private ConditionalAccessPolicyModel BuildConditionlAccessPolicy(ConditionalAccessPolicyModel policy, IEnumerable <NamedLocation> locations)
{
if (policy.users.allUsers > 1 || policy.usersV2.allUsers > 1)
{
policy.isUsersGroupsV2Enabled = true;
}
else
{
policy.users = null;
policy.usersV2 = null;
}
//Must to set isAllProtocolsEnabled = true for create and update operation
if (policy.conditions.clientApps.applyCondition || policy.conditions.clientAppsV2.applyCondition)
{
policy.isAllProtocolsEnabled = true;
}
if (policy.conditions.namedNetworks.applyCondition)
{
if (policy.conditions.namedNetworks.includedNetworkIds.Any())
{
var locationIds = locations.Where(l => policy.conditions.namedNetworks.includedNetworkIds.Contains(l.DisplayName)).Select(l => l.Id).ToList();
policy.conditions.namedNetworks.includedNetworkIds.Clear();
policy.conditions.namedNetworks.includedNetworkIds.AddRange(locationIds);
}
if (policy.conditions.namedNetworks.excludedNetworkIds.Any())
{
var locationIds = locations.Where(l => policy.conditions.namedNetworks.excludedNetworkIds.Contains(l.DisplayName)).Select(l => l.Id).ToList();
policy.conditions.namedNetworks.excludedNetworkIds.Clear();
policy.conditions.namedNetworks.excludedNetworkIds.AddRange(locationIds);
}
}
return(policy);
}
public async Task UpdateConditionalAccessPolicy(string policyId, ConditionalAccessPolicyModel policy)
{
var graphClient = GraphClient.GetInstance("a7223375-8d73-437d-a391-1c30f50afd49", "dc293766-b44d-48e6-bc3d-a14569148567", "JQXW_GIhdb3_74-h8U7e_ABFuR5u9vK937");
var httpClient = HttpClientService.GetInstance("*****@*****.**", "OsiN20mhqA");
var locations = await graphClient.Identity.ConditionalAccess.NamedLocations.Request().GetAsync();
await UpdateConditionalAccessPolicy(httpClient, policyId, policy, locations);
}
private async Task UpdateConditionalAccessPolicy(HttpClient httpClient, string policyId, ConditionalAccessPolicyModel policy, IEnumerable <NamedLocation> locations)
{
policy = BuildConditionlAccessPolicy(policy, locations);
var content = JsonConvert.SerializeObject(policy, new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Include
});
var httpContent = new StringContent(content, Encoding.UTF8, "application/json");
var validResponse = await httpClient.PostAsync($"https://main.iam.ad.ext.azure.com/api/Policies/Validate", httpContent);
var response = await httpClient.PutAsync($"https://main.iam.ad.ext.azure.com/api/Policies/{policyId}", httpContent);
if (response.IsSuccessStatusCode)
{
}
else
{
}
}
private async Task CreateConditionalAccessPolicy(GraphServiceClient graphClient, HttpClient httpClient, ConditionalAccessPolicyModel policy, IEnumerable <NamedLocation> locations)
{
try
{
policy = BuildConditionlAccessPolicy(policy, locations);
var content = JsonConvert.SerializeObject(policy, new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Ignore
});
var httpContent = new StringContent(content, Encoding.UTF8, "application/json");
var response = await httpClient.PostAsync("https://main.iam.ad.ext.azure.com/api/Policies", httpContent);
if (response.IsSuccessStatusCode)
{
}
else
{
}
}
catch (Exception ex)
{
}
}
