public async Task<DirectoryDataService> buildDirectoryDataServiceAsync() { var settings = SettingsRepo.GetSettings(); var authToken = await AuthProvider.GetAuthTokenAsync(); try { var directoryDataService = new DirectoryDataService(authToken, settings); return directoryDataService; } catch(Exception ex) { Debug.WriteLine("Unable to create DirectoryDataService. Error: " + ex.Message); return null; } }
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal) { if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated) { // Get the claims required to make further Graph API enquiries about the user Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim); if (tenantClaim == null) { throw new NotSupportedException("Tenant claim not available, role authentication is not supported"); } Claim objectIdentifierClaim = incomingPrincipal.FindFirst(ObjectIdentifierClaim); if (objectIdentifierClaim == null) { throw new NotSupportedException("Object identifier claim not available, role authentication is not supported"); } string tenantId = tenantClaim.Value; string currentUserObjectId = objectIdentifierClaim.Value; // Connect to the graph service AADJWTToken token = DirectoryDataServiceAuthorizationHelper.GetAuthorizationToken(tenantId, _clientId, _password); DirectoryDataService graphService = new DirectoryDataService(tenantId, token); // Find the user in the graph // ReSharper disable once ReplaceWithSingleCallToSingleOrDefault - SingleOrDefault not supported on directory service directly User currentUser = graphService.directoryObjects.OfType<User>().Where(it => (it.objectId == currentUserObjectId)).SingleOrDefault(); if (currentUser == null) { throw new SecurityException("User cannot be found in graph"); } // Find the groups the user is a member of and add them as role claims graphService.LoadProperty(currentUser, "memberOf"); List<Group> currentRoles = currentUser.memberOf.OfType<Group>().ToList(); foreach (Group role in currentRoles) { ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, role.displayName, ClaimValueTypes.String, _issuer)); } } return base.Authenticate(resourceName, incomingPrincipal); }
public static DirectoryDataService GetInstance(AuthenticationConfiguration config) { //get the tenantName based on logged in user string tenantName = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; AADJWTToken token; _tokenLookup.TryGetValue(tenantName, out token); if (token == null || token.WillExpireIn(1)) { // Grab a new token // retrieve the clientId and password values from the Web.config file string clientId = config.ApiClientId; string password = config.ApiKey; // get a token using the helper, error handling??? token = DirectoryDataServiceAuthorizationHelper.GetAuthorizationToken(tenantName, clientId, password); _tokenLookup[tenantName] = token; } // initialize a graphService instance using the token acquired from previous step DirectoryDataService graphService = new DirectoryDataService(tenantName, token); return graphService; }
/// <summary> /// Method to handle binding redirection exception. This exception means that the /// user's data is located in another data center. This exception's details returns /// several urls that may work in this case. At least one url is guaranteed to work /// So we need to get all the URLs and try them /// </summary> /// <param name="parsedException">The binding redirection exception we received</param> /// <param name="operation">The operation to try</param> private void HandleBindingRedirectionException(ActiveDirectoryParsedException parsedException, Action operation) { var urls = (from ed in parsedException.Values.ErrorDetail where ed.Name.StartsWith("Url") select ed.Value).ToList(); // Go thru the error details name\value pair // Now try each URL foreach (string newUrl in urls) { // We permanantly change the dataservice to point to the new URL // as none of the operations will work on the current url Service = new DirectoryDataService(new Uri(string.Format("{0}/{1}", newUrl, Properties.FullTenantAddress))); // This adds the default required headers to each request AddHeaders(); try { // try the operation operation(); // if the operation is successful, break out of the loop // all the subsequent operations will go to the new URL break; } catch (Exception) { // nothing can be done, try next URL } } }
public void Setup() { Service = new DirectoryDataService(Properties.ConnectionUri) { IgnoreResourceNotFoundException = true, MergeOption = MergeOption.OverwriteChanges, AddAndUpdateResponsePreference = DataServiceResponsePreference.IncludeContent }; // This flags ignores the resource not found exception // If AzureAD Service throws this exception, it returns null // This adds the default required headers to each request AddHeaders(); }