// To protect from overposting attacks, enable the specific properties you want to bind to.
// For more details, see https://aka.ms/RazorPagesCRUD.
public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
return(Page());
}
// get existing
var policy = await _tokenLifetimePolicyGraphApiService.GetPolicy(TokenLifetimePolicyDto.Id);
var tokenLifetimePolicy = new TokenLifetimePolicy
{
Id = TokenLifetimePolicyDto.Id,
Definition = new List <string>()
{
TokenLifetimePolicyDto.Definition
},
DisplayName = TokenLifetimePolicyDto.DisplayName,
IsOrganizationDefault = TokenLifetimePolicyDto.IsOrganizationDefault,
};
await _tokenLifetimePolicyGraphApiService.UpdatePolicy(tokenLifetimePolicy);
return(RedirectToPage("./Index"));
}
private async Task AssignTokenPolicyToApplication(TokenLifetimePolicy tokenPolicy)
{
// You can only assign a policy to a single tenant application. ("signInAudience": "AzureADMyOrg")
//var applicationId = "64ecb044-417b-4892-83d4-5c03e8c977b9"; // application id
//var applicationId = "252278a5-c414-43ae-9363-34eed62463d0"; // single org
var applicationId = "98328d53-55ec-4f14-8407-0ca5ff2f2d20"; // single org
await _tokenLifetimePolicyService.AssignPolicyToApplication(applicationId, tokenPolicy);
}
public async Task <TokenLifetimePolicy> UpdatePolicy(TokenLifetimePolicy tokenLifetimePolicy)
{
var graphclient = await GetGraphClient(scopesPolicy).ConfigureAwait(false);
return(await graphclient
.Policies
.TokenLifetimePolicies[tokenLifetimePolicy.Id]
.Request()
.UpdateAsync(tokenLifetimePolicy)
.ConfigureAwait(false));
}
private async Task ApplyPolicyToAadApp(string policyId, string appObjectId)
{
var tokenLifetimePolicy = new TokenLifetimePolicy()
{
Id = policyId,
AdditionalData = new Dictionary <string, object>()
{
{ "@odata.id", "https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies/" + policyId }
}
};
await _graphClient.Applications[appObjectId].TokenLifetimePolicies.References.Request().AddAsync(tokenLifetimePolicy);
}
private async Task <string> CreateShortTokenLifetimePolicy()
{
var tokenLifetimePolicy = new TokenLifetimePolicy
{
DisplayName = ShortTokenLifetimePolicyName,
Definition = new List <string>()
{
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"00:10:00\"}}" // Access token will expire after 10 minutes
}
};
var result = await _graphClient.Policies.TokenLifetimePolicies.Request().AddAsync(tokenLifetimePolicy);
return(result.Id);
}
/// <summary>
/// Update the navigation property tokenLifetimePolicies in policies
/// <param name="body"></param>
/// <param name="requestConfiguration">Configuration for the request such as headers, query parameters, and middleware options.</param>
/// </summary>
public RequestInformation CreatePatchRequestInformation(TokenLifetimePolicy body, Action <TokenLifetimePolicyItemRequestBuilderPatchRequestConfiguration> requestConfiguration = default)
{
_ = body ?? throw new ArgumentNullException(nameof(body));
var requestInfo = new RequestInformation {
HttpMethod = Method.PATCH,
UrlTemplate = UrlTemplate,
PathParameters = PathParameters,
};
requestInfo.SetContentFromParsable(RequestAdapter, "application/json", body);
if (requestConfiguration != null)
{
var requestConfig = new TokenLifetimePolicyItemRequestBuilderPatchRequestConfiguration();
requestConfiguration.Invoke(requestConfig);
requestInfo.AddRequestOptions(requestConfig.Options);
requestInfo.AddHeaders(requestConfig.Headers);
}
return(requestInfo);
}
public async Task <TokenLifetimePolicy> CreatePolicy(TokenLifetimePolicy tokenLifetimePolicy)
{
var graphclient = await GetGraphClient(scopesPolicy).ConfigureAwait(false);
//var tokenLifetimePolicy = new TokenLifetimePolicy
//{
// Definition = new List<string>()
// {
// "{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"05:30:00\"}}"
// },
// DisplayName = "AppAccessTokenLifetimePolicy",
// IsOrganizationDefault = false
//};
return(await graphclient
.Policies
.TokenLifetimePolicies
.Request()
.AddAsync(tokenLifetimePolicy)
.ConfigureAwait(false));
}
public async Task AssignPolicyToApplication(string appId, TokenLifetimePolicy tokenLifetimePolicy)
{
var graphclient = await GetGraphClient(scopesApplications).ConfigureAwait(false);
var app2 = await graphclient
.Applications
.Request()
.Filter($"appId eq '{appId}'")
.GetAsync()
.ConfigureAwait(false);
var id = app2[0].Id;
await graphclient
.Applications[id]
.TokenLifetimePolicies
.References
.Request()
.AddAsync(tokenLifetimePolicy)
.ConfigureAwait(false);
}
public async Task OnGetAsync()
{
// https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#configurable-token-lifetime-properties
var tokenLifetimePolicy = new TokenLifetimePolicy
{
Definition = new List <string>()
{
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"05:30:00\"}}"
},
DisplayName = "AppAccessTokenLifetimePolicy",
IsOrganizationDefault = false
};
var data = await _tokenLifetimePolicyService.GetPolicies();
var dataw = await _tokenLifetimePolicyService.PolicyAppliesTo(data[0].Id);
//var created = await _tokenLifetimePolicyService.CreatePolicy(tokenLifetimePolicy);
//await _tokenLifetimePolicyService.DeletePolicy(data[0].Id);
//await AssignTokenPolicyToApplication(data[0]);
}
