예제 #1
0
        private static async Task ListRoleAssignments(string scope, string accessToken)
        {
            var httpClient = new HttpClient();
            var apiCaller  = new ProtectedApiCallHelper(httpClient);
            //await apiCaller.CallWebApiAndProcessResultASync("https://graph.microsoft.com/v1.0/users", result.AccessToken, Display);

            string url = string.Format("https://management.azure.com/{0}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01", scope);
            await apiCaller.CallWebApiAndProcessResultASync(url, accessToken, Display);
        }
예제 #2
0
        private static async Task DeleteAccess(string scope, string roleAssignmentGuid, string accessToken)
        {
            var httpClient = new HttpClient();

            var apiCaller = new ProtectedApiCallHelper(httpClient);

            string url = string.Format("https://management.azure.com/{0}/providers/Microsoft.Authorization/roleAssignments/{1}?api-version=2015-07-01", scope, roleAssignmentGuid);

            await apiCaller.DeleteWebApiAndProcessResultASync(url, accessToken, Display);
        }
예제 #3
0
        private static async Task RunAsync()
        {
            var result = await ProtectedApiCallHelper.GetAccessToken();

            //Can be subscription scope or resource group scope
            string scope = string.Format("subscriptions/{0}", SUBSCRIPTIONID);

            //string scope = "subscriptions/b697fa44-1b50-43bd-8b36-e93333d56d25/resourceGroups/myResourceGroup";

            if (result != null)
            {
                await ListRoleAssignments(scope, result.AccessToken);

                string roleAssignmentGuid = await GrantAccess(scope, PRINCIPALID, SUBSCRIPTIONID, ROLEDEFINITIONID, result.AccessToken);

                await DeleteAccess(scope, roleAssignmentGuid, result.AccessToken);
            }
        }
예제 #4
0
        private static async Task <string> GrantAccess(string scope, string principalId, string subscriptionId, string roleDefinitionId, string accessToken)
        {
            var httpClient = new HttpClient();

            var apiCaller = new ProtectedApiCallHelper(httpClient);

            string roleAssignmentGuid = Guid.NewGuid().ToString();

            string        url          = string.Format("https://management.azure.com/{0}/providers/Microsoft.Authorization/roleAssignments/{1}?api-version=2015-07-01", scope, roleAssignmentGuid);
            RoleDefintion roleDefinion = new RoleDefintion();

            roleDefinion.properties = new Properties();
            roleDefinion.properties.roleDefinitionId = string.Format("/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", subscriptionId);
            roleDefinion.properties.principalId      = principalId;

            string body = JsonConvert.SerializeObject(roleDefinion);

            System.Diagnostics.Debug.WriteLine(body);
            await apiCaller.PutWebApiAndProcessResultASync(url, accessToken, Display, body);

            //Return the GUID of the new role assignment
            return(roleAssignmentGuid);
        }