public async Task AppSignIns() { try { var appsPermissions = await _microsoftGraphApiHelper.GetAppsPermission(); var servicePrincipals = await _microsoftGraphApiHelper.GetServicePrincipals(); var appIdToNameDictionary = new Dictionary <string, string>(); servicePrincipals.ForEach(_ => appIdToNameDictionary.Add( _["id"].Value <string>(), _["appDisplayName"].Value <string>()) ); var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >(); appsPermissions.ForEach(_ => { var permissionsSet = _["scope"].Value <string>().Split(' ').ToHashSet(); var appId = _["clientId"].Value <string>(); var principalId = _["principalId"].Value <string>(); appIdToNameDictionary.TryGetValue(appId, out var appDisplayName); appIdToPermissionsSetDictionary.CreateOrUpdate( appDisplayName ?? appId, () => permissionsSet, __ => __.Union(permissionsSet).ToHashSet() ); //BloodHoundHelper.Applications(appDisplayName ?? appId, permissionsSet, principalId); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.Applications(appDisplayName, appId, permissionsSet, principalId); } }); /* * Creating connections based on permissions * foreach (var (appId, appDisplayName) in appIdToNameDictionary) * { * var vertex = new GremlinVertex(appId, nameof(Application)); * vertex.AddProperty(CosmosDbHelper.CollectionPartitionKey, appId.GetHashCode()); * vertex.AddProperty(nameof(appDisplayName), appDisplayName?.ToUpper() ?? string.Empty); * gremlinVertices.Add(vertex); * } * * var mailBoxes = new GremlinVertex("MailBoxes", "MailBoxes"); * mailBoxes.AddProperty(CosmosDbHelper.CollectionPartitionKey, "MailBoxes".GetHashCode()); * gremlinVertices.Add(mailBoxes);*/ } catch (Exception ex) { _logger.Error(ex, $"{nameof(AppSignIns)} {ex.Message} {ex.InnerException}"); } }
public async Task <int> ServicePrincipals() { try { var appsPermissions = await GraphServiceHelper.GetAppsPermission(_graphClient, _httpContext); var principalsPermissions = await GraphServiceHelper.GetDirectoryAudits(_graphClient, _httpContext); var servicePrincipals = await GraphServiceHelper.GetServicePrincipals(_graphClient, _httpContext); var principalIdToPermissions = new Dictionary <string, HashSet <string> >(); principalsPermissions.ForEach(_ => { principalIdToPermissions.TryAdd( _.TargetResources.First().Id, ToHashSetExtension.ToHashSet(_.TargetResources.First().ModifiedProperties.First(__ => __.DisplayName == "ConsentAction.Permissions").NewValue.Split("Scope:").Last(). Split("]").First().Split(" ").Where(__ => __ != "")) ); }); var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >(); appsPermissions.ForEach(_ => { var permissionsSet = ToHashSetExtension.ToHashSet(Newtonsoft.Json.Linq.Extensions.Value <string>(_["scope"]) .Split(' ')); var appId = Newtonsoft.Json.Linq.Extensions.Value <string>(_["clientId"]); appIdToPermissionsSetDictionary.TryAdd(appId, permissionsSet); }); var appIdToNameDictionary = new Dictionary <string, Tuple <string, string, string, string> >(); servicePrincipals.ForEach(_ => appIdToNameDictionary.Add( Newtonsoft.Json.Linq.Extensions.Value <string>(_["id"]), new Tuple <string, string, string, string>( Newtonsoft.Json.Linq.Extensions.Value <string>(_["appId"]), Newtonsoft.Json.Linq.Extensions.Value <string>(_["displayName"]), Newtonsoft.Json.Linq.Extensions.Value <string>(_["homepage"]), Newtonsoft.Json.Linq.Extensions.Value <string>(_["appOwnerOrganizationId"]) ))); appIdToNameDictionary.ForEach(_ => { appIdToPermissionsSetDictionary.TryGetValue(_.Key, out var appPermissions); principalIdToPermissions.TryGetValue(_.Key, out var principalPermissions); if (Startup.IsCosmosDbGraphEnabled && (principalPermissions != null || appPermissions != null)) { if (principalPermissions != null) { CosmosDbGraphHelper.Applications(_.Value.Item2, _.Value.Item1, principalPermissions, UserIds, _.Key, _.Value.Item3, _.Value.Item4); } else { CosmosDbGraphHelper.Applications(_.Value.Item2, _.Key, appPermissions, UserIds, _.Value.Item1, _.Value.Item3, _.Value.Item4); } } }); return(appIdToNameDictionary.Count); } catch (Exception ex) { _logger.Error(ex, $"{nameof(ServicePrincipals)} {ex.Message} {ex.InnerException}"); } return(0); }