public async Task <ActionResult> InstallApp()
{
var client = await AuthenticationHelper.GetActiveDirectoryClientAsync(Permissions.Delegated);
var servicePrincipal = await client.ServicePrincipals
.Where(i => i.AppId == Constants.AADClientId)
.ExecuteSingleAsync();
var resourceId = new Guid(servicePrincipal.ObjectId);
int count = 0;
var users = await client.Users.ExecuteAllAsync();
foreach (var user in users)
{
var userFetcher = client.Users.GetByObjectId(user.ObjectId);
var appRoleAssignment = await userFetcher.AppRoleAssignments
.Where(i => i.ResourceId == resourceId)
.ExecuteFirstOrDefaultAsync();
if (appRoleAssignment != null)
{
continue;
}
// https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/resources/approleassignment.md
appRoleAssignment = new AAD.AppRoleAssignment
{
CreationTimestamp = DateTime.UtcNow,
//Id = Guid.Empty,
PrincipalDisplayName = user.DisplayName,
PrincipalId = new Guid(user.ObjectId),
PrincipalType = "User",
ResourceId = resourceId,
ResourceDisplayName = servicePrincipal.DisplayName
};
try
{
await userFetcher.AppRoleAssignments.AddAppRoleAssignmentAsync(appRoleAssignment);
}
catch (DataServiceRequestException)
{
// Ignore this exception.
}
catch (ODataErrorException)
{
// Ignore this exception.
}
count++;
}
TempData["Message"] = count > 0
? $"The App was successfully installed for {count} user(s)."
: "The App had been installed for all users.";
return(RedirectToAction("Index"));
}
public async Task <ActionResult> AddAppRoleAssignments()
{
var client = await AuthenticationHelper.GetActiveDirectoryClientAsync(Permissions.Delegated);
var servicePrincipal = await client.ServicePrincipals
.Where(i => i.AppId == Constants.AADClientId)
.ExecuteSingleAsync();
if (servicePrincipal == null)
{
TempData["Error"] = "Could not found the service principal. Please provdie the admin consent.";
return(RedirectToAction("Index"));
}
int count = 0;
var tasks = new List <Task>();
var resourceId = new Guid(servicePrincipal.ObjectId);
var users = await client.Users
.Expand(i => i.AppRoleAssignments)
.ExecuteAllAsync();
foreach (var user in users)
{
var task = Task.Run(async() =>
{
if (await user.AppRoleAssignments.AnyAsync(i => i.ResourceId == resourceId))
{
return;
}
// https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/resources/approleassignment.md
var appRoleAssignment = new AAD.AppRoleAssignment
{
CreationTimestamp = DateTime.UtcNow,
//Id = Guid.Empty,
PrincipalDisplayName = user.DisplayName,
PrincipalId = new Guid(user.ObjectId),
PrincipalType = "User",
ResourceId = resourceId,
ResourceDisplayName = servicePrincipal.DisplayName
};
var userFetcher = client.Users.GetByObjectId(user.ObjectId);
try
{
await userFetcher.AppRoleAssignments.AddAppRoleAssignmentAsync(appRoleAssignment);
}
catch { }
Interlocked.Increment(ref count);
});
tasks.Add(task);
}
Task.WaitAll(tasks.ToArray());
TempData["Message"] = count > 0
? $"User access was successfully enabled for {count} user(s)."
: "User access was enabled for all users.";
return(RedirectToAction("Index"));
}
// see: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/approleassignment_update for Microsoft Graph reference
// this uses the AAD Graph since it appears to be the only place it is implemented currently (12/2017)
// todo: this sucks, the object model for graph v1 is a joke and graph v2 doesn't work
public async Task <bool> AddUserToRole2(string userIdentifier)
{
var appRef = _aadClient.Applications.GetByObjectId(_config.AppObjectId);
var app = (AAD.Application)appRef.ToApplication();
var servicePrincipal = (AAD.ServicePrincipal)appRef.ToServicePrincipal();
var user = (AAD.User)(await _aadClient.Users.Where(x => x.UserPrincipalName == userIdentifier).ExecuteSingleAsync());
if (app.ObjectId != null && user != null && servicePrincipal.ObjectId != null)
{
var appRoleAssignment = new AAD.AppRoleAssignment
{
Id = app.AppRoles.FirstOrDefault().Id,
ResourceId = Guid.Parse(servicePrincipal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId)
};
user.AppRoleAssignments.Add(appRoleAssignment);
await user.UpdateAsync();
return(true);
}
return(false);
}