public async Task <IActionResult> OnPostDeleteDeviceIdentityAsync(string id) { var graphService = GraphServiceClientFactory.GetForUserIdentity(this.User); await graphService.Applications[id].Request().DeleteAsync(); return(RedirectToPage()); }
public async Task <IActionResult> OnPost() { // Generate a unique display name with the prefix so that device identities can be easily retrieved by filtering on that prefix. var displayName = $"{DeviceDisplayNamePrefix} {Guid.NewGuid().ToString()}"; var description = "Created by Device Identity Provisioning Service"; var graphService = GraphServiceClientFactory.GetForUserIdentity(this.User); await CreateDeviceIdentityAsync(graphService, displayName, description); return(RedirectToPage()); }
public async Task OnGet(string notificationMessage) { this.NotificationMessage = notificationMessage; // Find all applications that have a display name that starts with the device prefix. // In real world scenarios, the actual device list would probably be stored and managed separately from Azure AD. var graphService = GraphServiceClientFactory.GetForUserIdentity(this.User); var deviceApplicationRegistrations = await graphService.Applications.Request().Filter($"startswith(displayName,'{DeviceDisplayNamePrefix}')").GetAsync(); this.Devices = deviceApplicationRegistrations.Select(d => new DeviceIdentity(d)).OrderByDescending(d => d.CreatedDateTime).ToArray(); }
public async Task <IActionResult> OnPostUseDeviceIdentityAsync(string id) { // Get the device and its details from Azure AD in this case. var graphService = GraphServiceClientFactory.GetForUserIdentity(this.User); var deviceApplicationRegistration = await graphService.Applications[id].Request().GetAsync(); var deviceIdentity = new DeviceIdentity(deviceApplicationRegistration); // Prove that we can actually USE the device identity to make a call to (in this case) // the Graph API using the permissions/roles that were granted. var notificationMessage = await CallApiUsingDeviceIdentityAsync(deviceIdentity); return(RedirectToPage(new { notificationMessage = notificationMessage })); }
private static async Task <string> CallApiUsingDeviceIdentityAsync(DeviceIdentity deviceIdentity) { try { var graphService = GraphServiceClientFactory.GetForDeviceIdentity(deviceIdentity); var users = await graphService.Users.Request().GetAsync(); return($"Successfully retrieved {users.Count} users from the Graph API using the identity of device \"{deviceIdentity.DisplayName}\" in tenant \"{deviceIdentity.TenantId}\", which demonstrates that the device is able to access the Graph API using its provisioned identity."); } catch (Exception exc) { return($"Failed to retrieve users from the Graph API using the identity of device \"{deviceIdentity.DisplayName}\" in tenant \"{deviceIdentity.TenantId}\": {exc.Message}."); } }
public async Task <IActionResult> OnPost() { // Revoke consent for the entire organization by removing the Service Principal of the application in the end user's tenant. var graphService = GraphServiceClientFactory.GetForUserIdentity(this.User); var deviceIdentityProvisioningAppId = Startup.DeviceIdentityProvisioningAppId; var deviceIdentityProvisioningServicePrincipal = (await graphService.ServicePrincipals.Request().Filter($"appId eq '{deviceIdentityProvisioningAppId}'").GetAsync()).SingleOrDefault(); var notificationMessage = default(string); if (deviceIdentityProvisioningServicePrincipal != null) { await graphService.ServicePrincipals[deviceIdentityProvisioningServicePrincipal.Id].Request().DeleteAsync(); notificationMessage = "Consent was revoked successfully. Please sign out."; } else { notificationMessage = "Consent was already revoked. Please sign out."; } return(RedirectToPage(new { notificationMessage = notificationMessage })); }