public async Task <IActionResult> Blob()
{
var scopes = new string[] { "https://storage.azure.com/user_impersonation" };
try
{
var accessToken =
await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
// create a blob on behalf of the user
TokenCredential tokenCredential = new TokenCredential(accessToken);
StorageCredentials storageCredentials = new StorageCredentials(tokenCredential);
// replace the URL below with your storage account URL
CloudBlockBlob blob = new CloudBlockBlob(new Uri("https://blobstorageazuread.blob.core.windows.net/sample-container/Blob1.txt"), storageCredentials);
await blob.UploadTextAsync("Blob created by Azure AD authenticated user.");
ViewData["Message"] = "Blob successfully created";
return(View());
}
catch (MsalUiRequiredException ex)
{
if (CanbeSolvedByReSignInUser(ex))
{
AuthenticationProperties properties = BuildAuthenticationPropertiesForIncrementalConsent(scopes, ex);
return(Challenge(properties));
}
else
{
throw;
}
}
}
public async Task <IActionResult> Create()
{
string userId = User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
string tenantId = User.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value;
string clientState = Guid.NewGuid().ToString();
// Initialize the GraphServiceClient.
var graphClient = await GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(
HttpContext, new[] { Infrastructure.Constants.ScopeMailRead });
return(result);
});
Subscription newSubscription = new Subscription();
try
{
// Create a subscription.
// The `Resource` property targets the `users/{user-id}` or `users/{user-principal-name}` path (not `me`) when using application permissions.
// The NotificationUrl requires the `https` protocol and supports custom query parameters.
newSubscription = await graphClient.Subscriptions.Request().AddAsync(new Subscription
{
Resource = $"users/{userId}/mailFolders('Inbox')/messages",
ChangeType = "created",
NotificationUrl = appSettings.NotificationUrl,
ClientState = clientState,
//ExpirationDateTime = DateTime.UtcNow + new TimeSpan(0, 0, 4230, 0) // current maximum lifespan for messages
ExpirationDateTime = DateTime.UtcNow + new TimeSpan(0, 0, 15, 0) // shorter duration useful for testing
});
// Verify client state, then store the subscription ID and client state to validate incoming notifications.
if (newSubscription.ClientState == clientState)
{
// This sample temporarily stores the subscription data, but production apps will likely use some method of persistent storage.
// This sample stores the client state to validate the subscription, the tenant ID to reuse tokens, and the user ID to filter
// messages to display by user.
subscriptionStore.SaveSubscriptionInfo(newSubscription.Id,
newSubscription.ClientState,
userId,
tenantId);
}
else
{
ViewBag.Message = "Warning! Mismatched client state.";
}
}
catch (Exception e)
{
// If a tenant admin hasn't granted consent, this operation returns an Unauthorized error.
// This sample caches the initial unauthorized token, so you'll need to start a new browser session.
ViewBag.Message = BuildErrorMessage(e);
return(View("Error"));
}
return(View("Subscription", newSubscription));
}
public async Task <IActionResult> Index()
{
var scopes = new string[] { $"{_configuration["FhirServerAudience"].TrimEnd('/')}/.default" };
string accessToken;
try
{
accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
}
catch (MsalUiRequiredException ex)
{
AuthenticationProperties properties = AuthenticationPropertiesBuilder.BuildForIncrementalConsent(scopes, HttpContext, ex);
return(Challenge(properties));
}
var client = GetClientAsync(accessToken);
Bundle result = null;
List <Patient> patientResults = new List <Patient>();
try
{
if (!string.IsNullOrEmpty(Request.Query["ct"]))
{
string cont = Request.Query["ct"];
result = client.Search <Patient>(new string[] { $"ct={cont}" });
}
else
{
result = client.Search <Patient>();
}
if (result.Entry != null)
{
foreach (var e in result.Entry)
{
patientResults.Add((Patient)e.Resource);
}
}
if (result.NextLink != null)
{
ViewData["NextLink"] = result.NextLink.PathAndQuery;
}
}
catch (Exception e)
{
ViewData["ErrorMessage"] = e.Message;
}
return(View(patientResults));
}
public async Task <IActionResult> Profile()
{
var accessToken =
await tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, new[] { Constants.ScopeUserRead });
var me = await graphApiOperations.GetUserInformation(accessToken);
var photo = await graphApiOperations.GetPhotoAsBase64Async(accessToken);
ViewData["Me"] = me;
ViewData["Photo"] = photo;
return(View());
}
public async Task <IActionResult> Profile()
{
// Initialize the GraphServiceClient.
var graphClient = await GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(
HttpContext, new[] { Constants.ScopeUserRead });
return(result);
}, webOptions.GraphApiUrl);
// Get user profile info.
var me = await graphClient.Me.Request().GetAsync();
ViewData["Me"] = me;
try
{
// Get user photo
var photoStream = await graphClient.Me.Photo.Content.Request().GetAsync();
byte[] photoByte = ((MemoryStream)photoStream).ToArray();
ViewData["Photo"] = Convert.ToBase64String(photoByte);
}
catch (System.Exception)
{
ViewData["Photo"] = null;
}
return(View());
}
public async Task <IActionResult> GetAction(string resourceType, string resourceId)
{
var scopes = new string[] { $"{_configuration["FhirImportService:Audience"].TrimEnd('/')}/.default" };
string accessToken;
try
{
accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
}
catch (MsalUiRequiredException ex)
{
AuthenticationProperties properties = AuthenticationPropertiesBuilder.BuildForIncrementalConsent(scopes, HttpContext, ex);
return(Challenge(properties));
}
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(_configuration["FhirServerUrl"]);
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpResponseMessage result = await client.GetAsync($"/{resourceType}/{resourceId}");
result.EnsureSuccessStatusCode();
ViewData["ResourceJson"] = await result.Content.ReadAsStringAsync();
}
return(View("Index"));
}
public async Task <User> GetUser()
{
User user = httpContextAccessor.HttpContext.Session.GetUser();
if (user != null)
{
return(user);
}
string accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(httpContextAccessor.HttpContext, new[] { Constants.ScopeUserRead });
var userInformation = await graphApiOperations.GetUserInformation(accessToken) as JObject;
user = userInformation.ToObject <User>();
User dbUser = db.Users.Find(user.Id);
if (dbUser == null)
{
db.Users.Add(user);
db.SaveChanges();
}
else
{
user = dbUser;
}
httpContextAccessor.HttpContext.Session.Set("User", user);
return(user);
}
private Graph::GraphServiceClient GetGraphServiceClient(string[] scopes)
{
return(GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(
HttpContext, scopes);
return result;
}, webOptions.GraphApiUrl));
}
public async Task <IActionResult> Blob()
{
var scopes = new string[] { "https://storage.azure.com/user_impersonation" };
try
{
var accessToken =
await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
ViewData["Message"] = await CreateBlob(accessToken);
return(View());
}
catch (MsalUiRequiredException ex)
{
AuthenticationProperties properties = BuildAuthenticationPropertiesForIncrementalConsent(scopes, ex);
return(Challenge(properties));
}
}
public async Task <IActionResult> Index2()
{
string accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, new[] { "User.Read", "Directory.Read.All" });
User me = await _service.GetMeAsync(accessToken);
IList <Group> groups = await _service.GetMyGroupsAsync(accessToken);
ViewData["Me"] = me;
ViewData["Groups"] = groups;
return(View());
}
public async Task <IActionResult> Index()
{
string accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, new[] { Constants.ScopeUserRead, Constants.ScopeDirectoryReadAll });
User me = await graphService.GetMeAsync(accessToken);
var photo = await graphService.GetMyPhotoAsync(accessToken);
IList <Group> groups = await graphService.GetMyMemberOfGroupsAsync(accessToken);
ViewData["Me"] = me;
ViewData["Photo"] = photo;
ViewData["Groups"] = groups;
return(View());
}
// Get information about the changed messages and send to browser via SignalR.
// A production application would typically queue a background job for reliability.
private async Task GetChangedMessagesAsync(IEnumerable <Notification> notifications)
{
List <MessageViewModel> messages = new List <MessageViewModel>();
foreach (var notification in notifications)
{
if (notification.ResourceData.ODataType != "#Microsoft.Graph.Message")
{
continue;
}
SubscriptionStore subscription = subscriptionStore.GetSubscriptionInfo(notification.SubscriptionId);
// Set the claims for ObjectIdentifier and TenantId, and
// use the above claims for the current HttpContext
HttpContext.User = ClaimsPrincipalExtension.FromTenantIdAndObjectId(subscription.TenantId, subscription.UserId);
// Initialize the GraphServiceClient.
var graphClient = await GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(
HttpContext, new[] { Infrastructure.Constants.ScopeMailRead });
return(result);
});
MessageRequest request = new MessageRequest(graphClient.BaseUrl + "/" + notification.Resource, graphClient, null);
try
{
messages.Add(new MessageViewModel(await request.GetAsync(), subscription.UserId));
}
catch (ServiceException se)
{
string errorMessage = se.Error.Message;
string requestId = se.Error.InnerError.AdditionalData["request-id"].ToString();
string requestDate = se.Error.InnerError.AdditionalData["date"].ToString();
logger.LogError($"RetrievingMessages: { errorMessage } Request ID: { requestId } Date: { requestDate }");
}
}
if (messages.Count > 0)
{
NotificationService notificationService = new NotificationService();
await notificationService.SendNotificationToClient(this.notificationHub, messages);
}
}
//[Authorize(Policy = "DirectoryViewerRole")]
//[Authorize(Policy = "SubGroup2-Part1Only")]
//[Authorize(Roles = AppRoles.DirectoryViewers)]
public async Task <IActionResult> Groups()
{
string[] scopes = new[] { GraphScopes.DirectoryReadAll };
GraphServiceClient graphServiceClient = GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(
HttpContext, scopes);
return(result);
}, webOptions.GraphApiUrl);
var groups = await graphServiceClient.Me.MemberOf.Request().GetAsync();
ViewData["Groups"] = groups.CurrentPage;
return(View());
}
public async Task <string> CallGraphApiOnBehalfOfUser()
{
string[] scopes = { "user.read" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
dynamic me = await CallGraphApiOnBehalfOfUser(accessToken);
return(me.userPrincipalName);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(HttpContext, scopes, ex);
return(string.Empty);
}
}
public async Task <IActionResult> AboutMe()
{
var identity = User.Identity as ClaimsIdentity; // Azure AD V2 endpoint specific
string preferred_username = identity.Claims.FirstOrDefault(c => c.Type == "preferred_username")?.Value;
ViewData["FhirServerUrl"] = _configuration["FhirServerUrl"];
ViewData["UPN"] = preferred_username;
var scopes = new string[] { $"{_configuration["FhirServerAudience"].TrimEnd('/')}/.default" };
try
{
var accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
ViewData["token"] = accessToken;
return(View());
}
catch (MsalUiRequiredException ex)
{
AuthenticationProperties properties = AuthenticationPropertiesBuilder.BuildForIncrementalConsent(scopes, HttpContext, ex);
return(Challenge(properties));
}
}
protected async Task <string> GetAccessToken(string scope = "https://management.azure.com/user_impersonation")
{
return(await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(
HttpContext,
new[] { scope }));
}