public async Task <IActionResult> Contact() { AADGraph graph = new AADGraph(AppSettings); //Check if user is in group string groupName = "Admins"; string groupId = AppSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id; bool isIngroup = await graph.IsUserInGroup(User.Claims, groupId); return(View()); }
public bool isHRTeam(IEnumerable <Claim> userClaims) { AADGraph graph = new AADGraph(AppSettings); string groupName = "HRTeam"; string groupId = AppSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id; return(graph.IsUserInGroup(userClaims, groupId).Result); }
private async Task <bool> CheckIfUserIsAnAdmin() { // AAD usage example AADGraph graph = new AADGraph(AppSettings); string groupName = "Admins"; string groupId = AppSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id; bool isIngroup = await graph.IsUserInGroup(User.Claims, groupId); return(isIngroup); }
public async Task <IActionResult> Contact() { ViewData["Message"] = "Your contact page."; AADGraph graph = new AADGraph(AppSettings); string groupName = "Admins"; string groupId = AppSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id; bool isIngroup = await graph.IsUserInGroup(User.Claims, groupId); return(View()); }
private async Task OnTokenValidated(TokenValidatedContext arg) { AADGraph graph = new AADGraph(_appSettings); string groupName = "Admins"; string groupId = _appSettings.AADGroups.FirstOrDefault(g => g.Name == groupName)?.Id; bool isAdmin = await graph.IsUserInGroup(arg.Principal.Claims, groupId); if (isAdmin) { arg.Principal.AddIdentity(new ClaimsIdentity( new Claim[] { new Claim(ClaimTypes.Role, Roles.Admin) })); } }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, InAdminsGroupRequirement requirement) { AppSettings appSettings = _configuration.GetSection("AppSettings").Get <AppSettings>();; AADGraph graph = new AADGraph(appSettings); string groupName = "Admins"; string groupId = appSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id; Task <bool> isIngroup = graph.IsUserInGroup(context.User.Claims, groupId); if (isIngroup.Result) { context.Succeed(requirement); } return(Task.CompletedTask); }
protected void Application_Start() { try { SqlServerTypes.Utilities.LoadNativeAssemblies(Server.MapPath("~/bin")); //Registration ControllerBuilder.Current.DefaultNamespaces.Add("Wutnu.Controllers"); AreaRegistration.RegisterAllAreas(); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); GlobalConfiguration.Configure(WebApiConfig.Register); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); AntiForgeryConfig.UniqueClaimTypeIdentifier = CustomClaimTypes.ObjectIdentifier; Cache.RedisConnectionString = ConfigurationManager.AppSettings["RedisConnection"]; Cache.RedisUrlDBNum = Convert.ToInt32(ConfigurationManager.AppSettings["RedisUrlDBNum"]); Cache.RedisUserDBNum = Convert.ToInt32(ConfigurationManager.AppSettings["RedisUserDBNum"]); //IoC var builder = new ContainerBuilder(); builder.Register(c => new WutNuContext()) .AsSelf() .InstancePerRequest(); builder.Register(c => new WutCache(c.Resolve <WutNuContext>())) .AsSelf() .InstancePerRequest(); builder.RegisterControllers(typeof(MvcApplication).Assembly); builder.RegisterApiControllers(typeof(MvcApplication).Assembly); var container = builder.Build(); DependencyResolver.SetResolver(new AutofacDependencyResolver(container)); GlobalConfiguration.Configuration.DependencyResolver = new AutofacWebApiDependencyResolver(container); //Settings Settings.Setup(ConfigurationManager.AppSettings); var domainName = ConfigurationManager.AppSettings["ida:RedirectUri"] + "/"; Startup.RedirectUri = domainName; WutStorage.ALLOWED_CORS_ORIGINS = new List <string> { ConfigurationManager.AppSettings["ida:RedirectUri"] }; var ConfigStorageCors = Convert.ToBoolean(ConfigurationManager.AppSettings["ConfigStorageCors"]); bool forceConfig = true; if (ConfigStorageCors) { WutStorage.ConfigureCors(forceConfig); } Utils.ApplicationName = "Wut?"; AADGraph.GraphToken = ConfigurationManager.AppSettings["B2BGraphKey"]; AADGraph.ClientId = ConfigurationManager.AppSettings["ida:ClientIdB2B"]; AADGraph.TenantName = ConfigurationManager.AppSettings["ida:TenantB2B"]; AADGraph.LoadGroups(); //BlobCopy zip init BlobCopyZip.InitZip(Settings.AppRootPath); //Ensure cloud reports have initialized in blob storage ReportManager.InitBlobReports(); //VPP System.Web.Hosting.HostingEnvironment.RegisterVirtualPathProvider(new WutVirtualPathProvider()); } catch (Exception ex) { Logging.WriteToAppLog("Error during application startup", System.Diagnostics.EventLogEntryType.Error, ex); } }
public bool IsUserInAAD(string objectId) { var res = AADGraph.GetUser(objectId); return(res != null); }
private static ClaimsIdentity TransformClaims(ClaimsIdentity ident, User user) { ident.AddClaim(new Claim(CustomClaimTypes.UserId, user.UserId.ToString(), ClaimValueTypes.Integer32)); if (user.ExtClaims != null && user.ExtClaims.Length > 0) { ident.AddClaim(new Claim(CustomClaimTypes.ExtClaims, user.ExtClaims, "ExtClaimsModel")); } var issuer = ident.Claims.First().Issuer; if (issuer.IndexOf("b2clogin.com") > -1) { //B2C //todo: is unified? ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.B2C)); var name = ident.GetClaim(ClaimTypes.GivenName); name += " " + ident.GetClaim(ClaimTypes.Surname); name += " (" + user.idp + ")"; var email = ident.GetClaim("emails") ?? ident.GetClaim(ClaimTypes.Email); if (ident.HasClaim(ClaimTypes.Email)) { ident.SetClaim(ClaimTypes.Email, email); } else { ident.AddClaim(new Claim(ClaimTypes.Email, email)); } ident.AddClaim(new Claim(CustomClaimTypes.FullName, name)); ident.AddClaim(new Claim(ClaimTypes.Name, email)); } else { //WORK OR SCHOOL ACCOUNTS var userTenant = AADGraph.GetUserTenantId(ident); //GetHomeTenantId is null if authenticating in home tenant if (ident.GetIdpTenantId() == null) { if (ident.GetClaim(CustomClaimTypes.TenantId) != AADGraph.TenantId) { //not in host tenant and auth'd to home tenant ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.B2EMulti)); } else if (userTenant == AADGraph.TenantId) { //in host tenant, which matches home tenant ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.LocalAAD)); } } else { //B2B guest ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.B2B)); } if (ident.GetClaim(CustomClaimTypes.TenantId) == AADGraph.TenantId) { if (AADGraph.AdminUsers == null) { //Admin group was left null - all local tenant users (native only, not B2B) are set as admins if (userTenant == AADGraph.TenantId) { ident.AddClaim(new Claim(ClaimTypes.Role, WutRoles.WutNuAdmins)); } } else { //Admin group was configured - all members of the group, native or B2B guests, are set as admins if (AADGraph.AdminUsers.Any(u => u.ObjectId == ident.GetClaim(CustomClaimTypes.ObjectIdentifier))) { ident.AddClaim(new Claim(ClaimTypes.Role, WutRoles.WutNuAdmins)); } } } var fullName = ident.Claims.FirstOrDefault(c => c.Type == "name").Value; ident.AddClaim(new Claim(CustomClaimTypes.FullName, fullName)); //ident.SetClaim(ClaimTypes.Name, user.UserName); //ident.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.UserId)); //ident.AddClaim(new Claim(ClaimTypesLW.InternalOrExternal, user.InternalOrExternal)); } if (!ident.Claims.Any(i => i.Type == ClaimTypes.Email)) { ident.AddClaim(new Claim(ClaimTypes.Email, user.PrimaryEmail)); } //ident.AddClaim(new Claim(ClaimTypesLW.ResetPasswordOnLogin, user.ResetOnNextLogin.ToString(), typeof(Boolean).ToString())); //var enumerable = userRoles as IList<GetLoginUserRole> ?? userRoles.ToList(); //enumerable.ForEach(r => ident.AddClaim(new Claim(ClaimTypes.Role, r.Name))); return(ident); }