public static DirectoryDataService CreateDirectoryDataService(HttpSessionStateBase session)
{
AADJWTToken token = null;
if (session != null && session["token"] != null)
{
token = session["token"] as AADJWTToken;
}
//Fetch a token if it has not been fetched earlier or if it is 2 minutes from expiration.
if (token == null || token.WillExpireIn(2))
{
token = DirectoryDataServiceAuthorizationHelper.GetAuthorizationToken(ConfigurationManager.AppSettings["TenantDomainName"],
ConfigurationManager.AppSettings["AppPrincipalId"], ConfigurationManager.AppSettings["Password"]);
if (session != null)
{
session["token"] = token;
}
}
return(new DirectoryDataService(ConfigurationManager.AppSettings["TenantDomainName"], token));
}
public ActionResult Users()
{
//get the user's objectID
Boolean onACL = false;
String userObjectId = ((ClaimsIdentity)User.Identity).FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
List <ACLElem> ACLElems = XmlHelper.GetACLElemsFromXml();
foreach (ACLElem elem in ACLElems)
{
//is user's objectId in the ACL?
if (elem.ObjectId.Equals(userObjectId))
{
onACL = true;
}
else
{
foreach (Claim groupClaim in ((ClaimsIdentity)User.Identity).FindAll("Group"))
{
//is a group the user belongs to in the ACL?
if (elem.ObjectId.Equals(groupClaim.Value))
{
onACL = true;
break;
}
}
}
// exit as soon as you find the user or a group in the ACL
if (onACL)
{
break;
}
}
//if user is not in ACL - do not grant permission
if (!onACL)
{
return(RedirectToAction("Error", "Home", new { errorMessage = "Access Denied. To view this resource, have an admin add you or your group to the ACL." }));
}
//get the tenantName
string tenantName = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
// get the clientId and password values from the Web.config file
string clientId = ConfigurationManager.AppSettings["ClientId"];
string password = ConfigurationManager.AppSettings["Password"];
// use the Graph help to get a token
AADJWTToken token = DirectoryDataServiceAuthorizationHelper.GetAuthorizationToken(tenantName, clientId, password);
// use the token to initialize a graphService instance
DirectoryDataService graphService = new DirectoryDataService(tenantName, token);
// get Users
//
var users = graphService.users;
QueryOperationResponse <User> response;
response = users.Execute() as QueryOperationResponse <User>;
List <User> userList = response.ToList();
ViewBag.userList = userList;
// Use the token for subsequent Graph calls.
// Is the existing token expire or about to expire in 2 mins?
// if true, get a new token and refresh the graph service
//
int tokenMins = 2;
if (token.IsExpired || token.WillExpireIn(tokenMins))
{
AADJWTToken newToken = DirectoryDataServiceAuthorizationHelper.GetAuthorizationToken(tenantName, clientId, password);
token = newToken;
graphService = new DirectoryDataService(tenantName, token);
}
// get tenant information
//
var tenant = graphService.tenantDetails;
QueryOperationResponse <TenantDetail> responseTenantQuery;
responseTenantQuery = tenant.Execute() as QueryOperationResponse <TenantDetail>;
List <TenantDetail> tenantInfo = responseTenantQuery.ToList();
ViewBag.OtherMessage = "User List from tenant: " + tenantInfo[0].displayName;
return(View(userList));
}
