public ActionResult RepairAccess([Bind(Include = "Id")] Subscription subscription) { if (ModelState.IsValid) { AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(ConfigurationManager.AppSettings["ObjectId"], subscription.Id, ConfigurationManager.AppSettings["AADId"]); AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(ConfigurationManager.AppSettings["ObjectId"], subscription.Id, ConfigurationManager.AppSettings["AADId"]); } return(RedirectToAction("Index", "Home")); }
public ActionResult RepairAccess([Bind(Include = "Id, OrganizationId")] Subscription subscription, string servicePrincipalObjectId) { if (ModelState.IsValid) { AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); } return(RedirectToAction("Index", "Home")); }
public async Task ConnectSubscription(string subscriptionId) { string directoryId = await resourceManagerUtility.GetDirectoryForSubscription(subscriptionId); if (!string.IsNullOrEmpty(directoryId)) { if (!User.Identity.IsAuthenticated || !directoryId.Equals((User.Identity as ClaimsIdentity).FindFirst ("http://schemas.microsoft.com/identity/claims/tenantid").Value)) { //This is where the actual magic of changing authentication authority happens var openIdFeature = HttpContext.Features[typeof(IHttpAuthenticationFeature)] as IHttpAuthenticationFeature; var openIdHandler = openIdFeature.Handler as MultiTenantOpenIdConnectHandler; openIdHandler.SetTenantAuthority(string.Format(azureADSettings.Authority, directoryId)); Dictionary <string, string> dict = new Dictionary <string, string>(); dict["prompt"] = "select_account"; await HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties(dict) { RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId }); } else { string objectIdOfCloudSenseServicePrincipalInDirectory = await resourceManagerUtility.GetObjectIdOfServicePrincipalInDirectory(directoryId, azureADSettings.ClientId); await resourceManagerUtility.GrantRoleToServicePrincipalOnSubscription (objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId); Subscription s = new Subscription() { Id = subscriptionId, DirectoryId = directoryId, ConnectedBy = signedInUserService.GetSignedInUserName(), ConnectedOn = DateTime.Now }; subscriptionRepository.AddSubscription(s); Response.Redirect(this.Url.Action("Index", "Home")); } } return; }
public async Task ConnectSubscription(string subscriptionId) { string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId); if (!String.IsNullOrEmpty(directoryId)) { if (!User.Identity.IsAuthenticated || !directoryId.Equals(ClaimsPrincipal.Current.FindFirst ("http://schemas.microsoft.com/identity/claims/tenantid").Value)) { HttpContext.GetOwinContext().Environment.Add("Authority", string.Format(ConfigurationManager.AppSettings["Authority"] + "OAuth2/Authorize", directoryId)); Dictionary <string, string> dict = new Dictionary <string, string>(); dict["prompt"] = "select_account"; HttpContext.GetOwinContext().Authentication.Challenge( new AuthenticationProperties(dict) { RedirectUri = this.Url.Action("ConnectSubscription", "Home") + "?subscriptionId=" + subscriptionId }, OpenIdConnectAuthenticationDefaults.AuthenticationType); } else { string objectIdOfCloudSenseServicePrincipalInDirectory = await AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]); await AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription (objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId); Subscription s = new Subscription() { Id = subscriptionId, DirectoryId = directoryId, ConnectedBy = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value, ConnectedOn = DateTime.Now }; if (db.Subscriptions.Find(s.Id) == null) { db.Subscriptions.Add(s); db.SaveChanges(); } Response.Redirect(this.Url.Action("Index", "Home")); } } return; }
public async Task RepairSubscriptionConnection(string subscriptionId) { string directoryId = await AzureResourceManagerUtil.GetDirectoryForSubscription(subscriptionId); string objectIdOfCloudSenseServicePrincipalInDirectory = await AzureADGraphAPIUtil.GetObjectIdOfServicePrincipalInDirectory(directoryId, ConfigurationManager.AppSettings["ClientID"]); await AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription (objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId); await AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription (objectIdOfCloudSenseServicePrincipalInDirectory, subscriptionId, directoryId); Response.Redirect(this.Url.Action("Index", "Home")); }
public ActionResult Connect([Bind(Include = "Id, OrganizationId")] Subscription subscription, string servicePrincipalObjectId) { if (ModelState.IsValid) { AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); if (AzureResourceManagerUtil.ServicePrincipalHasReadAccessToSubscription(subscription.Id, subscription.OrganizationId)) { subscription.ConnectedBy = (System.Security.Claims.ClaimsPrincipal.Current).FindFirst(ClaimTypes.Name).Value; subscription.ConnectedOn = DateTime.Now; db.Subscriptions.Add(subscription); db.SaveChanges(); } } return(RedirectToAction("Index", "Home")); }
public ActionResult RepairAccess([Bind(Include = "Id, OrganizationId")] Subscription subscription, string servicePrincipalObjectId) { if (ModelState.IsValid) { AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); Subscription s = db.Subscriptions.Find(subscription.Id); if (s != null) { s.AzureAccessNeedsToBeRepaired = false; db.Entry(s).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); } } return(RedirectToAction("Index", "Home")); }
public ActionResult Connect([Bind(Include = "Id, OrganizationId, DisplayName")] Subscription subscription, string servicePrincipalObjectId, string displayTag) { if (ModelState.IsValid) { AzureResourceManagerUtil.RevokeRoleFromServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); AzureResourceManagerUtil.GrantRoleToServicePrincipalOnSubscription(servicePrincipalObjectId, subscription.Id, subscription.OrganizationId); if (AzureResourceManagerUtil.ServicePrincipalHasReadAccessToSubscription(subscription.Id, subscription.OrganizationId)) { // Insert into SQL DB subscription.ConnectedBy = (System.Security.Claims.ClaimsPrincipal.Current).FindFirst(ClaimTypes.Name).Value; subscription.ConnectedOn = DateTime.Now; subscription.AzureAccessNeedsToBeRepaired = false; subscription.DisplayTag = displayTag; subscription.DataGenDate = DateTime.UtcNow; subscription.DataGenStatus = DataGenStatus.Pending; db.Subscriptions.Add(subscription); db.SaveChanges(); DateTime sdt = DateTime.Now.AddYears(-3); DateTime edt = DateTime.Now.AddDays(-1); BillingRequest br = new BillingRequest(subscription.Id, subscription.OrganizationId, sdt, edt); // Insert into Azure Storage Queue var storageAccount = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["AzureWebJobsStorage"].ToString()); CloudQueueClient queueClient = storageAccount.CreateCloudQueueClient(); CloudQueue subscriptionsQueue = queueClient.GetQueueReference(ConfigurationManager.AppSettings["ida:QueueBillingDataRequests"].ToString()); subscriptionsQueue.CreateIfNotExists(); var queueMessage = new CloudQueueMessage(JsonConvert.SerializeObject(br)); subscriptionsQueue.AddMessageAsync(queueMessage); } } return(RedirectToAction("Index", "Home")); }