private async Task AssignRolesToUser(Guid objectId, RenderingEnvironment environment, EnvironmentRoleAssignments roleAssignments) { var identity = new Identity.Identity { ObjectId = objectId }; // Assign RG permissions // We want to give the correct permissions to the environment RG, // but we also need to give Reader permissions to the other RGs so // we can query cost information. // ResourceId => RoleName var resourceIdsToRoles = environment.ExtractResourceGroupNames().ToDictionary( rgName => $"/subscriptions/{environment.SubscriptionId}/resourceGroups/{rgName}", rgName => rgName == environment.ResourceGroupName ? roleAssignments.EnvironmentResourceGroupRole : "Reader"); // Add the explicit resource roles resourceIdsToRoles[environment.BatchAccount.ResourceId] = roleAssignments.BatchRole; resourceIdsToRoles[environment.StorageAccount.ResourceId] = roleAssignments.StorageRole; resourceIdsToRoles[environment.KeyVault.ResourceId] = roleAssignments.KeyVaultRole; resourceIdsToRoles[environment.ApplicationInsightsAccount.ResourceId] = roleAssignments.ApplicationInsightsRole; resourceIdsToRoles[environment.Subnet.VnetResourceId] = roleAssignments.VNetRole; await Task.WhenAll(resourceIdsToRoles.Select( kvp => _azureResourceProvider.AssignRoleToIdentityAsync( environment.SubscriptionId, kvp.Key, // ResourceId/scope kvp.Value, // Role identity))); }
public bool IsSubscribed(Identity.Identity identity) { bool r = false; if (IsAvailable) { var input = new PerceptiveMCAPI.Types.listMemberInfoInput(APIKey, ListId, identity.Email); var output = new PerceptiveMCAPI.Methods.listMemberInfo(input).Execute(); r = output.result.status == EnumValues.listMembers_status.subscribed; } return(r); }
public bool Unsubscribe(Identity.Identity identity) { bool r = false; if (IsAvailable) { var input = new PerceptiveMCAPI.Types.listUnsubscribeInput(APIKey, ListId, identity.Email, false, false, false); var output = new PerceptiveMCAPI.Methods.listUnsubscribe(input).Execute(); r = output.result; } return(r); }
public async Task AssignManagementIdentityAsync( Guid subscriptionId, string resourceId, string role, Identity.Identity managementIdentity) { await AssignRoleToResource( subscriptionId, resourceId, role, managementIdentity); }
public async Task <Vault> CreateKeyVaultAsync( Identity.Identity portalIdentity, Identity.Identity ownerIdentity, Guid subscriptionId, string resourceGroupName, string location, string keyVaultName, string environmentName) { await RegisterProvider(subscriptionId, "Microsoft.KeyVault"); var accessToken = await GetAccessToken(); var token = new TokenCredentials(accessToken); var kvClient = new KeyVaultManagementClient(token) { SubscriptionId = subscriptionId.ToString() }; var permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions( secrets: new[] { "get", "list", "set", "delete" }, certificates: new[] { "get", "list", "update", "delete", "create", "import" }); var accessPolicies = new[] { // Portal MSI new AccessPolicyEntry( portalIdentity.TenantId, portalIdentity.ObjectId.ToString(), permissions), // Owner new AccessPolicyEntry( ownerIdentity.TenantId, ownerIdentity.ObjectId.ToString(), permissions) }; // TODO - Make SKU configurable var kvParams = new VaultCreateOrUpdateParameters( location, new VaultProperties( portalIdentity.TenantId, new Microsoft.Azure.Management.KeyVault.Models.Sku(Microsoft.Azure.Management.KeyVault.Models.SkuName.Standard), accessPolicies), GetEnvironmentTags(environmentName)); return(await kvClient.Vaults.CreateOrUpdateAsync( resourceGroupName, keyVaultName, kvParams)); }
public bool Subscribe(Identity.Identity identity) { bool r = false; if (IsAvailable) { Dictionary <string, object> mergeVars = new Dictionary <string, object>(); mergeVars.Add("FullName", identity.FullName); var input = new PerceptiveMCAPI.Types.listSubscribeInput(APIKey, ListId, identity.Email, mergeVars, EnumValues.emailType.html, false, true, true, false); var output = new PerceptiveMCAPI.Methods.listSubscribe(input).Execute(); r = output.result; } return(r); }
public void SendRegistrationEmail(Identity.Identity user) { using (var context = new Data.SizeUpContext()) { var strings = context.ResourceStrings.Where(i => i.Name.StartsWith("Registration.Email")).ToList(); var template = strings.Where(i => i.Name == "Registration.Email.Body").Select(i => i.Value).FirstOrDefault(); var subject = strings.Where(i => i.Name == "Registration.Email.Subject").Select(i => i.Value).FirstOrDefault(); var uri = HttpContext.Current.Request.Url; var t = Templates.TemplateFactory.GetTemplate(template); t.Add("User", user); t.Add("ConfirmKey", HttpContext.Current.Server.UrlEncode(user.GetEncryptedToken())); t.Add("OptOutKey", HttpContext.Current.Server.UrlEncode(user.GetEncryptedToken())); t.Add("AppDomain", uri.Scheme + Uri.SchemeDelimiter + uri.Host + ":" + uri.Port); string body = t.Render(); SendMail(user.Email, subject, body); } }
public async Task AssignRoleToIdentityAsync( Guid subscriptionId, string scope, string role, Identity.Identity identity) { var accessToken = await GetAccessToken(); var token = new TokenCredentials(accessToken); var authClient = new AuthorizationManagementClient(token, _httpClientFactory.CreateClient(), false) { SubscriptionId = subscriptionId.ToString() }; var result = await GetRoleDefinitions(authClient, scope); var roleDefs = result.Where(rd => rd.RoleName == role).ToList(); var roleDef = roleDefs.FirstOrDefault(); if (roleDef == null) { throw new Exception($"No {role} role definition found for resource group"); } var roleAssignments = await GetRoleAssignmentsForUser( authClient, scope, identity.ObjectId.ToString(), roleDefs); if (roleAssignments.All(ra => ra.RoleDefinitionId != roleDef.Id)) { try { await authClient.RoleAssignments.CreateAsync( scope, Guid.NewGuid().ToString(), new RoleAssignmentCreateParameters(roleDef.Id, identity.ObjectId.ToString())); } catch (CloudException ce) when(ce.Body?.Code == "RoleAssignmentExists") { // Ignore } } }
public void SendResetPasswordEmail(Identity.Identity user) { using (var context = new Data.SizeUpContext()) { var strings = context.ResourceStrings.Where(i => i.Name.StartsWith("PasswordReset.Email")).ToList(); var template = strings.Where(i => i.Name == "PasswordReset.Email.Body").Select(i => i.Value).FirstOrDefault(); var subject = strings.Where(i => i.Name == "PasswordReset.Email.Subject").Select(i => i.Value).FirstOrDefault(); var uri = HttpContext.Current.Request.Url; var t = Templates.TemplateFactory.GetTemplate(template); t.Add("User", user); t.Add("PasswordResetKey", HttpContext.Current.Server.UrlEncode(user.GetEncryptedToken())); t.Add("OptOutKey", HttpContext.Current.Server.UrlEncode(user.GetEncryptedToken())); //t.Add("AppDomain", uri.Scheme + Uri.SchemeDelimiter + uri.Host + ":" + uri.Port); //t.Add("AppDomain", (HttpContext.Current.Request.IsSecureConnection ? "https" : "http") + Uri.SchemeDelimiter + uri.Host); t.Add("AppDomain", (ConfigurationManager.AppSettings["HostingEnvironment"] == "LOCALHOST" ? "http" : "https") + Uri.SchemeDelimiter + uri.Host); string body = t.Render(); SendMail(user.Email, subject, body); } }
public LoginResult(bool success, Identity.Identity identity, UserLoginMessage messageToPublish) { Success = success; Identity = identity; MessageToPublish = messageToPublish; }
public Task <Vault> CreateKeyVaultAsync(Identity.Identity portalIdentity, Identity.Identity ownerIdentity, Guid subscriptionId, string resourceGroupName, string location, string keyVaultName, string environmentName) { throw new NotImplementedException(); }
public Task AssignRoleToIdentityAsync(Guid subscriptionId, string resourceId, string role, Identity.Identity identity) { throw new NotImplementedException(); }