//https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth
public O365Client()
{
IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(_clientId, new ClientCredential(_clientSecret), null, _tenantId);
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(clientApplication);
_graphServiceClient = new GraphServiceClient(authenticationProvider);
}
static GraphService()
{
var graphConfig = LoadAppSettings();
var oboSettings = graphConfig.GetSection("onBehalfClientSettings");
var scopes = oboSettings["scopes"];
var scopesArray = scopes.Split(',');
// Initialize the Graph client to make calls on behalf of the user
var userClientCreds = new ClientCredential(oboSettings["appSecret"]);
var oboMsalClient = OnBehalfOfProvider.CreateClientApplication(
oboSettings["appId"],
oboSettings["redirect"],
userClientCreds, null,
graphConfig["tenantId"]);
var oboAuthProvider = new OnBehalfOfProvider(oboMsalClient, scopesArray);
userClient = new GraphServiceClient(oboAuthProvider);
var appOnlySettings = graphConfig.GetSection("appOnlyClientSettings");
// Initialize the Graph client to make app-only calls
var appClientCreds = new ClientCredential(appOnlySettings["appSecret"]);
var appMsalClient = ClientCredentialProvider.CreateClientApplication(
appOnlySettings["appId"], appClientCreds, null, graphConfig["tenantId"]);
var appAuthProvider = new ClientCredentialProvider(appMsalClient);
appClient = new GraphServiceClient(appAuthProvider);
flightAdminSite = graphConfig["flightAdminSite"];
flightList = graphConfig["flightList"];
}
public async Task <HttpResponseMessage> Post()
{
// The post body should contain a JSON representation of the AADGroup object
HttpResponseMessage response = new HttpResponseMessage();
string content = Request.Content.ReadAsStringAsync().Result;
AADGroup model = null;
try
{
// Convert the JSON payload to an AADGroup
model = JsonConvert.DeserializeObject <AADGroup>(content);
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(ex.Message);
}
if (model != null)
{
// Authenticate to the Microsoft Graph and create a graph client
string clientId = ConfigurationManager.AppSettings["ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
string tenant = ConfigurationManager.AppSettings["Tenant"];
ClientCredential clientCredential = new ClientCredential(clientSecret);
IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential, null, tenant);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var group = new Group
{
Description = model.Description,
DisplayName = model.DisplayName,
MailEnabled = model.MailEnabled,
MailNickname = model.MailNickname,
SecurityEnabled = model.SecurityEnabled
};
try
{
// Add the group to Azure AD
var newGroup = await graphClient.Groups
.Request()
.AddAsync(group);
// Capture the object ID of the newly created group
model.Id = newGroup.Id;
response.StatusCode = HttpStatusCode.OK;
response.Content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json");
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(ex.Message);
}
}
return(response);
}
public void ClientCredentialProvider_ShouldCreateConfidentialClientApplicationWithMandatoryParams()
{
IClientApplicationBase clientApp = ClientCredentialProvider.CreateClientApplication(_clientId, _clientCredential);
Assert.IsInstanceOfType(clientApp, typeof(ConfidentialClientApplication), "Unexpected client application set.");
Assert.AreEqual(_clientId, clientApp.ClientId, "Wrong client id set.");
Assert.AreEqual(string.Format(AuthConstants.CloudList[NationalCloud.Global], AuthConstants.Tenants.Common), clientApp.Authority, "Wrong authority set.");
}
public void ClientCredentialProvider_ShouldCreateConfidentialClientApplicationForConfiguredCloud()
{
string tenant = "infotest";
IClientApplicationBase clientApp = ClientCredentialProvider.CreateClientApplication(_clientId, _clientCredential, null, tenant, NationalCloud.China);
Assert.IsInstanceOfType(clientApp, typeof(ConfidentialClientApplication), "Unexpected client application set.");
Assert.AreEqual(_clientId, clientApp.ClientId, "Wrong client id set.");
Assert.AreEqual(string.Format(AuthConstants.CloudList[NationalCloud.China], tenant), clientApp.Authority, "Wrong authority set.");
}
public async Task <HttpResponseMessage> AddMember()
{
// The post body should contain a JSON representation of the AADGroupMembership object
HttpResponseMessage response = new HttpResponseMessage();
string content = Request.Content.ReadAsStringAsync().Result;
AADGroupMembership model = null;
try
{
// Convert the JSON payload to an AADGroupMembership
model = JsonConvert.DeserializeObject <AADGroupMembership>(content);
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(ex.Message);
}
if (model != null)
{
// Authenticate to the Microsoft Graph and create a graph client
string clientId = ConfigurationManager.AppSettings["ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
string tenant = ConfigurationManager.AppSettings["Tenant"];
ClientCredential clientCredential = new ClientCredential(clientSecret);
IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential, null, tenant);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
try
{
// Add each user to the Azure AD group
foreach (string userId in model.Members)
{
var user = await graphClient.Users[userId].Request().GetAsync();
await graphClient.Groups[model.GroupId]
.Members
.References
.Request()
.AddAsync(user);
}
response.StatusCode = HttpStatusCode.OK;
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(ex.Message);
}
}
return(response);
}
public GraphService(ILogger log)
{
var clientCredential = new ClientCredential(Environment.GetEnvironmentVariable("AppSecret"));
var authClient = ClientCredentialProvider.CreateClientApplication(
Environment.GetEnvironmentVariable("AppId"), clientCredential, null,
Environment.GetEnvironmentVariable("TenantId"));
authClient.RedirectUri = Environment.GetEnvironmentVariable("RedirectUri");
var authProvider = new ClientCredentialProvider(authClient);
graphClient = new GraphServiceClient(authProvider);
logger = log;
}
public async Task <HttpResponseMessage> Post()
{
// The post body should contain a JSON representation of the AADUser object
HttpResponseMessage response = new HttpResponseMessage();
string content = Request.Content.ReadAsStringAsync().Result;
AADUser model = null;
try
{
// Convert the JSON payload to an AADUser
model = JsonConvert.DeserializeObject <AADUser>(content);
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(ex.Message);
}
if (model != null)
{
// Authenticate to the Microsoft Graph and create a graph client
string clientId = ConfigurationManager.AppSettings["ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
string tenant = ConfigurationManager.AppSettings["Tenant"];
ClientCredential clientCredential = new ClientCredential(clientSecret);
IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential, null, tenant);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var user = new User
{
AccountEnabled = true,
DisplayName = model.DisplayName,
MailNickname = model.MailNickname,
UserPrincipalName = model.UserPrincipalName,
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = false,
Password = model.Password
}
};
try
{
// Add the user to Azure AD
User newUser = await graphClient.Users
.Request()
.AddAsync(user);
// Capture the object ID of the newly created user
model.Id = newUser.Id;
response.StatusCode = HttpStatusCode.OK;
response.Content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json");
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(ex.Message);
}
}
return(response);
}