }

            return(new Tuple <bool, string, string, string, string>(ActionStatus, message, userObjectID.ToString(), approleid.ToString(), srvpr.ToString()));
        }
        /// <summary>
        ///
        /// </summary>
        /// <param name="azureGraphclient"></param>
        /// <param name="model"></param>
        /// <returns>Return values are status,message, user-object-id, application-role-id, application-service-principal-id</returns>
        public async Task <Tuple <bool, string, string, string, string> > AddApplicationRoleToUser(ActiveDirectoryClient azureGraphclient, string AppName, string UserEmailAddress,
                                                                                                   string AppRoleName)
        {
            Guid userObjectID = Guid.Empty, appobjectid = Guid.Empty, approleid = Guid.Empty, srvpr = Guid.Empty;

            bool   ActionStatus = false;
            string message      = string.Empty;

            if (azureGraphclient == null || string.IsNullOrEmpty(AppName) || string.IsNullOrEmpty(UserEmailAddress) || string.IsNullOrEmpty(AppRoleName))
            {
                return(new Tuple <bool, string, string, string, string>(ActionStatus, "Invalid input", null, null, null));
            }
            else
            {
                try
                {
                    AppRoleAssignment assignment = new AppRoleAssignment();
                    assignment.CreationTimestamp = System.DateTime.Now;

                    var _usersFiltered = azureGraphclient.Users.Where(a => a.Mail.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) ||
                                                                      a.UserPrincipalName.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)).ExecuteAsync().Result;
                    if (_usersFiltered != null)
                    {
                        userObjectID = Guid.Parse(_usersFiltered.CurrentPage.Select(a => a.ObjectId).SingleOrDefault().ToString());

                        var application = azureGraphclient.Applications.Where(a => a.DisplayName == AppName).ExecuteAsync().Result;
                        if (application != null)
                        {
                            var approle = application.CurrentPage.FirstOrDefault().AppRoles.Where(a => a.DisplayName == AppRoleName).FirstOrDefault();

                            if (approle != null)
                            {
                                approleid = Guid.Parse(approle.Id.ToString());

                                srvpr = Guid.Parse(azureGraphclient.ServicePrincipals.Where(a => a.DisplayName == AppName).ExecuteAsync().Result.CurrentPage.FirstOrDefault().ObjectId);

                                //check if assignment is already made
                                var cc = azureGraphclient.Users[userObjectID.ToString()].AppRoleAssignments.ExecuteAsync().Result;
                                var approlesassigns = await AzureADExtensions.EnumerateAllAsync(cc);

                                var filtered = approlesassigns.Where(a => a.Id == approleid && a.PrincipalType == "User").FirstOrDefault();

                                if (filtered == null)
                                {
                                    assignment.PrincipalId   = userObjectID;
                                    assignment.PrincipalType = "User";
                                    assignment.ResourceId    = srvpr;
                                    assignment.Id            = approleid;

                                    await azureGraphclient.Users[userObjectID.ToString()].AppRoleAssignments.AddAppRoleAssignmentAsync(assignment);

                                    ActionStatus = true;
                                    message      = "User successfully associated with application role";
                                }
                                else
                                {
                                    message = "user already associated with application role";
                                }
                            }
                            else
                            {
                                message = "Invalid application role";
                            }
                        }
                        else
                        {
                            message = "Invalid application";
                        }
                    }
                    else
                    {
                        message = "Invalid user";
                    }
                }
                catch (Exception ex)
                {
                    message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
                }
            }

            return(new Tuple <bool, string, string, string, string>(ActionStatus, message, userObjectID.ToString(), approleid.ToString(), srvpr.ToString()));
        }