Пример #1
0
        public async Task <int> ServicePrincipals()
        {
            try
            {
                var appsPermissions = await GraphServiceHelper.GetAppsPermission(_graphClient, _httpContext);

                var principalsPermissions = await GraphServiceHelper.GetDirectoryAudits(_graphClient, _httpContext);

                var servicePrincipals = await GraphServiceHelper.GetServicePrincipals(_graphClient, _httpContext);

                var principalIdToPermissions = new Dictionary <string, HashSet <string> >();
                principalsPermissions.ForEach(_ =>
                {
                    principalIdToPermissions.TryAdd(
                        _.TargetResources.First().Id,
                        ToHashSetExtension.ToHashSet(_.TargetResources.First().ModifiedProperties.First(__ => __.DisplayName == "ConsentAction.Permissions").NewValue.Split("Scope:").Last().
                                                     Split("]").First().Split(" ").Where(__ => __ != ""))
                        );
                });

                var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >();
                appsPermissions.ForEach(_ =>
                {
                    var permissionsSet =
                        ToHashSetExtension.ToHashSet(Newtonsoft.Json.Linq.Extensions.Value <string>(_["scope"])
                                                     .Split(' '));

                    var appId = Newtonsoft.Json.Linq.Extensions.Value <string>(_["clientId"]);
                    appIdToPermissionsSetDictionary.TryAdd(appId, permissionsSet);
                });

                var appIdToNameDictionary = new Dictionary <string, Tuple <string, string, string, string> >();
                servicePrincipals.ForEach(_ =>
                                          appIdToNameDictionary.Add(
                                              Newtonsoft.Json.Linq.Extensions.Value <string>(_["id"]),
                                              new Tuple <string, string, string, string>(
                                                  Newtonsoft.Json.Linq.Extensions.Value <string>(_["appId"]),
                                                  Newtonsoft.Json.Linq.Extensions.Value <string>(_["displayName"]),
                                                  Newtonsoft.Json.Linq.Extensions.Value <string>(_["homepage"]),
                                                  Newtonsoft.Json.Linq.Extensions.Value <string>(_["appOwnerOrganizationId"])
                                                  )));

                appIdToNameDictionary.ForEach(_ =>
                {
                    appIdToPermissionsSetDictionary.TryGetValue(_.Key, out var appPermissions);
                    principalIdToPermissions.TryGetValue(_.Key, out var principalPermissions);

                    if (Startup.IsCosmosDbGraphEnabled && (principalPermissions != null || appPermissions != null))
                    {
                        if (principalPermissions != null)
                        {
                            CosmosDbGraphHelper.Applications(_.Value.Item2, _.Value.Item1, principalPermissions, UserIds, _.Key, _.Value.Item3, _.Value.Item4);
                        }
                        else
                        {
                            CosmosDbGraphHelper.Applications(_.Value.Item2, _.Key, appPermissions, UserIds, _.Value.Item1, _.Value.Item3, _.Value.Item4);
                        }
                    }
                });

                return(appIdToNameDictionary.Count);
            }
            catch (Exception ex)
            {
                _logger.Error(ex, $"{nameof(ServicePrincipals)} {ex.Message} {ex.InnerException}");
            }

            return(0);
        }