public async Task ConnectSubscription(string subscriptionId)
{
string directoryId = await resourceManagerUtility.GetDirectoryForSubscription(subscriptionId);
if (!string.IsNullOrEmpty(directoryId))
{
if (!User.Identity.IsAuthenticated || !directoryId.Equals((User.Identity as ClaimsIdentity).FindFirst
("http://schemas.microsoft.com/identity/claims/tenantid").Value))
{
//This is where the actual magic of changing authentication authority happens
var openIdFeature = HttpContext.Features[typeof(IHttpAuthenticationFeature)] as IHttpAuthenticationFeature;
var openIdHandler = openIdFeature.Handler as MultiTenantOpenIdConnectHandler;
openIdHandler.SetTenantAuthority(string.Format(azureADSettings.Authority, directoryId));
Dictionary <string, string> dict = new Dictionary <string, string>();
dict["prompt"] = "select_account";
await HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme,
new AuthenticationProperties(dict) { RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId });
}
else
{
string objectIdOfCloudSenseServicePrincipalInDirectory = await
resourceManagerUtility.GetObjectIdOfServicePrincipalInDirectory(directoryId, azureADSettings.ClientId);
await resourceManagerUtility.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Subscription s = new Subscription()
{
Id = subscriptionId,
DirectoryId = directoryId,
ConnectedBy = signedInUserService.GetSignedInUserName(),
ConnectedOn = DateTime.Now
};
subscriptionRepository.AddSubscription(s);
Response.Redirect(this.Url.Action("Index", "Home"));
}
}
return;
}
public async Task ConnectSubscription(string subscriptionId)
{
string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId);
if (!String.IsNullOrEmpty(directoryId))
{
if (!User.Identity.IsAuthenticated || !directoryId.Equals(ClaimsPrincipal.Current.FindFirst
("http://schemas.microsoft.com/identity/claims/tenantid").Value))
{
HttpContext.GetOwinContext().Environment.Add("Authority",
string.Format(ConfigurationManager.AppSettings["Authority"] + "OAuth2/Authorize", directoryId));
Dictionary <string, string> dict = new Dictionary <string, string>();
dict["prompt"] = "select_account";
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties(dict)
{
RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
else
{
string objectIdOfCloudSenseServicePrincipalInDirectory = await
AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]);
await AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Subscription s = new Subscription()
{
Id = subscriptionId,
DirectoryId = directoryId,
ConnectedBy = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value,
ConnectedOn = DateTime.Now
};
if (db.Subscriptions.Find(s.Id) == null)
{
db.Subscriptions.Add(s);
db.SaveChanges();
}
Response.Redirect(this.Url.Action("Index", "Home"));
}
}
return;
}
public async Task RepairSubscriptionConnection(string subscriptionId)
{
string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId);
string objectIdOfCloudSenseServicePrincipalInDirectory = await
AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]);
await AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
await AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Response.Redirect(this.Url.Action("Index", "Home"));
}
public async Task DisconnectSubscription(string subscriptionId)
{
string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId);
string objectIdOfCloudSenseServicePrincipalInDirectory = await
AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]);
await AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription
(objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId);
Subscription s = db.Subscriptions.Find(subscriptionId);
if (s != null)
{
db.Subscriptions.Remove(s);
db.SaveChanges();
}
Response.Redirect(this.Url.Action("Index", "Home"));
}