private string GetObjectIdByEmail(string email) { // In ADFS, Graph cannot handle this particular combination of filters. if (DefaultProfile.DefaultContext.Environment.OnPremise || string.IsNullOrWhiteSpace(email)) { return(null); } string objId = null; // TODO: Remove IfDef #if NETSTANDARD var users = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions { Mail = email }); if (users != null) { ThrowIfMultipleObjectIds(users, email); var user = users.FirstOrDefault(); objId = user?.Id.ToString(); } #else var users = ActiveDirectoryClient.Users.Where(FilterByEmail(email)).ExecuteAsync().GetAwaiter().GetResult().CurrentPage; if (users != null) { ThrowIfMultipleObjectIds(users, email); var user = users.FirstOrDefault(); objId = user?.ObjectId; } #endif return(objId); }
private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments) { if (!string.IsNullOrEmpty(RoleDefinitionName)) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); RoleDefinitionId = definition?.Id; } if (!string.IsNullOrEmpty(SignInName)) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); ObjectId = user?.Id.ToString(); } if (!string.IsNullOrEmpty(ApplicationId)) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); ObjectId = app?.ObjectId.ToString(); } if (!string.IsNullOrEmpty(RoleDefinitionId)) { assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray(); } if (!string.IsNullOrEmpty(ObjectId)) { assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray(); } return(assignments); }
private string GetObjectIdByUpn(string upn) { if (string.IsNullOrWhiteSpace(upn)) { return(null); } // TODO: Remove IfDef #if NETSTANDARD var user = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions { UPN = upn }).SingleOrDefault(); #else var user = ActiveDirectoryClient.Users.Where(u => u.UserPrincipalName.Equals(upn, StringComparison.OrdinalIgnoreCase)) .ExecuteAsync().ConfigureAwait(false).GetAwaiter().GetResult().CurrentPage.SingleOrDefault(); #endif string objId = null; if (user != null) { // TODO: Remove IfDef #if NETSTANDARD objId = user.Id.ToString(); #else objId = user.ObjectId; #endif } return(objId); }
private string GetRoleAssignmentNameFromFilterParameters() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope) .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId)); if (roleAssignment == null) { throw new Exception(Resources.RoleAssignmentNotFound); } else { return(roleAssignment.Name); } }
public static (string, string) GetDetailsFromADObjectId(string objectId, ActiveDirectoryClient adClient) { var displayName = ""; var upnOrSpn = ""; var objectType = "Unknown"; if (adClient == null || string.IsNullOrWhiteSpace(objectId)) { return(displayName, objectType); } try { var obj = adClient.GetObjectsByObjectId(new List <string> { objectId }).FirstOrDefault(); if (obj != null) { if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase)) { var user = adClient.FilterUsers(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = user.DisplayName; upnOrSpn = user.UserPrincipalName; objectType = "User"; } else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase)) { var odataQuery = new Rest.Azure.OData.ODataQuery <Graph.RBAC.Version1_6.Models.ServicePrincipal>(s => s.ObjectId == objectId); var servicePrincipal = adClient.FilterServicePrincipals(odataQuery).FirstOrDefault(); displayName = servicePrincipal.DisplayName; upnOrSpn = servicePrincipal.ServicePrincipalNames.FirstOrDefault(); objectType = "Service Principal"; } else if (obj.Type.Equals("group", StringComparison.InvariantCultureIgnoreCase)) { var group = adClient.FilterGroups(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = group.DisplayName; objectType = "Group"; } } } catch { // Error occurred. Don't get the friendly name } return( displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : ""), objectType ); }
public override void ExecuteCmdlet() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
private string GetObjectIdByUpn(string upn) { string objId = null; if (!string.IsNullOrWhiteSpace(upn)) { var user = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions() { SPN = upn }).SingleOrDefault(); if (user != null) { objId = user.Id.ToString(); } } return(objId); }
public static string GetDisplayNameForADObject(string objectId, ActiveDirectoryClient adClient) { string displayName = ""; string upnOrSpn = ""; if (adClient == null || string.IsNullOrWhiteSpace(objectId)) { return(displayName); } try { var obj = adClient.GetObjectsByObjectId(new List <string> { objectId }).FirstOrDefault(); if (obj != null) { if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase)) { var user = adClient.FilterUsers(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = user.DisplayName; upnOrSpn = user.UserPrincipalName; } else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase)) { var servicePrincipal = adClient.FilterServicePrincipals(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = servicePrincipal.DisplayName; upnOrSpn = servicePrincipal.ServicePrincipalNames.FirstOrDefault(); } } } catch { // Error occured. Don't get the friendly name } return(displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : "")); }
private string GetObjectIdByEmail(string email) { string objId = null; // In ADFS, Graph cannot handle this particular combination of filters. if (!DefaultProfile.DefaultContext.Environment.OnPremise && !string.IsNullOrWhiteSpace(email)) { var users = ActiveDirectoryClient.FilterUsers(new ADObjectFilterOptions() { Mail = email }); if (users != null) { ThrowIfMultipleObjectIds(users, email); var user = users.FirstOrDefault(); objId = user?.Id.ToString(); } } return(objId); }
public static string GetDisplayNameForADObject(string objectId, ActiveDirectoryClient adClient) { string displayName = ""; string upnOrSpn = ""; if (adClient == null || string.IsNullOrWhiteSpace(objectId)) { return(displayName); } try { #if NETSTANDARD var obj = adClient.GetObjectsByObjectId(new List <string> { objectId }).FirstOrDefault(); if (obj != null) { if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase)) { var user = adClient.FilterUsers(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = user.DisplayName; upnOrSpn = user.UserPrincipalName; } else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase)) { var servicePrincipal = adClient.FilterServicePrincipals(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = servicePrincipal.DisplayName; upnOrSpn = servicePrincipal.ServicePrincipalNames.FirstOrDefault(); } else if (obj.Type.Equals("group", StringComparison.InvariantCultureIgnoreCase)) { var group = adClient.FilterGroups(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = group.DisplayName; } } #else var obj = adClient.GetObjectsByObjectIdsAsync(new[] { objectId }, new string[] { }).GetAwaiter().GetResult().FirstOrDefault(); if (obj != null) { if (obj.ObjectType.Equals("user", StringComparison.InvariantCultureIgnoreCase)) { var user = adClient.Users.GetByObjectId(objectId).ExecuteAsync().GetAwaiter().GetResult(); displayName = user.DisplayName; upnOrSpn = user.UserPrincipalName; } else if (obj.ObjectType.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase)) { var servicePrincipal = adClient.ServicePrincipals.GetByObjectId(objectId).ExecuteAsync().GetAwaiter().GetResult(); displayName = servicePrincipal.AppDisplayName; upnOrSpn = servicePrincipal.ServicePrincipalNames.FirstOrDefault(); } else if (obj.ObjectType.Equals("group", StringComparison.InvariantCultureIgnoreCase)) { var group = adClient.Groups.GetByObjectId(objectId).ExecuteAsync().GetAwaiter().GetResult(); displayName = group.DisplayName; upnOrSpn = group.MailNickname; } } #endif } catch { // Error occured. Don't get the friendly name } return(displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : "")); }