private static GroupMemberships ExpandVSTSGroup(GraphHttpClient graphClient, GraphGroup group)
{
groupCache.TryGetValue(group, out GroupMemberships groupMemberships);
if (groupMemberships != null)
{
return(groupMemberships);
}
groupMemberships = new GroupMemberships();
// Convert all memberships into GraphSubjectLookupKeys
List <GraphSubjectLookupKey> lookupKeys = new List <GraphSubjectLookupKey>();
List <GraphMembership> memberships = graphClient.ListMembershipsAsync(group.Descriptor, GraphTraversalDirection.Down).Result;
foreach (var membership in memberships)
{
lookupKeys.Add(new GraphSubjectLookupKey(membership.MemberDescriptor));
}
IReadOnlyDictionary <SubjectDescriptor, GraphSubject> subjectLookups = graphClient.LookupSubjectsAsync(new GraphSubjectLookup(lookupKeys)).Result;
foreach (GraphSubject subject in subjectLookups.Values)
{
if (subject.OriginId.Equals(group.OriginId))
{
break; //Father paradox
}
switch (subject.Descriptor.SubjectType)
{
//member is an AAD user
case "aad":
groupMemberships.AddUser((GraphUser)subject);
break;
//member is an MSA user
case "asd2":
groupMemberships.AddUser((GraphUser)subject);
break;
//member is a nested AAD group
case "aadgp":
groupMemberships.AddAADGroup((GraphGroup)subject);
break;
//member is a nested VSTS group
case "vssgp":
GroupMemberships subGroupMemberships = ExpandVSTSGroup(graphClient, (GraphGroup)subject);
groupMemberships.Add(subGroupMemberships);
break;
default:
throw new Exception("Unknown SubjectType: " + subject.Descriptor.SubjectType);
}
}
groupCache.Add(group, groupMemberships);
return(groupMemberships);
}
public void AddRemoveAADGroupMembership()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: create a group at the account level
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateVSTSGroup-AddRemoveAADGroupMembership");
GraphGroupCreationContext createGroupContext = new GraphGroupVstsCreationContext
{
DisplayName = "Developers-" + Guid.NewGuid(),
Description = "Group created via client library"
};
GraphGroup parentGroup = graphClient.CreateGroupAsync(createGroupContext).Result;
string parentGroupDescriptor = parentGroup.Descriptor;
Context.Log("New group created! ID: {0}", parentGroupDescriptor);
//
// Part 2: add the AAD group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "AddUserToGroup-AddRemoveAADGroupMembership");
GraphGroupCreationContext addAADGroupContext = new GraphGroupOriginIdCreationContext
{
OriginId = "a42aad15-d654-4b16-9309-9ee34d5aacfb"
};
GraphGroup aadGroup = graphClient.CreateGroupAsync(addAADGroupContext).Result;
string aadGroupDescriptor = aadGroup.Descriptor;
Context.Log("AAD group added! ID: {0}", aadGroupDescriptor);
//
// Part 3: Make the AAD group a member of the VSTS 'Developers' group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateMembershipAADGroup-AddRemoveAADGroupMembership");
GraphMembership graphMembership = graphClient.AddMembershipAsync(aadGroupDescriptor, parentGroupDescriptor).Result;
//
// Part 4: get the membership
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetMembershipAADGroup-AddRemoveAADGroupMembership");
graphMembership = graphClient.GetMembershipAsync(aadGroupDescriptor, parentGroupDescriptor).Result;
//
// Part 5: Check to see if the AAD group is a member of the VSTS 'Developers' group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CheckMembershipExistenceAADGroup");
graphClient.CheckMembershipExistenceAsync(aadGroupDescriptor, parentGroupDescriptor).SyncResult();
//
// Part 6: Get every group the subject(AAD group) is a member of
//
ClientSampleHttpLogger.SetOperationName(this.Context, "BatchGetMembershipsAADGroupDown");
List <GraphMembership> membershipsForUser = graphClient.ListMembershipsAsync(aadGroupDescriptor).Result;
//
// Part 7: Get every member of the VSTS 'Developers' group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "BatchGetMembershipsAADGroupUp");
List <GraphMembership> membershipsOfGroup = graphClient.ListMembershipsAsync(parentGroupDescriptor, Microsoft.VisualStudio.Services.Graph.GraphTraversalDirection.Down).Result;
//
// Part 8: Remove member from the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteMembershipAADGroup");
graphClient.RemoveMembershipAsync(aadGroupDescriptor, parentGroupDescriptor).SyncResult();
try
{
ClientSampleHttpLogger.SetOperationName(this.Context, "CheckMembershipExistenceAADGroupDeleted");
graphClient.CheckMembershipExistenceAsync(aadGroupDescriptor, parentGroupDescriptor).SyncResult();
}
catch (Exception e)
{
Context.Log("AAD Group is no longer a member of the group:" + e.Message);
}
//
// Part 9: delete the groups
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteAADGroup-AddRemoveAADGroupMembership");
graphClient.DeleteGroupAsync(aadGroupDescriptor).SyncResult();
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteParentGroup-AddRemoveAADGroupMembership");
graphClient.DeleteGroupAsync(parentGroupDescriptor).SyncResult();
}
public void AddRemoveUserMembership()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: create a group at the account level
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateVSTSGroup-AddRemoveUserMembership");
GraphGroupCreationContext createGroupContext = new GraphGroupVstsCreationContext
{
DisplayName = "Developers-" + Guid.NewGuid(),
Description = "Group created via client library"
};
GraphGroup newGroup = graphClient.CreateGroupAsync(createGroupContext).Result;
string groupDescriptor = newGroup.Descriptor;
Context.Log("New group created! ID: {0}", groupDescriptor);
//
// Part 2: add the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "AddUserToGroup-AddRemoveUserMembership");
GraphUserCreationContext addUserContext = new GraphUserPrincipalNameCreationContext
{
PrincipalName = "*****@*****.**"
};
GraphUser newUser = graphClient.CreateUserAsync(addUserContext).Result;
string userDescriptor = newUser.Descriptor;
Context.Log("New user added! ID: {0}", userDescriptor);
//
// Part 3: Make the user a member of the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateMembershipUser-AddRemoveUserMembership");
GraphMembership graphMembership = graphClient.AddMembershipAsync(userDescriptor, groupDescriptor).Result;
//
// Part 4: get the membership
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetMembershipUser");
graphMembership = graphClient.GetMembershipAsync(userDescriptor, groupDescriptor).Result;
//
// Part 5: Check to see if the user is a member of the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CheckMembershipExistenceUser");
graphClient.CheckMembershipExistenceAsync(userDescriptor, groupDescriptor).SyncResult();
//
// Part 6: Get every group the subject(user) is a member of
//
ClientSampleHttpLogger.SetOperationName(this.Context, "BatchGetMembershipsUserUp");
List <GraphMembership> membershipsForUser = graphClient.ListMembershipsAsync(userDescriptor).Result;
//
// Part 7: Get every member of the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "BatchGetMembershipsGroupDown");
List <GraphMembership> membershipsOfGroup = graphClient.ListMembershipsAsync(groupDescriptor, Microsoft.VisualStudio.Services.Graph.GraphTraversalDirection.Down).Result;
//
// Part 8: Remove member from the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteMembershipUser");
graphClient.RemoveMembershipAsync(userDescriptor, groupDescriptor).SyncResult();
try
{
ClientSampleHttpLogger.SetOperationName(this.Context, "CheckMembershipExistenceUserDeleted");
graphClient.CheckMembershipExistenceAsync(userDescriptor, groupDescriptor).SyncResult();
}
catch (Exception e)
{
Context.Log("User is no longer a member of the group:" + e.Message);
}
//
// Part 9: delete the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteGroup-AddRemoveUserMembership");
graphClient.DeleteGroupAsync(groupDescriptor).SyncResult();
//
// Part 10: remove the user
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteUser-AddRemoveUserMembership");
graphClient.DeleteUserAsync(userDescriptor).SyncResult();
//
// Try to get the deleted user
ClientSampleHttpLogger.SetOperationName(this.Context, "GetMembershipStateUser-AddRemoveUserMembership");
GraphMembershipState membershipState = graphClient.GetMembershipStateAsync(userDescriptor).Result;
try
{
if (membershipState.Active)
{
throw new Exception();
}
}
catch (Exception)
{
Context.Log("The deleted user is not disabled!");
}
}