示例#1
0
        public async Task <dynamic> GetUserFromGraph(string query)
        {
            // get an access token
            var accessToken = await AccessTokenFetcher.GetAccessToken("https://graph.microsoft.com", "GRAPH");

            // get the user info
            using (var request = new HttpRequestMessage()
            {
                RequestUri = new Uri($"https://graph.microsoft.com/beta/users/{query}"),
                Method = HttpMethod.Get
            })
            {
                request.Headers.Add("Authorization", $"Bearer {accessToken}");
                using (var response = await this.HttpClient.SendAsync(request))
                {
                    var raw = await response.Content.ReadAsStringAsync();

                    if ((int)response.StatusCode == 404) // Not Found
                    {
                        return(null);
                    }
                    else if ((int)response.StatusCode == 403) // Forbidden
                    {
                        throw new Exception("GetUserById: the auth identity does not have the Directory.Read.All right");
                    }
                    else if (!response.IsSuccessStatusCode)
                    {
                        throw new Exception($"GetUserById: HTTP {(int)response.StatusCode} - {raw}");
                    }
                    dynamic json = JObject.Parse(raw);
                    return(json);
                }
            };
        }
示例#2
0
        private async Task <bool> IsUserEnabled(string userId)
        {
            // get an access token
            var accessToken = await AccessTokenFetcher.GetAccessToken("https://graph.microsoft.com", "GRAPH");

            // check for enabled
            using (var request = new HttpRequestMessage()
            {
                RequestUri = new Uri($"https://graph.microsoft.com/beta/users/{userId}?$select=accountEnabled"),
                Method = HttpMethod.Get
            })
            {
                request.Headers.Add("Authorization", $"Bearer {accessToken}");
                using (var response = await this.HttpClient.SendAsync(request))
                {
                    var raw = await response.Content.ReadAsStringAsync();

                    if ((int)response.StatusCode == 403) // Forbidden
                    {
                        throw new Exception("IsUserEnabled: the auth identity does not have the Directory.Read.All right");
                    }
                    else if (!response.IsSuccessStatusCode)
                    {
                        throw new Exception($"IsUserEnabled: HTTP {(int)response.StatusCode} - {raw}");
                    }
                    dynamic json = JObject.Parse(raw);
                    return((bool)json.accountEnabled);
                }
            };
        }
示例#3
0
        private async Task <List <RoleAssignments> > GetRoleAssignments(string userId)
        {
            List <RoleAssignments> assignments = new List <RoleAssignments>();

            // get the list of applications to consider for roles
            var appIds = CasConfig.AzureApplicationIds;

            if (appIds == null || appIds.Count() < 1)
            {
                return(assignments);
            }

            // get an access token
            var accessToken = await AccessTokenFetcher.GetAccessToken("https://graph.microsoft.com", "GRAPH");

            // lookup all specified applications
            //   NOTE: catch the possible 403 Forbidden because access rights have not been granted
            List <AppRoles> apps   = new List <AppRoles>();
            string          filter = "$filter=" + string.Join(" or ", appIds.Select(appId => $"appId eq '{appId}'"));
            string          select = "$select=appId,appRoles";

            using (var request = new HttpRequestMessage()
            {
                RequestUri = new Uri($"https://graph.microsoft.com/beta/applications/?{filter}&{select}"),
                Method = HttpMethod.Get
            })
            {
                request.Headers.Add("Authorization", $"Bearer {accessToken}");
                using (var response = await this.HttpClient.SendAsync(request))
                {
                    var raw = await response.Content.ReadAsStringAsync();

                    if ((int)response.StatusCode == 403) // Forbidden
                    {
                        throw new Exception("GetRoleAssignments: the auth identity does not have the Directory.Read.All right");
                    }
                    else if (!response.IsSuccessStatusCode)
                    {
                        throw new Exception($"GetRoleAssignments: HTTP {(int)response.StatusCode} - {raw}");
                    }
                    dynamic json   = JObject.Parse(raw);
                    var     values = (JArray)json.value;
                    foreach (dynamic value in values)
                    {
                        var app = new AppRoles()
                        {
                            AppId = (string)value.appId
                        };
                        apps.Add(app);
                        foreach (dynamic appRole in value.appRoles)
                        {
                            app.Roles.Add((string)appRole.id, (string)appRole.value);
                        }
                    }
                }
            };

            // get the roles that the user is in
            using (var request = new HttpRequestMessage()
            {
                RequestUri = new Uri($"https://graph.microsoft.com/beta/users/{userId}/appRoleAssignments"),
                Method = HttpMethod.Get
            })
            {
                request.Headers.Add("Authorization", $"Bearer {accessToken}");
                using (var response = await this.HttpClient.SendAsync(request))
                {
                    var raw = await response.Content.ReadAsStringAsync();

                    if ((int)response.StatusCode == 404) // Not Found
                    {
                        // ignore, the user might not be in the directory
                        return(assignments);
                    }
                    else if (!response.IsSuccessStatusCode)
                    {
                        throw new Exception($"GetRoleAssignments: HTTP {(int)response.StatusCode} - {raw}");
                    }
                    dynamic json   = JObject.Parse(raw);
                    var     values = (JArray)json.value;
                    foreach (dynamic value in values)
                    {
                        var appRoleId = (string)value.appRoleId;
                        var app       = apps.FirstOrDefault(a => a.Roles.ContainsKey(appRoleId));
                        if (app != null)
                        {
                            var roleName           = app.Roles[appRoleId];
                            var existingAssignment = assignments.FirstOrDefault(ra => ra.AppId == app.AppId);
                            if (existingAssignment != null)
                            {
                                existingAssignment.Roles.Add(roleName);
                            }
                            else
                            {
                                var assignment = new RoleAssignments()
                                {
                                    AppId = (string)app.AppId
                                };
                                assignment.Roles.Add(roleName);
                                assignments.Add(assignment);
                            }
                        }
                    }
                }
            };

            return(assignments);
        }