public async Task AppSignIns()
{
try
{
var appsPermissions = await _microsoftGraphApiHelper.GetAppsPermission();
var servicePrincipals = await _microsoftGraphApiHelper.GetServicePrincipals();
var appIdToNameDictionary = new Dictionary <string, string>();
servicePrincipals.ForEach(_ =>
appIdToNameDictionary.Add(
_["id"].Value <string>(),
_["appDisplayName"].Value <string>())
);
var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >();
appsPermissions.ForEach(_ =>
{
var permissionsSet = _["scope"].Value <string>().Split(' ').ToHashSet();
var appId = _["clientId"].Value <string>();
var principalId = _["principalId"].Value <string>();
appIdToNameDictionary.TryGetValue(appId, out var appDisplayName);
appIdToPermissionsSetDictionary.CreateOrUpdate(
appDisplayName ?? appId,
() => permissionsSet,
__ => __.Union(permissionsSet).ToHashSet()
);
//BloodHoundHelper.Applications(appDisplayName ?? appId, permissionsSet, principalId);
if (Startup.IsCosmosDbGraphEnabled)
{
CosmosDbGraphHelper.Applications(appDisplayName, appId, permissionsSet, principalId);
}
});
/*
* Creating connections based on permissions
* foreach (var (appId, appDisplayName) in appIdToNameDictionary)
* {
* var vertex = new GremlinVertex(appId, nameof(Application));
* vertex.AddProperty(CosmosDbHelper.CollectionPartitionKey, appId.GetHashCode());
* vertex.AddProperty(nameof(appDisplayName), appDisplayName?.ToUpper() ?? string.Empty);
* gremlinVertices.Add(vertex);
* }
*
* var mailBoxes = new GremlinVertex("MailBoxes", "MailBoxes");
* mailBoxes.AddProperty(CosmosDbHelper.CollectionPartitionKey, "MailBoxes".GetHashCode());
* gremlinVertices.Add(mailBoxes);*/
}
catch (Exception ex)
{
_logger.Error(ex, $"{nameof(AppSignIns)} {ex.Message} {ex.InnerException}");
}
}
public async Task <int> ServicePrincipals()
{
try
{
var appsPermissions = await GraphServiceHelper.GetAppsPermission(_graphClient, _httpContext);
var principalsPermissions = await GraphServiceHelper.GetDirectoryAudits(_graphClient, _httpContext);
var servicePrincipals = await GraphServiceHelper.GetServicePrincipals(_graphClient, _httpContext);
var principalIdToPermissions = new Dictionary <string, HashSet <string> >();
principalsPermissions.ForEach(_ =>
{
principalIdToPermissions.TryAdd(
_.TargetResources.First().Id,
ToHashSetExtension.ToHashSet(_.TargetResources.First().ModifiedProperties.First(__ => __.DisplayName == "ConsentAction.Permissions").NewValue.Split("Scope:").Last().
Split("]").First().Split(" ").Where(__ => __ != ""))
);
});
var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >();
appsPermissions.ForEach(_ =>
{
var permissionsSet =
ToHashSetExtension.ToHashSet(Newtonsoft.Json.Linq.Extensions.Value <string>(_["scope"])
.Split(' '));
var appId = Newtonsoft.Json.Linq.Extensions.Value <string>(_["clientId"]);
appIdToPermissionsSetDictionary.TryAdd(appId, permissionsSet);
});
var appIdToNameDictionary = new Dictionary <string, Tuple <string, string, string, string> >();
servicePrincipals.ForEach(_ =>
appIdToNameDictionary.Add(
Newtonsoft.Json.Linq.Extensions.Value <string>(_["id"]),
new Tuple <string, string, string, string>(
Newtonsoft.Json.Linq.Extensions.Value <string>(_["appId"]),
Newtonsoft.Json.Linq.Extensions.Value <string>(_["displayName"]),
Newtonsoft.Json.Linq.Extensions.Value <string>(_["homepage"]),
Newtonsoft.Json.Linq.Extensions.Value <string>(_["appOwnerOrganizationId"])
)));
appIdToNameDictionary.ForEach(_ =>
{
appIdToPermissionsSetDictionary.TryGetValue(_.Key, out var appPermissions);
principalIdToPermissions.TryGetValue(_.Key, out var principalPermissions);
if (Startup.IsCosmosDbGraphEnabled && (principalPermissions != null || appPermissions != null))
{
if (principalPermissions != null)
{
CosmosDbGraphHelper.Applications(_.Value.Item2, _.Value.Item1, principalPermissions, UserIds, _.Key, _.Value.Item3, _.Value.Item4);
}
else
{
CosmosDbGraphHelper.Applications(_.Value.Item2, _.Key, appPermissions, UserIds, _.Value.Item1, _.Value.Item3, _.Value.Item4);
}
}
});
return(appIdToNameDictionary.Count);
}
catch (Exception ex)
{
_logger.Error(ex, $"{nameof(ServicePrincipals)} {ex.Message} {ex.InnerException}");
}
return(0);
}