public async Task <IActionResult> Contact()
{
AADGraph graph = new AADGraph(AppSettings); //Check if user is in group
string groupName = "Admins";
string groupId = AppSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id;
bool isIngroup = await graph.IsUserInGroup(User.Claims, groupId);
return(View());
}
public bool isHRTeam(IEnumerable <Claim> userClaims)
{
AADGraph graph = new AADGraph(AppSettings);
string groupName = "HRTeam";
string groupId = AppSettings.AADGroups.FirstOrDefault(g =>
String.Compare(g.Name, groupName) == 0).Id;
return(graph.IsUserInGroup(userClaims, groupId).Result);
}
private async Task <bool> CheckIfUserIsAnAdmin()
{
// AAD usage example
AADGraph graph = new AADGraph(AppSettings);
string groupName = "Admins";
string groupId = AppSettings.AADGroups.FirstOrDefault(g => String.Compare(g.Name, groupName) == 0).Id;
bool isIngroup = await graph.IsUserInGroup(User.Claims, groupId);
return(isIngroup);
}
public async Task <IActionResult> Contact()
{
ViewData["Message"] = "Your contact page.";
AADGraph graph = new AADGraph(AppSettings);
string groupName = "Admins";
string groupId = AppSettings.AADGroups.FirstOrDefault(g =>
String.Compare(g.Name, groupName) == 0).Id;
bool isIngroup = await graph.IsUserInGroup(User.Claims, groupId);
return(View());
}
private async Task OnTokenValidated(TokenValidatedContext arg)
{
AADGraph graph = new AADGraph(_appSettings);
string groupName = "Admins";
string groupId = _appSettings.AADGroups.FirstOrDefault(g => g.Name == groupName)?.Id;
bool isAdmin = await graph.IsUserInGroup(arg.Principal.Claims, groupId);
if (isAdmin)
{
arg.Principal.AddIdentity(new ClaimsIdentity(
new Claim[] { new Claim(ClaimTypes.Role, Roles.Admin) }));
}
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
InAdminsGroupRequirement requirement)
{
AppSettings appSettings = _configuration.GetSection("AppSettings").Get <AppSettings>();;
AADGraph graph = new AADGraph(appSettings);
string groupName = "Admins";
string groupId = appSettings.AADGroups.FirstOrDefault(g =>
String.Compare(g.Name, groupName) == 0).Id;
Task <bool> isIngroup = graph.IsUserInGroup(context.User.Claims, groupId);
if (isIngroup.Result)
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
protected void Application_Start()
{
try
{
SqlServerTypes.Utilities.LoadNativeAssemblies(Server.MapPath("~/bin"));
//Registration
ControllerBuilder.Current.DefaultNamespaces.Add("Wutnu.Controllers");
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
GlobalConfiguration.Configure(WebApiConfig.Register);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = CustomClaimTypes.ObjectIdentifier;
Cache.RedisConnectionString = ConfigurationManager.AppSettings["RedisConnection"];
Cache.RedisUrlDBNum = Convert.ToInt32(ConfigurationManager.AppSettings["RedisUrlDBNum"]);
Cache.RedisUserDBNum = Convert.ToInt32(ConfigurationManager.AppSettings["RedisUserDBNum"]);
//IoC
var builder = new ContainerBuilder();
builder.Register(c => new WutNuContext())
.AsSelf()
.InstancePerRequest();
builder.Register(c => new WutCache(c.Resolve <WutNuContext>()))
.AsSelf()
.InstancePerRequest();
builder.RegisterControllers(typeof(MvcApplication).Assembly);
builder.RegisterApiControllers(typeof(MvcApplication).Assembly);
var container = builder.Build();
DependencyResolver.SetResolver(new AutofacDependencyResolver(container));
GlobalConfiguration.Configuration.DependencyResolver = new AutofacWebApiDependencyResolver(container);
//Settings
Settings.Setup(ConfigurationManager.AppSettings);
var domainName = ConfigurationManager.AppSettings["ida:RedirectUri"] + "/";
Startup.RedirectUri = domainName;
WutStorage.ALLOWED_CORS_ORIGINS = new List <string> {
ConfigurationManager.AppSettings["ida:RedirectUri"]
};
var ConfigStorageCors = Convert.ToBoolean(ConfigurationManager.AppSettings["ConfigStorageCors"]);
bool forceConfig = true;
if (ConfigStorageCors)
{
WutStorage.ConfigureCors(forceConfig);
}
Utils.ApplicationName = "Wut?";
AADGraph.GraphToken = ConfigurationManager.AppSettings["B2BGraphKey"];
AADGraph.ClientId = ConfigurationManager.AppSettings["ida:ClientIdB2B"];
AADGraph.TenantName = ConfigurationManager.AppSettings["ida:TenantB2B"];
AADGraph.LoadGroups();
//BlobCopy zip init
BlobCopyZip.InitZip(Settings.AppRootPath);
//Ensure cloud reports have initialized in blob storage
ReportManager.InitBlobReports();
//VPP
System.Web.Hosting.HostingEnvironment.RegisterVirtualPathProvider(new WutVirtualPathProvider());
}
catch (Exception ex)
{
Logging.WriteToAppLog("Error during application startup", System.Diagnostics.EventLogEntryType.Error, ex);
}
}
public bool IsUserInAAD(string objectId)
{
var res = AADGraph.GetUser(objectId);
return(res != null);
}
private static ClaimsIdentity TransformClaims(ClaimsIdentity ident, User user)
{
ident.AddClaim(new Claim(CustomClaimTypes.UserId, user.UserId.ToString(), ClaimValueTypes.Integer32));
if (user.ExtClaims != null && user.ExtClaims.Length > 0)
{
ident.AddClaim(new Claim(CustomClaimTypes.ExtClaims, user.ExtClaims, "ExtClaimsModel"));
}
var issuer = ident.Claims.First().Issuer;
if (issuer.IndexOf("b2clogin.com") > -1)
{
//B2C
//todo: is unified?
ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.B2C));
var name = ident.GetClaim(ClaimTypes.GivenName);
name += " " + ident.GetClaim(ClaimTypes.Surname);
name += " (" + user.idp + ")";
var email = ident.GetClaim("emails") ?? ident.GetClaim(ClaimTypes.Email);
if (ident.HasClaim(ClaimTypes.Email))
{
ident.SetClaim(ClaimTypes.Email, email);
}
else
{
ident.AddClaim(new Claim(ClaimTypes.Email, email));
}
ident.AddClaim(new Claim(CustomClaimTypes.FullName, name));
ident.AddClaim(new Claim(ClaimTypes.Name, email));
}
else
{
//WORK OR SCHOOL ACCOUNTS
var userTenant = AADGraph.GetUserTenantId(ident);
//GetHomeTenantId is null if authenticating in home tenant
if (ident.GetIdpTenantId() == null)
{
if (ident.GetClaim(CustomClaimTypes.TenantId) != AADGraph.TenantId)
{
//not in host tenant and auth'd to home tenant
ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.B2EMulti));
}
else if (userTenant == AADGraph.TenantId)
{
//in host tenant, which matches home tenant
ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.LocalAAD));
}
}
else
{
//B2B guest
ident.AddClaim(new Claim(CustomClaimTypes.AuthType, WutAuthTypes.B2B));
}
if (ident.GetClaim(CustomClaimTypes.TenantId) == AADGraph.TenantId)
{
if (AADGraph.AdminUsers == null)
{
//Admin group was left null - all local tenant users (native only, not B2B) are set as admins
if (userTenant == AADGraph.TenantId)
{
ident.AddClaim(new Claim(ClaimTypes.Role, WutRoles.WutNuAdmins));
}
}
else
{
//Admin group was configured - all members of the group, native or B2B guests, are set as admins
if (AADGraph.AdminUsers.Any(u => u.ObjectId == ident.GetClaim(CustomClaimTypes.ObjectIdentifier)))
{
ident.AddClaim(new Claim(ClaimTypes.Role, WutRoles.WutNuAdmins));
}
}
}
var fullName = ident.Claims.FirstOrDefault(c => c.Type == "name").Value;
ident.AddClaim(new Claim(CustomClaimTypes.FullName, fullName));
//ident.SetClaim(ClaimTypes.Name, user.UserName);
//ident.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.UserId));
//ident.AddClaim(new Claim(ClaimTypesLW.InternalOrExternal, user.InternalOrExternal));
}
if (!ident.Claims.Any(i => i.Type == ClaimTypes.Email))
{
ident.AddClaim(new Claim(ClaimTypes.Email, user.PrimaryEmail));
}
//ident.AddClaim(new Claim(ClaimTypesLW.ResetPasswordOnLogin, user.ResetOnNextLogin.ToString(), typeof(Boolean).ToString()));
//var enumerable = userRoles as IList<GetLoginUserRole> ?? userRoles.ToList();
//enumerable.ForEach(r => ident.AddClaim(new Claim(ClaimTypes.Role, r.Name)));
return(ident);
}
