public static MyUser Create(IActiveDirectoryUser aad) { return(new MyUser { Displayname = aad.Name, Givenname = aad.Inner.GivenName, Surname = aad.Inner.Surname, Upn = aad.UserPrincipalName }); }
/// <summary> /// https://blogs.msdn.microsoft.com/premier_developer/2017/09/29/getting-started-with-the-azure-ad-b2b-invite-api/ /// </summary> /// <param name="userPrincipalName"></param> /// <returns></returns> private async Task <string> EnsureAzureADGuestUserExists(string userDisplayName, string userEmailAddress, string redirectUri) { var client = RestClient .Configure() .WithEnvironment(AzureEnvironment.AzureGlobalCloud) .WithLogLevel(HttpLoggingDelegatingHandler.Level.None) .WithCredentials(_authenticationHelper.GetAzureCrendentials()) .Build(); GraphRbacManager graphRbacManager = new GraphRbacManager(client, _appSettings.TenantId); IActiveDirectoryUser user = await graphRbacManager.Users.GetByNameAsync(userDisplayName); if (user == null) { return(await InviteUser(userDisplayName, userEmailAddress, redirectUri)); } else { return(user.Id); } }
public void CanCRUDGroup() { using (var context = FluentMockContext.Start(GetType().FullName)) { IGraphRbacManager manager = TestHelper.CreateGraphRbacManager(); var userName = SdkContext.RandomResourceName("user", 16); var spName = SdkContext.RandomResourceName("sp", 16); var group1Name = SdkContext.RandomResourceName("group", 16); var group2Name = SdkContext.RandomResourceName("group", 16); IActiveDirectoryUser user = null; IServicePrincipal servicePrincipal = null; IActiveDirectoryGroup group1 = null; IActiveDirectoryGroup group2 = null; try { user = manager.Users.Define(userName) .WithEmailAlias(userName) .WithPassword("StrongPass!123") .Create(); servicePrincipal = manager.ServicePrincipals.Define(spName) .WithNewApplication("https://" + spName) .Create(); group1 = manager.Groups.Define(group1Name) .WithEmailAlias(group1Name) .Create(); SdkContext.DelayProvider.Delay(15000); group2 = manager.Groups.Define(group2Name) .WithEmailAlias(group2Name) .WithMember(user.Id) .WithMember(servicePrincipal.Id) .WithMember(group1.Id) .Create(); Assert.NotNull(group2); Assert.NotNull(group2.Id); var members = group2.ListMembers(); Assert.Equal(3, members.Count()); var enumerator = members.GetEnumerator(); Assert.True(enumerator.MoveNext()); Assert.NotNull(enumerator.Current.Id); Assert.True(enumerator.MoveNext()); Assert.NotNull(enumerator.Current.Id); Assert.True(enumerator.MoveNext()); Assert.NotNull(enumerator.Current.Id); Assert.False(enumerator.MoveNext()); } finally { if (servicePrincipal != null) { manager.ServicePrincipals.DeleteById(servicePrincipal.Id); } // cannot delete users or groups from service principal // if (user != null) { // manager.Users.DeleteById(user.Id); // } // if (group != null) { // manager.Groups.DeleteById(group.Id); // } } } }
public void CanCRUDKeyVault() { using (var context = FluentMockContext.Start(GetType().FullName)) { // Create user service principal String sp = SdkContext.RandomResourceName("sp", 20); String us = SdkContext.RandomResourceName("us", 20); IGraphRbacManager graphManager = TestHelper.CreateGraphRbacManager(); string vaultName1 = TestUtilities.GenerateName("vault1"); string rgName = TestUtilities.GenerateName("rgNEMV"); IKeyVaultManager manager = TestHelper.CreateKeyVaultManager(); IServicePrincipal servicePrincipal = graphManager.ServicePrincipals .Define(sp) .WithNewApplication("http://" + sp) .Create(); IActiveDirectoryUser user = graphManager.Users .Define(us) .WithEmailAlias(us) .WithPassword("P@$$w0rd") .Create(); //var spnCredentialsClientId = HttpMockServer.Variables[ConnectionStringKeys.ServicePrincipalKey]; try { IVault vault = manager.Vaults .Define(vaultName1) .WithRegion(Region.USWest) .WithNewResourceGroup(rgName) .DefineAccessPolicy() .ForServicePrincipal("http://" + sp) .AllowKeyPermissions(KeyPermissions.List) .AllowSecretAllPermissions() .AllowCertificatePermissions(CertificatePermissions.Get) .Attach() .DefineAccessPolicy() .ForUser(us) .AllowKeyAllPermissions() .AllowSecretAllPermissions() .AllowCertificatePermissions(CertificatePermissions.Get, CertificatePermissions.List, CertificatePermissions.Create) .Attach() .Create(); Assert.NotNull(vault); Assert.Equal(vaultName1, vault.Name); foreach (IAccessPolicy policy in vault.AccessPolicies) { if (policy.ObjectId.Equals(servicePrincipal.Id)) { Assert.Equal(1, policy.Permissions.Keys.Count); Assert.Equal(KeyPermissions.List.Value, policy.Permissions.Keys[0]); Assert.Equal(8, policy.Permissions.Secrets.Count); Assert.Equal(1, policy.Permissions.Certificates.Count); Assert.Equal(CertificatePermissions.Get.Value, policy.Permissions.Certificates[0]); } if (policy.ObjectId.Equals(user.Id)) { Assert.Equal(16, policy.Permissions.Keys.Count); Assert.Equal(8, policy.Permissions.Secrets.Count); Assert.Equal(3, policy.Permissions.Certificates.Count); } } vault = vault.Update() .UpdateAccessPolicy(servicePrincipal.Id) .AllowKeyAllPermissions() .DisallowSecretAllPermissions() .AllowCertificateAllPermissions() .Parent() .Apply(); foreach (IAccessPolicy policy in vault.AccessPolicies) { if (policy.ObjectId.Equals(servicePrincipal.Id)) { Assert.Equal(16, policy.Permissions.Keys.Count); Assert.Equal(0, policy.Permissions.Secrets.Count); Assert.Equal(14, policy.Permissions.Certificates.Count); } } } finally { try { TestHelper.CreateResourceManager().ResourceGroups.DeleteByName(rgName); } catch { } } } }
/// <summary> /// Specifies the Active Directory user this access policy is for. /// </summary> /// <param name="user">The AD user object.</param> /// <return>The next stage of access policy definition.</return> Microsoft.Azure.Management.KeyVault.Fluent.AccessPolicy.Definition.IWithAttach <Microsoft.Azure.Management.KeyVault.Fluent.Vault.Definition.IWithCreate> Microsoft.Azure.Management.KeyVault.Fluent.AccessPolicy.Definition.IWithIdentity <Microsoft.Azure.Management.KeyVault.Fluent.Vault.Definition.IWithCreate> .ForUser(IActiveDirectoryUser user) { return(this.ForUser(user)); }
public ActiveDirectoryGroupImpl WithMember(IActiveDirectoryUser user) { return(WithMember(user.Id)); }
public RoleAssignmentImpl ForUser(IActiveDirectoryUser user) { this.objectId = user.Id; return(this); }
/// <summary> /// Specifies the assignee of the role assignment to be a user. /// </summary> /// <param name="user">The user object.</param> /// <return>The next stage in role assignment definition.</return> RoleAssignment.Definition.IWithRole RoleAssignment.Definition.IWithAssignee.ForUser(IActiveDirectoryUser user) { return(this.ForUser(user) as RoleAssignment.Definition.IWithRole); }
/// <summary> /// Adds a user as a member in the group. /// </summary> /// <param name="user">The Active Directory user to add.</param> /// <return>The next AD group definition stage.</return> ActiveDirectoryGroup.Definition.IWithCreate ActiveDirectoryGroup.Definition.IWithMemberBeta.WithMember(IActiveDirectoryUser user) { return(this.WithMember(user)); }
/// <summary> /// Removes a user as a member in the group. /// </summary> /// <param name="user">The Active Directory user to remove.</param> /// <return>The next AD group update stage.</return> ActiveDirectoryGroup.Update.IUpdate ActiveDirectoryGroup.Update.IWithMemberBeta.WithoutMember(IActiveDirectoryUser user) { return(this.WithoutMember(user)); }
///GENMHASH:9E92F3BA1758AAE198E09D586436080A:0A1851786DBC209232600425DAE0D55D public AccessPolicyImpl ForUser(IActiveDirectoryUser user) { Inner.ObjectId = user.Id; return(this); }
/** * Azure Users, Groups and Roles sample. * - List users * - Get user by email * - Assign role to AD user * - Revoke role from AD user * - Get role by scope and role name * - List roles * - List Active Directory groups. */ public static void RunSample(Azure.IAuthenticated authenticated) { string subscriptionId = authenticated.Subscriptions.List().First().SubscriptionId; Utilities.Log("Selected subscription: " + subscriptionId); string raName1 = SdkContext.RandomGuid(); // ============================================================ // List users var users = authenticated.ActiveDirectoryUsers.List(); Utilities.Log("Active Directory Users:"); foreach (var user in users) { Utilities.Print(user); } // ============================================================ // Get user by email IActiveDirectoryUser adUser = authenticated.ActiveDirectoryUsers.GetByName("*****@*****.**"); Utilities.Log("Found User with email \"[email protected]\": "); Utilities.Print(adUser); // ============================================================ // Assign role to AD user IRoleAssignment roleAssignment1 = authenticated.RoleAssignments .Define(raName1) .ForUser(adUser) .WithBuiltInRole(BuiltInRole.DnsZoneContributor) .WithSubscriptionScope(subscriptionId) .Create(); Utilities.Log("Created Role Assignment:"); Utilities.Print(roleAssignment1); // ============================================================ // Revoke role from AD user authenticated.RoleAssignments.DeleteById(roleAssignment1.Id); Utilities.Log("Revoked Role Assignment: " + roleAssignment1.Id); // ============================================================ // Get role by scope and role name IRoleDefinition roleDefinition = authenticated.RoleDefinitions .GetByScopeAndRoleName("subscriptions/" + subscriptionId, "Contributor"); Utilities.Print(roleDefinition); // ============================================================ // List roles var roles = authenticated.RoleDefinitions .ListByScope("subscriptions/" + subscriptionId); Utilities.Log("Roles: "); foreach (var role in roles) { Utilities.Print(role); } // ============================================================ // List Active Directory groups var groups = authenticated.ActiveDirectoryGroups.List(); Utilities.Log("Active Directory Groups:"); foreach (var group in groups) { Utilities.Print(group); } }
public UserController(ILogger <UserController> logger, IUser user, IActiveDirectoryUser adUser) { _logger = logger; _user = user; _adUser = adUser; }
private static void Log(int level, IActiveDirectoryUser cur) { Log(level, $"{cur.Name}"); Log(level + 1, $"{cur.Inner.GivenName}"); Log(level + 1, $"{cur.Inner.Surname}"); }