public async Task <HttpResponseMessage> PatchConditionalAccessPolicyAsync(ConditionalAccessPolicy conditionalAccessPolicy, string clientId = null)
{
conditionalAccessPolicy.createdDateTime = null;
conditionalAccessPolicy.modifiedDateTime = null;
string requestUrl = graphEndpoint + $"/identity/conditionalAccess/policies/{conditionalAccessPolicy.id}";
HttpRequestMessage hrm = new HttpRequestMessage(new HttpMethod("PATCH"), requestUrl)
{
Content = new StringContent(JsonConvert.SerializeObject(conditionalAccessPolicy), Encoding.UTF8, "application/json")
};
// Authenticate (add access token) our HttpRequestMessage
await graphServiceClient.AuthenticationProvider.AuthenticateRequestAsync(hrm);
signalRMessage.sendMessage($"{hrm.Method}: {requestUrl}");
// Send the request and get the response.
HttpResponseMessage response = await graphServiceClient.HttpProvider.SendAsync(hrm);
if (response.IsSuccessStatusCode)
{
signalRMessage.sendMessage($"Success: updated CA policy: {conditionalAccessPolicy.displayName} ({conditionalAccessPolicy.id})");
}
return(response);
}
public static async Task <ModernWorkplaceConcierge.Helpers.ConditionalAccessPolicy> AddConditionalAccessPolicyAsync(string conditionalAccessPolicy, string clientId = null)
{
var graphClient = GetAuthenticatedClient();
string requestUrl = graphEndpoint + "/identity/conditionalAccess/policies";
HttpRequestMessage hrm = new HttpRequestMessage(HttpMethod.Post, requestUrl)
{
Content = new StringContent(conditionalAccessPolicy, Encoding.UTF8, "application/json")
};
// Authenticate (add access token) our HttpRequestMessage
await graphClient.AuthenticationProvider.AuthenticateRequestAsync(hrm);
if (!string.IsNullOrEmpty(clientId))
{
var hubContext = GlobalHost.ConnectionManager.GetHubContext <MwHub>();
hubContext.Clients.Client(clientId).addMessage("POST: " + requestUrl);
}
// Send the request and get the response.
HttpResponseMessage response = await graphClient.HttpProvider.SendAsync(hrm);
ModernWorkplaceConcierge.Helpers.ConditionalAccessPolicy conditionalAccessPolicyResult = JsonConvert.DeserializeObject <ModernWorkplaceConcierge.Helpers.ConditionalAccessPolicy>(await response.Content.ReadAsStringAsync());
return(conditionalAccessPolicyResult);
}
public async Task <ConditionalAccessPolicy> AddConditionalAccessPolicyAsync(ConditionalAccessPolicy conditionalAccessPolicy)
{
// Following properties need to be disabled for successful POST
conditionalAccessPolicy.id = null;
conditionalAccessPolicy.state = "disabled";
conditionalAccessPolicy.createdDateTime = null;
conditionalAccessPolicy.modifiedDateTime = null;
string requestUrl = graphEndpoint + "/identity/conditionalAccess/policies";
HttpRequestMessage hrm = new HttpRequestMessage(HttpMethod.Post, requestUrl)
{
Content = new StringContent(JsonConvert.SerializeObject(conditionalAccessPolicy, new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Ignore,
Formatting = Formatting.Indented
}), Encoding.UTF8, "application/json")
};
if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.applicationEnforcedRestrictions != null)
{
signalRMessage.sendMessage("Warning you need to configure Exchange online and SharePoint online for app enforced restrictions!");
}
// Authenticate (add access token) our HttpRequestMessage
await this.graphServiceClient.AuthenticationProvider.AuthenticateRequestAsync(hrm);
signalRMessage.sendMessage($"{hrm.Method}: {requestUrl}");
// Send the request and get the response.
HttpResponseMessage response = await graphServiceClient.HttpProvider.SendAsync(hrm);
ConditionalAccessPolicy conditionalAccessPolicyResult = JsonConvert.DeserializeObject <ConditionalAccessPolicy>(await response.Content.ReadAsStringAsync());
if (response.IsSuccessStatusCode)
{
signalRMessage.sendMessage($"Success: created CA policy: '{conditionalAccessPolicyResult.displayName}' ({conditionalAccessPolicyResult.id})");
}
return(conditionalAccessPolicyResult);
}
public async Task <ConditionalAccessPolicy> TryAddConditionalAccessPolicyAsync(ConditionalAccessPolicy conditionalAccessPolicy)
{
try
{
var response = await AddConditionalAccessPolicyAsync(conditionalAccessPolicy);
return(response);
}
catch
{
signalRMessage.sendMessage("Discarding tenant specific information for CA policy: '" + conditionalAccessPolicy.displayName + "'");
// remove Id's
conditionalAccessPolicy.conditions.users.includeUsers = new string[] { "none" };
conditionalAccessPolicy.conditions.users.excludeUsers = null;
conditionalAccessPolicy.conditions.users.includeGroups = null;
conditionalAccessPolicy.conditions.users.excludeGroups = null;
conditionalAccessPolicy.conditions.users.includeRoles = null;
conditionalAccessPolicy.conditions.users.excludeRoles = null;
conditionalAccessPolicy.conditions.applications.includeApplications = new string[] { "none" };
conditionalAccessPolicy.conditions.applications.excludeApplications = null;
var response = await AddConditionalAccessPolicyAsync(conditionalAccessPolicy);
return(response);
}
}
public static async Task <bool> ImportCaConfig(string policy, string clientId = null)
{
SignalRMessage signalR = new SignalRMessage();
signalR.clientId = clientId;
ModernWorkplaceConcierge.Helpers.ConditionalAccessPolicy conditionalAccessPolicy = JsonConvert.DeserializeObject <ModernWorkplaceConcierge.Helpers.ConditionalAccessPolicy>(policy);
conditionalAccessPolicy.id = null;
conditionalAccessPolicy.state = "disabled";
conditionalAccessPolicy.createdDateTime = null;
conditionalAccessPolicy.modifiedDateTime = null;
// Check for device state and display warning (API issue)
if (conditionalAccessPolicy.conditions.deviceStates != null)
{
signalR.sendMessage("Warning device states are currently not imported by the Graph API, you need to enable them manually on the policy!");
}
if (conditionalAccessPolicy.sessionControls != null && conditionalAccessPolicy.sessionControls.applicationEnforcedRestrictions != null)
{
signalR.sendMessage("Warning you need to enable Exchange online and SharePoint online for app enforced restrictions!");
}
try
{
string requestContent = JsonConvert.SerializeObject(conditionalAccessPolicy, new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Ignore,
Formatting = Formatting.Indented
});
var success = await GraphHelper.AddConditionalAccessPolicyAsync(requestContent, clientId);
signalR.sendMessage("Success: imported CA policy: '" + success.displayName + "'");
return(true);
}
catch
{
signalR.sendMessage("Discarding tenant specific information for CA policy: '" + conditionalAccessPolicy.displayName + "'");
// remove Id's
conditionalAccessPolicy.conditions.users.includeUsers = new string[] { "none" };
conditionalAccessPolicy.conditions.users.excludeUsers = null;
conditionalAccessPolicy.conditions.users.includeGroups = null;
conditionalAccessPolicy.conditions.users.excludeGroups = null;
conditionalAccessPolicy.conditions.users.includeRoles = null;
conditionalAccessPolicy.conditions.users.excludeRoles = null;
conditionalAccessPolicy.conditions.applications.includeApplications = new string[] { "none" };
conditionalAccessPolicy.conditions.applications.excludeApplications = null;
string requestContent = JsonConvert.SerializeObject(conditionalAccessPolicy, new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Ignore,
Formatting = Formatting.Indented
});
var success = await GraphHelper.AddConditionalAccessPolicyAsync(requestContent, clientId);
signalR.sendMessage("Success: imported CA policy: '" + success.displayName + "'");
return(true);
}
}