/// <summary> /// Creates new ActiveDirectoryClient using WindowsAzureSubscription. /// </summary> /// <param name="context"></param> public ActiveDirectoryClient(AzureContext context) { GraphClient = AzureSession.ClientFactory.CreateArmClient<GraphRbacManagementClient>( context, AzureEnvironment.Endpoint.Graph); GraphClient.TenantID = context.Tenant.Id.ToString(); }
/// <summary> /// Creates new ActiveDirectoryClient using WindowsAzureSubscription. /// </summary> /// <param name="context"></param> public ActiveDirectoryClient(AzureContext context) { AccessTokenCredential creds = (AccessTokenCredential)AzureSession.AuthenticationFactory.GetSubscriptionCloudCredentials(context); GraphClient = AzureSession.ClientFactory.CreateCustomClient<GraphRbacManagementClient>( creds.TenantID, creds, context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.Graph)); }
private static ServicePrincipalGetResult CreateServicePrincipal(ApplicationGetResult app, GraphRbacManagementClient graphClient) { var parameters = new ServicePrincipalCreateParameters { AccountEnabled = true, AppId = app.Application.AppId }; var servicePrincipal = graphClient.ServicePrincipal.Create(parameters); return(servicePrincipal); }
public ActionResult CreateServicePrincipal() { var head = Request.Headers.GetValues(Utils.X_MS_OAUTH_TOKEN).FirstOrDefault(); var client = new SubscriptionClient(new TokenCredentials(head)); client.SubscriptionId = Guid.NewGuid().ToString(); var tenants = client.Tenants.List(); var subs = client.Subscriptions.List(); var cookie = ARMOAuthModule.ReadOAuthTokenCookie(HttpContext.ApplicationInstance); //var graphToken = AADOAuth2AccessToken.GetAccessTokenByRefreshToken(cookie.TenantId, cookie.refresh_token, "https://graph.windows.net/"); var settings = ActiveDirectoryServiceSettings.Azure; var authContext = new AuthenticationContext(settings.AuthenticationEndpoint + "common"); var graphToken = authContext.AcquireToken("https://management.core.windows.net/", new ClientCredential("d1b853e2-6e8c-4e9e-869d-60ce913a280c", "hVAAmWMFjX0Z0T4F9JPlslfg8roQNRHgIMYIXAIAm8s=")); var graphClient = new GraphRbacManagementClient(new TokenCredentials(graphToken.AccessToken)); graphClient.SubscriptionId = subs.FirstOrDefault().SubscriptionId; graphClient.TenantID = tenants.FirstOrDefault().TenantId; //var servicePrincipals = graphClient.ServicePrincipal.List(); try { var res = graphClient.Application.Create(new Microsoft.Azure.Graph.RBAC.Models.ApplicationCreateParameters() { DisplayName = "Test Application created by ARM", Homepage = "https://test.sjkp.dk", AvailableToOtherTenants = false, IdentifierUris = new string[] { "https://absaad12312.sjkp.dk" }, ReplyUrls = new string[] { "https://test.sjkp.dk" }, PasswordCredentials = new PasswordCredential[] { new PasswordCredential() { EndDate = DateTime.UtcNow.AddYears(1), KeyId = Guid.NewGuid().ToString(), Value = "s3nheiser", StartDate = DateTime.UtcNow } }, }); } catch (CloudException ex) { var s = ex.Body.Message; var s2 = ex.Response.Content.AsString(); } return(View()); }
//Get ApplicationId for the given ObjectId. private Guid GetApplicationId() { GraphRbacManagementClient graphClient = AzureSession.Instance.ClientFactory.CreateArmClient <GraphRbacManagementClient>( DefaultProfile.DefaultContext, AzureEnvironment.Endpoint.Graph); graphClient.TenantID = DefaultProfile.DefaultContext.Tenant.Id.ToString(); Microsoft.Azure.Graph.RBAC.Version1_6.Models.ServicePrincipal sp = graphClient.ServicePrincipals.Get(ObjectId.ToString()); var applicationId = Guid.Empty; Guid.TryParse(sp.AppId, out applicationId); Debug.Assert(applicationId != Guid.Empty); return(applicationId); }
//Get ApplicationId for the given ObjectId. private Guid GetApplicationId() { Guid tenantId = GetTenantId(AadTenantId); SubscriptionCloudCredentials cred = AzureSession.AuthenticationFactory.GetSubscriptionCloudCredentials(DefaultProfile.Context); GraphRbacManagementClient graphClient = new GraphRbacManagementClient(tenantId.ToString(), cred); ServicePrincipalGetResult res = graphClient.ServicePrincipal.Get(ObjectId.ToString()); var applicationId = Guid.Empty; Guid.TryParse(res.ServicePrincipal.AppId, out applicationId); Debug.Assert(applicationId != Guid.Empty); return(applicationId); }
private static async Task <ApplicationInner> GetServiceApplicationInnerAsync(GraphRbacManagementClient client, string identifier) { var query = new ODataQuery <ApplicationInner>(); var httpIdentifier = $"http://{identifier}"; var httpsIdentifier = $"https://{identifier}"; if (identifier.IsGuid()) { query.SetFilter(a => a.ObjectId == identifier || a.AppId == identifier); } else if (!identifier.StartsWithHttp()) { query.SetFilter(a => a.IdentifierUris.Contains(httpIdentifier) || a.IdentifierUris.Contains(httpsIdentifier)); } else { query.SetFilter(a => a.IdentifierUris.Contains(identifier)); } try { var page = await client.Applications .ListAsync(query) .ConfigureAwait(false); var application = page.FirstOrDefault(); while (application is null && !string.IsNullOrEmpty(page?.NextPageLink)) { page = await client.Applications .ListNextAsync(page.NextPageLink) .ConfigureAwait(false); application = page.FirstOrDefault(); } return(application); } catch (GraphErrorException) { return(null); } }
private static async Task <UserInner> GetUserInnerAsync(GraphRbacManagementClient client, string identifier) { if (identifier.StartsWithHttp()) { return(null); } if (!(identifier.IsGuid() || identifier.IsEMail())) { return(null); } if (identifier.IsEMail()) { var domains = await client.Domains .ListAsync() .ConfigureAwait(false); var hasVerifiedDomain = domains .Where(d => d.IsVerified.HasValue && d.IsVerified.Value) .Any(d => identifier.EndsWith($"@{d.Name}", StringComparison.OrdinalIgnoreCase)); if (!hasVerifiedDomain) { var defaultDomain = domains .First(d => d.IsDefault.HasValue && d.IsDefault.Value); identifier = $"{identifier.Replace("@", "_", StringComparison.OrdinalIgnoreCase)}#EXT#@{defaultDomain.Name}"; } } try { return(await client.Users .GetAsync(identifier) .ConfigureAwait(false)); } catch (GraphErrorException) { return(null); } }
private static ApplicationGetResult CreateApplication(GraphRbacManagementClient graphClient, string appDisplayName, string secret) { return(graphClient.Application.Create(new ApplicationCreateParameters { DisplayName = appDisplayName, IdentifierUris = new List <string>() { "http://" + Guid.NewGuid().ToString() + ".com" }, Homepage = "http://contoso.com", AvailableToOtherTenants = false, PasswordCredentials = new[] { new PasswordCredential { Value = secret, StartDate = DateTime.Now - TimeSpan.FromDays(1), EndDate = DateTime.Now + TimeSpan.FromDays(1), KeyId = Guid.NewGuid() } } })); }
//Get ApplicationId for the given ObjectId. private Guid GetApplicationId() { Guid tenantId = GetTenantId(AadTenantId); SubscriptionCloudCredentials cred = AzureSession.AuthenticationFactory.GetSubscriptionCloudCredentials(DefaultProfile.Context); GraphRbacManagementClient graphClient = new GraphRbacManagementClient(tenantId.ToString(), cred); ServicePrincipalGetResult res = graphClient.ServicePrincipal.Get(ObjectId.ToString()); var applicationId = Guid.Empty; Guid.TryParse(res.ServicePrincipal.AppId, out applicationId); Debug.Assert(applicationId != Guid.Empty); return applicationId; }
private static ApplicationGetResult CreateApplication(GraphRbacManagementClient graphClient, string appDisplayName, string secret) { return graphClient.Application.Create(new ApplicationCreateParameters { DisplayName = appDisplayName, IdentifierUris = new List<string>() {"http://" + Guid.NewGuid().ToString() + ".com"}, Homepage = "http://contoso.com", AvailableToOtherTenants = false, PasswordCredentials = new[] { new PasswordCredential { Value = secret, StartDate = DateTime.Now - TimeSpan.FromDays(1), EndDate = DateTime.Now + TimeSpan.FromDays(1), KeyId = Guid.NewGuid() } } }); }
private static ServicePrincipalGetResult CreateServicePrincipal(ApplicationGetResult app, GraphRbacManagementClient graphClient) { var parameters = new ServicePrincipalCreateParameters { AccountEnabled = true, AppId = app.Application.AppId }; var servicePrincipal = graphClient.ServicePrincipal.Create(parameters); return servicePrincipal; }
/// <summary> /// Creates new ActiveDirectoryClient using WindowsAzureSubscription. /// </summary> /// <param name="context"></param> public ActiveDirectoryClient(IAzureContext context) { GraphClient = AzureSession.Instance.ClientFactory.CreateArmClient <GraphRbacManagementClient>( context, AzureEnvironment.Endpoint.Graph); GraphClient.TenantID = context.Tenant.Id.ToString(); }
public ActionResult CreateServicePrincipal() { var head = Request.Headers.GetValues(Utils.X_MS_OAUTH_TOKEN).FirstOrDefault(); var client = new SubscriptionClient(new TokenCredentials(head)); client.SubscriptionId = Guid.NewGuid().ToString(); var tenants = client.Tenants.List(); var subs = client.Subscriptions.List(); var cookie = ARMOAuthModule.ReadOAuthTokenCookie(HttpContext.ApplicationInstance); //var graphToken = AADOAuth2AccessToken.GetAccessTokenByRefreshToken(cookie.TenantId, cookie.refresh_token, "https://graph.windows.net/"); var settings = ActiveDirectoryServiceSettings.Azure; var authContext = new AuthenticationContext(settings.AuthenticationEndpoint + "common"); var graphToken = authContext.AcquireToken("https://management.core.windows.net/", new ClientCredential("d1b853e2-6e8c-4e9e-869d-60ce913a280c", "hVAAmWMFjX0Z0T4F9JPlslfg8roQNRHgIMYIXAIAm8s=")); var graphClient = new GraphRbacManagementClient(new TokenCredentials(graphToken.AccessToken)); graphClient.SubscriptionId = subs.FirstOrDefault().SubscriptionId; graphClient.TenantID = tenants.FirstOrDefault().TenantId; //var servicePrincipals = graphClient.ServicePrincipal.List(); try { var res = graphClient.Application.Create(new Microsoft.Azure.Graph.RBAC.Models.ApplicationCreateParameters() { DisplayName = "Test Application created by ARM", Homepage = "https://test.sjkp.dk", AvailableToOtherTenants = false, IdentifierUris = new string[] { "https://absaad12312.sjkp.dk" }, ReplyUrls = new string[] { "https://test.sjkp.dk" }, PasswordCredentials = new PasswordCredential[] { new PasswordCredential() { EndDate = DateTime.UtcNow.AddYears(1), KeyId = Guid.NewGuid().ToString(), Value = "s3nheiser", StartDate = DateTime.UtcNow } }, }); } catch (CloudException ex) { var s = ex.Body.Message; var s2 = ex.Response.Content.AsString(); } return View(); }
static void Main(string[] args) { string adlaAccountName = "<ADLA account name>"; string resourceGroupName = "<resource group name>"; string subscriptionId = "<subscription ID>"; string domain = "<AAD tenant ID / domain>"; var armTokenAudience = new Uri(@"https://management.core.windows.net/"); var adlTokenAudience = new Uri(@"https://datalake.azure.net/"); var aadTokenAudience = new Uri(@"https://graph.windows.net/"); // ---------------------------------------- // Perform authentication to get credentials // ---------------------------------------- // INTERACTIVE WITH CACHE var tokenCache = new TokenCache(); tokenCache.BeforeAccess = BeforeTokenCacheAccess; tokenCache.AfterAccess = AfterTokenCacheAccess; var armCreds = GetCredsInteractivePopup(domain, armTokenAudience, tokenCache, PromptBehavior.Auto); var adlCreds = GetCredsInteractivePopup(domain, adlTokenAudience, tokenCache, PromptBehavior.Auto); var aadCreds = GetCredsInteractivePopup(domain, aadTokenAudience, tokenCache, PromptBehavior.Auto); // INTERACTIVE WITHOUT CACHE // var armCreds = GetCredsInteractivePopup(domain, armTokenAudience, PromptBehavior.Auto); // var adlCreds = GetCredsInteractivePopup(domain, adlTokenAudience, PromptBehavior.Auto); // var aadCreds = GetCredsInteractivePopup(domain, aadTokenAudience, PromptBehavior.Auto); // NON-INTERACTIVE WITH SECRET KEY // string clientId = "<service principal / application client ID>"; // string secretKey = "<service principal / application secret key>"; // var armCreds = GetCredsServicePrincipalSecretKey(domain, armTokenAudience, clientId, secretKey); // var adlCreds = GetCredsServicePrincipalSecretKey(domain, adlTokenAudience, clientId, secretKey); // var aadCreds = GetCredsServicePrincipalSecretKey(domain, aadTokenAudience, clientId, secretKey); // NON-INTERACTIVE WITH CERT // string clientId = "<service principal / application client ID>"; // var certificate = new X509Certificate2(@"<path to (PFX) certificate file>", "<certificate password>"); // var armCreds = GetCredsServicePrincipalCertificate(domain, armTokenAudience, clientId, certificate); // var adlCreds = GetCredsServicePrincipalCertificate(domain, adlTokenAudience, clientId, certificate); // var aadCreds = GetCredsServicePrincipalCertificate(domain, aadTokenAudience, clientId, certificate); // ---------------------------------------- // Create the REST clients using the credentials // ---------------------------------------- var adlaAccountClient = new DataLakeAnalyticsAccountManagementClient(armCreds); adlaAccountClient.SubscriptionId = subscriptionId; var adlsAccountClient = new DataLakeStoreAccountManagementClient(armCreds); adlsAccountClient.SubscriptionId = subscriptionId; var adlaCatalogClient = new DataLakeAnalyticsCatalogManagementClient(adlCreds); var adlaJobClient = new DataLakeAnalyticsJobManagementClient(adlCreds); var adlsFileSystemClient = new DataLakeStoreFileSystemManagementClient(adlCreds); var graphClient = new GraphRbacManagementClient(aadCreds); graphClient.TenantID = domain; // ---------------------------------------- // Perform operations with the REST clients // ---------------------------------------- var account = adlaAccountClient.Account.Get(resourceGroupName, adlaAccountName); Console.WriteLine($"My account's location is: {account.Location}!"); // string upn = "*****@*****.**"; // string displayName = graphClient.Users.Get(upn).DisplayName; // Console.WriteLine($"The display name for {upn} is {displayName}!"); Console.ReadLine(); }