public async Task<List<Models.User>> GetAssignedUsers() { try { // Create the Graph Client string tenantId = ClaimsPrincipal.Current.FindFirst(Globals.TenantIdClaimType).Value; ActiveDirectoryClient graphClient = new ActiveDirectoryClient(new Uri(Globals.GraphApiUrl, tenantId), async () => await GraphHelper.AcquireTokenAsApp()); // Read users from db for evaluating in memory List<Models.User> userHistory = UsersDbHelper.GetUsersForTenant(tenantId); List<Models.User> usersWithStatus = new List<Models.User>(userHistory); List<Models.User> updatedUserHistory = new List<Models.User>(userHistory); // Get the assignments for the application ServicePrincipal sp = (ServicePrincipal)graphClient.ServicePrincipals.Where(servicePrincpial => servicePrincpial.AppId.Equals(ConfigHelper.ClientId)).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); IServicePrincipalFetcher spFetcher = sp; List<IAppRoleAssignment> assignments = spFetcher.AppRoleAssignedTo.ExecuteAsync().Result.CurrentPage.ToList(); // TODO: Paging // TODO: Better Error Handling // TODO: Retry Logic // TODO: Nested Groups // TODO: Paged Results on Assignments // TODO: Paged Results on Group Membership // TODO: Performance & Batch Queries // Get the groups assigned to the app first foreach (IAppRoleAssignment assignment in assignments) { if (assignment.PrincipalType == "Group") { // Get the group members IGroupFetcher gFetcher = graphClient.Groups.GetByObjectId(assignment.PrincipalId.ToString()); List<IDirectoryObject> members = gFetcher.Members.ExecuteAsync().Result.CurrentPage.ToList(); foreach (IDirectoryObject member in members) { if (member is User) { User user = (User)member; int existingUserIndex = userHistory.FindIndex(u => u.ObjectId == user.ObjectId); // If the user did not exist in the db before if (existingUserIndex == -1) { // The user is new usersWithStatus.Add(new Models.User(user) { assignmentStatus = "New" }); updatedUserHistory.Add(new Models.User(user)); } else { // The user is active, but not new usersWithStatus[usersWithStatus.FindIndex(u => u.ObjectId == user.ObjectId)] = new Models.User(user) { assignmentStatus = "Enabled" }; updatedUserHistory[existingUserIndex] = new Models.User(user); } } } } } // Get the users assigned to the app second foreach (IAppRoleAssignment assignment in assignments) { if (assignment.PrincipalType == "User") { int existingUserIndex = userHistory.FindIndex(u => u.ObjectId == assignment.PrincipalId.ToString()); int assignedUserIndex = usersWithStatus.FindIndex(u => u.ObjectId == assignment.PrincipalId.ToString()); // If we haven't seen the user before, add it if (existingUserIndex == -1 && assignedUserIndex == -1) { User user = (User)await graphClient.Users.GetByObjectId(assignment.PrincipalId.ToString()).ExecuteAsync(); usersWithStatus.Add(new Models.User(user) { assignmentStatus = "New" }); updatedUserHistory.Add(new Models.User(user)); } // If we have seen the user before but didn't already update his data as part of group assignment, update the user data. else if (existingUserIndex >= 0 && string.IsNullOrEmpty(usersWithStatus[assignedUserIndex].assignmentStatus)) { User user = (User)await graphClient.Users.GetByObjectId(assignment.PrincipalId.ToString()).ExecuteAsync(); usersWithStatus[usersWithStatus.FindIndex(u => u.ObjectId == user.ObjectId)] = new Models.User(user) { assignmentStatus = "Enabled" }; updatedUserHistory[existingUserIndex] = new Models.User(user); } } } UsersDbHelper.SaveUsersForTenant(tenantId, updatedUserHistory); return usersWithStatus; } catch (AdalException ex) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } }
public void ClearUserTable() { string tenantId = ClaimsPrincipal.Current.FindFirst(Globals.TenantIdClaimType).Value; UsersDbHelper.ClearUsersForTenant(tenantId); }