예제 #1
0
        static void AddUserToAccount(string username)
        {
            //Reference taken from https://blogs.msdn.microsoft.com/buckh/2014/10/07/how-to-add-licensed-users-to-vs-online-via-the-api/
            try
            {
                string _personalAccessToken = ConfigurationSettings.AppSettings["appsetting.pat"].ToString();
                var    creds            = new VssBasicCredential("", _personalAccessToken);
                string _vstsaccountname = ConfigurationSettings.AppSettings["appsetting.vstsacountname"].ToString();
                var    vssConnection    = new VssConnection(new Uri("https://" + _vstsaccountname + ".vssps.visualstudio.com"), creds);
                string aadtenantid      = ConfigurationSettings.AppSettings["appsetting.aadtenantid"].ToString();

                var licensingClient = vssConnection.GetClient <LicensingHttpClient>();
                var identityClient  = vssConnection.GetClient <IdentityHttpClient>();


                var collectionScope = identityClient.GetScopeAsync(_vstsaccountname).Result;


                var licensedUsersGroupDescriptor = new IdentityDescriptor(IdentityConstants.TeamFoundationType,
                                                                          GroupWellKnownSidConstants.LicensedUsersGroupSid);


                var identifier = String.Concat(SidIdentityHelper.GetDomainSid(collectionScope.Id),
                                               SidIdentityHelper.WellKnownSidType,
                                               licensedUsersGroupDescriptor.Identifier.Substring(SidIdentityHelper.WellKnownSidPrefix.Length));


                var collectionLicensedUsersGroupDescriptor = new IdentityDescriptor(IdentityConstants.TeamFoundationType,
                                                                                    identifier);



                var upnIdentity = string.Format("upn:{0}\\{1}", aadtenantid, username);


                var newUserDesciptor = new IdentityDescriptor(IdentityConstants.BindPendingIdentityType,
                                                              upnIdentity);



                bool result = identityClient.AddMemberToGroupAsync(collectionLicensedUsersGroupDescriptor,
                                                                   newUserDesciptor).Result;
                var userIdentity = identityClient.ReadIdentitiesAsync(IdentitySearchFilter.AccountName,
                                                                      username).Result.FirstOrDefault();



                var entitlement = licensingClient.AssignEntitlementAsync(userIdentity.Id, AccountLicense.Auto).Result;
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
                if (e.InnerException != null)
                {
                    Console.WriteLine(e.InnerException.Message);
                }
            }
        }
예제 #2
0
        private static void AddUserToAccount(string VssAccountName, string VssUserToAddMailAddress, License VssLicense)
        {
            try
            {
                // The first call is to see if the user already exists in the account.
                // Since this is the first call to the service, this will trigger the sign-in window to pop up.
                Console.WriteLine("Sign in as the admin of account {0}. You will see a sign-in window on the desktop.",
                                  VssAccountName);
                var userIdentity = identityClient.ReadIdentitiesAsync(IdentitySearchFilter.AccountName,
                                                                      VssUserToAddMailAddress).Result.FirstOrDefault();
                if (userIdentity == null)
                {
                    var username = VssUserToAddMailAddress.Substring(0, VssUserToAddMailAddress.IndexOf("@"));
                    userIdentity = identityClient.ReadIdentitiesAsync(IdentitySearchFilter.MailAddress, VssUserToAddMailAddress).Result.FirstOrDefault();
                }
                // If the identity is null, this is a user that has not yet been added to the account.
                // We'll need to add the user as a "bind pending" - meaning that the email address of the identity is
                // recorded so that the user can log into the account, but the rest of the details of the identity
                // won't be filled in until first login.
                if (userIdentity == null)
                {
                    Console.WriteLine("Creating a new identity and adding it to the collection's licensed users group.");

                    // We are adding the user to a collection, and at the moment only one collection is supported per
                    // account in VSO.
                    var collectionScope = identityClient.GetScopeAsync(VssAccountName).Result;

                    // First get the descriptor for the licensed users group, which is a well known (built in) group.
                    var licensedUsersGroupDescriptor = new IdentityDescriptor(IdentityConstants.TeamFoundationType,
                                                                              GroupWellKnownSidConstants.LicensedUsersGroupSid);

                    // Now convert that into the licensed users group descriptor into a collection scope identifier.
                    var identifier = String.Concat(SidIdentityHelper.GetDomainSid(collectionScope.Id),
                                                   SidIdentityHelper.WellKnownSidType,
                                                   licensedUsersGroupDescriptor.Identifier.Substring(SidIdentityHelper.WellKnownSidPrefix.Length));

                    // Here we take the string representation and create the strongly-type descriptor
                    var collectionLicensedUsersGroupDescriptor = new IdentityDescriptor(IdentityConstants.TeamFoundationType,
                                                                                        identifier);


                    // Get the domain from the user that runs this code. This domain will then be used to construct
                    // the bind-pending identity. The domain is either going to be "Windows Live ID" or the Azure
                    // Active Directory (AAD) unique identifier, depending on whether the account is connected to
                    // an AAD tenant. Then we'll format this as a UPN string.
                    var currUserIdentity = vssConnection.AuthorizedIdentity.Descriptor;
                    var directory        = "Windows Live ID"; // default to an MSA (fka Live ID)
                    if (currUserIdentity.Identifier.Contains('\\'))
                    {
                        // The identifier is domain\userEmailAddress, which is used by AAD-backed accounts.
                        // We'll extract the domain from the admin user.
                        directory = currUserIdentity.Identifier.Split(new char[] { '\\' })[0];
                    }
                    var upnIdentity = string.Format("upn:{0}\\{1}", directory, VssUserToAddMailAddress);

                    // Next we'll create the identity descriptor for a new "bind pending" user identity.
                    var newUserDesciptor = new IdentityDescriptor(IdentityConstants.BindPendingIdentityType,
                                                                  upnIdentity);

                    // We are ready to actually create the "bind pending" identity entry. First we have to add the
                    // identity to the collection's licensed users group. Then we'll retrieve the Identity object
                    // for this newly-added user. Without being added to the licensed users group, the identity
                    // can't exist in the account.
                    bool result = identityClient.AddMemberToGroupAsync(collectionLicensedUsersGroupDescriptor,
                                                                       newUserDesciptor).Result;
                    userIdentity = identityClient.ReadIdentitiesAsync(IdentitySearchFilter.AccountName,
                                                                      VssUserToAddMailAddress).Result.FirstOrDefault();
                }

                Console.WriteLine("Assigning license to user.");
                var entitlement = licensingClient.AssignEntitlementAsync(userIdentity.Id, VssLicense).Result;

                Console.WriteLine("Success!");
            }
            catch (Exception e)
            {
                using (StreamWriter sw = File.AppendText("fubarAccounts.txt"))
                {
                    sw.WriteLine("{0}, failed, {1}", VssUserToAddMailAddress, e.InnerException.Message);
                }
                Console.WriteLine("\r\nSomething went wrong...");
                Console.WriteLine(e.Message);
                if (e.InnerException != null)
                {
                    Console.WriteLine(e.InnerException.Message);
                }
            }
        }
예제 #3
0
        private async static Task <Guid> AddMemberToAccount(Project project, TraceWriter log)
        {
            string username    = ConfigurationManager.AppSettings.Get("VSTSUserName");
            string pattoken    = ConfigurationManager.AppSettings.Get("VSTSPat");
            string accountName = ConfigurationManager.AppSettings.Get("VSTSAccountName");

            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(pattoken) || string.IsNullOrWhiteSpace(accountName))
            {
                log.Error("AppSettings missing for VSTSUserName, VSTSPat or VSTSAccountName");
                return(Guid.Empty);
            }

            try
            {
                VssBasicCredential credentials = new VssBasicCredential(username, pattoken);
                VssConnection      connection  = new VssConnection(new Uri($"https://{accountName}.vssps.visualstudio.com/"), credentials);

                var identityClient  = connection.GetClient <IdentityHttpClient>();
                var licensingClient = connection.GetClient <LicensingHttpClient>();
                var userIdentity    = identityClient.ReadIdentitiesAsync(IdentitySearchFilter.AccountName, project.Owner).Result.FirstOrDefault();

                // If the identity is null, this is a user that has not yet been added to the account.
                // We'll need to add the user as a "bind pending" - meaning that the email address of the identity is
                // recorded so that the user can log into the account, but the rest of the details of the identity
                // won't be filled in until first login.
                if (userIdentity != null)
                {
                    log.Info($"User:{project.Owner} already exists in VSTS account with name: {accountName}");
                    return(userIdentity.Id);
                }

                log.Info("Creating a new identity and adding it to the collection's licensed users group.");
                var collectionScope = identityClient.GetScopeAsync(accountName).Result;

                // First get the descriptor for the licensed users group, which is a well known (built in) group.
                var licensedUsersGroupDescriptor = new IdentityDescriptor(IdentityConstants.TeamFoundationType,
                                                                          GroupWellKnownSidConstants.LicensedUsersGroupSid);

                // Now convert that into the licensed users group descriptor into a collection scope identifier.
                var identifier = string.Concat(SidIdentityHelper.GetDomainSid(collectionScope.Id),
                                               SidIdentityHelper.WellKnownSidType,
                                               licensedUsersGroupDescriptor.Identifier.Substring(SidIdentityHelper.WellKnownSidPrefix.Length));

                // Here we take the string representation and create the strongly-type descriptor
                var collectionLicensedUsersGroupDescriptor = new IdentityDescriptor(IdentityConstants.TeamFoundationType,
                                                                                    identifier);

                // Get the domain from the user that runs this code. This domain will then be used to construct
                // the bind-pending identity. The domain is either going to be "Windows Live ID" or the Azure
                // Active Directory (AAD) unique identifier, depending on whether the account is connected to
                // an AAD tenant. Then we'll format this as a UPN string.
                var currUserIdentity = connection.AuthorizedIdentity.Descriptor;
                if (!currUserIdentity.Identifier.Contains('\\'))
                {
                    log.Error("Could not find directory for user");
                    return(Guid.Empty);
                }

                // The identifier is domain\userEmailAddress, which is used by AAD-backed accounts.
                // We'll extract the domain from the admin user.
                var directory   = currUserIdentity.Identifier.Split(new char[] { '\\' })[0];
                var upnIdentity = string.Format("upn:{0}\\{1}", directory, project.Owner);

                // Next we'll create the identity descriptor for a new "bind pending" user identity.
                var newUserDesciptor = new IdentityDescriptor(IdentityConstants.BindPendingIdentityType,
                                                              upnIdentity);

                // We are ready to actually create the "bind pending" identity entry. First we have to add the
                // identity to the collection's licensed users group. Then we'll retrieve the Identity object
                // for this newly-added user. Without being added to the licensed users group, the identity
                // can't exist in the account.
                bool result = identityClient.AddMemberToGroupAsync(collectionLicensedUsersGroupDescriptor,
                                                                   newUserDesciptor).Result;
                userIdentity = identityClient.ReadIdentitiesAsync(IdentitySearchFilter.AccountName,
                                                                  project.Owner).Result.FirstOrDefault();

                log.Info("Assigning license to user.");
                Microsoft.VisualStudio.Services.Licensing.License licence = GetLicense();
                var entitlement = licensingClient.AssignEntitlementAsync(userIdentity.Id, licence, false).Result;
                log.Info($"Added {project.Owner} as a user with license:{licence.ToString()} to account with name:{accountName}");
                return(userIdentity.Id);
            }
            catch (Exception e)
            {
                log.Error(e.Message);
                return(Guid.Empty);
            }
        }