Exemplo n.º 1
0
 public static MyUser Create(IActiveDirectoryUser aad)
 {
     return(new MyUser
     {
         Displayname = aad.Name,
         Givenname = aad.Inner.GivenName,
         Surname = aad.Inner.Surname,
         Upn = aad.UserPrincipalName
     });
 }
        /// <summary>
        /// https://blogs.msdn.microsoft.com/premier_developer/2017/09/29/getting-started-with-the-azure-ad-b2b-invite-api/
        /// </summary>
        /// <param name="userPrincipalName"></param>
        /// <returns></returns>
        private async Task <string> EnsureAzureADGuestUserExists(string userDisplayName, string userEmailAddress, string redirectUri)
        {
            var client = RestClient
                         .Configure()
                         .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                         .WithLogLevel(HttpLoggingDelegatingHandler.Level.None)
                         .WithCredentials(_authenticationHelper.GetAzureCrendentials())
                         .Build();

            GraphRbacManager graphRbacManager = new GraphRbacManager(client, _appSettings.TenantId);

            IActiveDirectoryUser user = await graphRbacManager.Users.GetByNameAsync(userDisplayName);

            if (user == null)
            {
                return(await InviteUser(userDisplayName, userEmailAddress, redirectUri));
            }
            else
            {
                return(user.Id);
            }
        }
Exemplo n.º 3
0
        public void CanCRUDGroup()
        {
            using (var context = FluentMockContext.Start(GetType().FullName))
            {
                IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
                var userName                           = SdkContext.RandomResourceName("user", 16);
                var spName                             = SdkContext.RandomResourceName("sp", 16);
                var group1Name                         = SdkContext.RandomResourceName("group", 16);
                var group2Name                         = SdkContext.RandomResourceName("group", 16);
                IActiveDirectoryUser  user             = null;
                IServicePrincipal     servicePrincipal = null;
                IActiveDirectoryGroup group1           = null;
                IActiveDirectoryGroup group2           = null;
                try
                {
                    user = manager.Users.Define(userName)
                           .WithEmailAlias(userName)
                           .WithPassword("StrongPass!123")
                           .Create();
                    servicePrincipal = manager.ServicePrincipals.Define(spName)
                                       .WithNewApplication("https://" + spName)
                                       .Create();
                    group1 = manager.Groups.Define(group1Name)
                             .WithEmailAlias(group1Name)
                             .Create();
                    SdkContext.DelayProvider.Delay(15000);
                    group2 = manager.Groups.Define(group2Name)
                             .WithEmailAlias(group2Name)
                             .WithMember(user.Id)
                             .WithMember(servicePrincipal.Id)
                             .WithMember(group1.Id)
                             .Create();

                    Assert.NotNull(group2);
                    Assert.NotNull(group2.Id);
                    var members = group2.ListMembers();
                    Assert.Equal(3, members.Count());
                    var enumerator = members.GetEnumerator();
                    Assert.True(enumerator.MoveNext());
                    Assert.NotNull(enumerator.Current.Id);
                    Assert.True(enumerator.MoveNext());
                    Assert.NotNull(enumerator.Current.Id);
                    Assert.True(enumerator.MoveNext());
                    Assert.NotNull(enumerator.Current.Id);
                    Assert.False(enumerator.MoveNext());
                }
                finally
                {
                    if (servicePrincipal != null)
                    {
                        manager.ServicePrincipals.DeleteById(servicePrincipal.Id);
                    }
                    // cannot delete users or groups from service principal
                    // if (user != null) {
                    //     manager.Users.DeleteById(user.Id);
                    // }
                    // if (group != null) {
                    //     manager.Groups.DeleteById(group.Id);
                    // }
                }
            }
        }
Exemplo n.º 4
0
        public void CanCRUDKeyVault()
        {
            using (var context = FluentMockContext.Start(GetType().FullName))
            {
                // Create user service principal
                String            sp           = SdkContext.RandomResourceName("sp", 20);
                String            us           = SdkContext.RandomResourceName("us", 20);
                IGraphRbacManager graphManager = TestHelper.CreateGraphRbacManager();
                string            vaultName1   = TestUtilities.GenerateName("vault1");
                string            rgName       = TestUtilities.GenerateName("rgNEMV");

                IKeyVaultManager manager = TestHelper.CreateKeyVaultManager();

                IServicePrincipal servicePrincipal = graphManager.ServicePrincipals
                                                     .Define(sp)
                                                     .WithNewApplication("http://" + sp)
                                                     .Create();

                IActiveDirectoryUser user = graphManager.Users
                                            .Define(us)
                                            .WithEmailAlias(us)
                                            .WithPassword("P@$$w0rd")
                                            .Create();
                //var spnCredentialsClientId = HttpMockServer.Variables[ConnectionStringKeys.ServicePrincipalKey];

                try
                {
                    IVault vault = manager.Vaults
                                   .Define(vaultName1)
                                   .WithRegion(Region.USWest)
                                   .WithNewResourceGroup(rgName)
                                   .DefineAccessPolicy()
                                   .ForServicePrincipal("http://" + sp)
                                   .AllowKeyPermissions(KeyPermissions.List)
                                   .AllowSecretAllPermissions()
                                   .AllowCertificatePermissions(CertificatePermissions.Get)
                                   .Attach()
                                   .DefineAccessPolicy()
                                   .ForUser(us)
                                   .AllowKeyAllPermissions()
                                   .AllowSecretAllPermissions()
                                   .AllowCertificatePermissions(CertificatePermissions.Get, CertificatePermissions.List, CertificatePermissions.Create)
                                   .Attach()
                                   .Create();
                    Assert.NotNull(vault);
                    Assert.Equal(vaultName1, vault.Name);
                    foreach (IAccessPolicy policy in vault.AccessPolicies)
                    {
                        if (policy.ObjectId.Equals(servicePrincipal.Id))
                        {
                            Assert.Equal(1, policy.Permissions.Keys.Count);
                            Assert.Equal(KeyPermissions.List.Value, policy.Permissions.Keys[0]);
                            Assert.Equal(8, policy.Permissions.Secrets.Count);
                            Assert.Equal(1, policy.Permissions.Certificates.Count);
                            Assert.Equal(CertificatePermissions.Get.Value, policy.Permissions.Certificates[0]);
                        }
                        if (policy.ObjectId.Equals(user.Id))
                        {
                            Assert.Equal(16, policy.Permissions.Keys.Count);
                            Assert.Equal(8, policy.Permissions.Secrets.Count);
                            Assert.Equal(3, policy.Permissions.Certificates.Count);
                        }
                    }

                    vault = vault.Update()
                            .UpdateAccessPolicy(servicePrincipal.Id)
                            .AllowKeyAllPermissions()
                            .DisallowSecretAllPermissions()
                            .AllowCertificateAllPermissions()
                            .Parent()
                            .Apply();

                    foreach (IAccessPolicy policy in vault.AccessPolicies)
                    {
                        if (policy.ObjectId.Equals(servicePrincipal.Id))
                        {
                            Assert.Equal(16, policy.Permissions.Keys.Count);
                            Assert.Equal(0, policy.Permissions.Secrets.Count);
                            Assert.Equal(14, policy.Permissions.Certificates.Count);
                        }
                    }
                }
                finally
                {
                    try
                    {
                        TestHelper.CreateResourceManager().ResourceGroups.DeleteByName(rgName);
                    }
                    catch { }
                }
            }
        }
 /// <summary>
 /// Specifies the Active Directory user this access policy is for.
 /// </summary>
 /// <param name="user">The AD user object.</param>
 /// <return>The next stage of access policy definition.</return>
 Microsoft.Azure.Management.KeyVault.Fluent.AccessPolicy.Definition.IWithAttach <Microsoft.Azure.Management.KeyVault.Fluent.Vault.Definition.IWithCreate> Microsoft.Azure.Management.KeyVault.Fluent.AccessPolicy.Definition.IWithIdentity <Microsoft.Azure.Management.KeyVault.Fluent.Vault.Definition.IWithCreate> .ForUser(IActiveDirectoryUser user)
 {
     return(this.ForUser(user));
 }
 public ActiveDirectoryGroupImpl WithMember(IActiveDirectoryUser user)
 {
     return(WithMember(user.Id));
 }
Exemplo n.º 7
0
 public RoleAssignmentImpl ForUser(IActiveDirectoryUser user)
 {
     this.objectId = user.Id;
     return(this);
 }
 /// <summary>
 /// Specifies the assignee of the role assignment to be a user.
 /// </summary>
 /// <param name="user">The user object.</param>
 /// <return>The next stage in role assignment definition.</return>
 RoleAssignment.Definition.IWithRole RoleAssignment.Definition.IWithAssignee.ForUser(IActiveDirectoryUser user)
 {
     return(this.ForUser(user) as RoleAssignment.Definition.IWithRole);
 }
 /// <summary>
 /// Adds a user as a member in the group.
 /// </summary>
 /// <param name="user">The Active Directory user to add.</param>
 /// <return>The next AD group definition stage.</return>
 ActiveDirectoryGroup.Definition.IWithCreate ActiveDirectoryGroup.Definition.IWithMemberBeta.WithMember(IActiveDirectoryUser user)
 {
     return(this.WithMember(user));
 }
 /// <summary>
 /// Removes a user as a member in the group.
 /// </summary>
 /// <param name="user">The Active Directory user to remove.</param>
 /// <return>The next AD group update stage.</return>
 ActiveDirectoryGroup.Update.IUpdate ActiveDirectoryGroup.Update.IWithMemberBeta.WithoutMember(IActiveDirectoryUser user)
 {
     return(this.WithoutMember(user));
 }
 ///GENMHASH:9E92F3BA1758AAE198E09D586436080A:0A1851786DBC209232600425DAE0D55D
 public AccessPolicyImpl ForUser(IActiveDirectoryUser user)
 {
     Inner.ObjectId = user.Id;
     return(this);
 }
Exemplo n.º 12
0
        /**
         * Azure Users, Groups and Roles sample.
         * - List users
         * - Get user by email
         * - Assign role to AD user
         * - Revoke role from AD user
         * - Get role by scope and role name
         * - List roles
         * - List Active Directory groups.
         */
        public static void RunSample(Azure.IAuthenticated authenticated)
        {
            string subscriptionId = authenticated.Subscriptions.List().First().SubscriptionId;

            Utilities.Log("Selected subscription: " + subscriptionId);
            string raName1 = SdkContext.RandomGuid();
            // ============================================================
            // List users

            var users = authenticated.ActiveDirectoryUsers.List();

            Utilities.Log("Active Directory Users:");
            foreach (var user in users)
            {
                Utilities.Print(user);
            }

            // ============================================================
            // Get user by email

            IActiveDirectoryUser adUser = authenticated.ActiveDirectoryUsers.GetByName("*****@*****.**");

            Utilities.Log("Found User with email \"[email protected]\": ");
            Utilities.Print(adUser);

            // ============================================================
            // Assign role to AD user

            IRoleAssignment roleAssignment1 = authenticated.RoleAssignments
                                              .Define(raName1)
                                              .ForUser(adUser)
                                              .WithBuiltInRole(BuiltInRole.DnsZoneContributor)
                                              .WithSubscriptionScope(subscriptionId)
                                              .Create();

            Utilities.Log("Created Role Assignment:");
            Utilities.Print(roleAssignment1);

            // ============================================================
            // Revoke role from AD user

            authenticated.RoleAssignments.DeleteById(roleAssignment1.Id);
            Utilities.Log("Revoked Role Assignment: " + roleAssignment1.Id);

            // ============================================================
            // Get role by scope and role name

            IRoleDefinition roleDefinition = authenticated.RoleDefinitions
                                             .GetByScopeAndRoleName("subscriptions/" + subscriptionId, "Contributor");

            Utilities.Print(roleDefinition);

            // ============================================================
            // List roles

            var roles = authenticated.RoleDefinitions
                        .ListByScope("subscriptions/" + subscriptionId);

            Utilities.Log("Roles: ");
            foreach (var role in roles)
            {
                Utilities.Print(role);
            }

            // ============================================================
            // List Active Directory groups

            var groups = authenticated.ActiveDirectoryGroups.List();

            Utilities.Log("Active Directory Groups:");
            foreach (var group in groups)
            {
                Utilities.Print(group);
            }
        }
Exemplo n.º 13
0
 public UserController(ILogger <UserController> logger, IUser user, IActiveDirectoryUser adUser)
 {
     _logger = logger;
     _user   = user;
     _adUser = adUser;
 }
Exemplo n.º 14
0
 private static void Log(int level, IActiveDirectoryUser cur)
 {
     Log(level, $"{cur.Name}");
     Log(level + 1, $"{cur.Inner.GivenName}");
     Log(level + 1, $"{cur.Inner.Surname}");
 }