public ActionResult Create([Bind(Include = "DisplayName,Description,MailNickName,SecurityEnabled")] Group group)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// Setup Graph API connection and add Group
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
group.MailEnabled = false;
graphConnection.Add(group);
return RedirectToAction("Index");
}
catch (Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
public ActionResult Create([Bind(Include="UserPrincipalName,AccountEnabled,PasswordProfile,MailNickname,DisplayName,GivenName,Surname,JobTitle,Department")] User user)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// Setup Graph API connection and add User
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
graphConnection.Add(user);
return RedirectToAction("Index");
}
catch (Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
/// <summary>
/// Gets a list of <see cref="User"/> objects that are members of a give <see cref="Role"/>.
/// </summary>
/// <param name="objectId">Unique identifier of the <see cref="Role"/>.</param>
/// <returns>A view with the list of <see cref="User"/> objects.</returns>
public ActionResult GetMembers(string objectId)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get Role members
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
Role role = graphConnection.Get<Role>(objectId);
IList<GraphObject> members = graphConnection.GetAllDirectLinks(role, LinkProperty.Members);
IList<User> users = new List<User>();
foreach (GraphObject obj in members)
{
if (obj is User)
{
users.Add((User)obj);
}
}
return View(users);
}
/// <summary>
/// Gets the uri for listing the directory objects.
/// </summary>
/// <param name="parent">Parent object if the list is for containment type.</param>
/// <param name="graphConnection">Call context.</param>
/// <param name="nextLink">Link to the next set of results.</param>
/// <param name="objectType">Directory object type.</param>
/// <param name="filter">Filter expression generator.</param>
/// <returns>Uri for listing the directory objects.</returns>
/// <exception cref="UriFormatException">Invalid format for next link.</exception>
/// <exception cref="ArgumentNullException">Invalid call context or object type.</exception>
public static Uri GetListUri(
GraphObject parent,
Type objectType,
GraphConnection graphConnection,
string nextLink,
FilterGenerator filter)
{
Utils.ThrowIfNullOrEmpty(graphConnection, "graphConnection");
Utils.ThrowIfNullOrEmpty(objectType, "objectType");
if (filter == null)
{
// Generate a dummy filter
// Makes it easy to add the api-version parameter.
filter = new FilterGenerator();
}
// Get the entity attribute.
EntityAttribute entityAttribute = Utils.GetCustomAttribute <EntityAttribute>(objectType, true);
// Build a base uri for both paged and non paged queries.
UriBuilder uriBuilder;
string baseUri = graphConnection.AadGraphEndpoint;
if (!String.IsNullOrEmpty(nextLink))
{
string formattedNextLink = String.Format(
CultureInfo.InvariantCulture,
"{0}/{1}",
baseUri,
nextLink);
uriBuilder = new UriBuilder(formattedNextLink);
}
else
{
if (parent != null)
{
baseUri = String.Format(
"{0}/{1}/{2}",
baseUri,
Utils.GetCustomAttribute <EntityAttribute>(parent.GetType(), true).SetName,
parent.ObjectId);
}
baseUri = String.Format(
CultureInfo.InvariantCulture,
"{0}/{1}",
baseUri,
entityAttribute.SetName);
uriBuilder = new UriBuilder(baseUri);
}
// add the delta link to the uri
uriBuilder.AddParameter(Constants.DeltaLinkQueryKeyName, graphConnection.DeltaToken);
filter[Constants.QueryParameterNameApiVersion] = graphConnection.GraphApiVersion;
Utils.BuildQueryFromFilter(uriBuilder, filter);
return(uriBuilder.Uri);
}
// GET api/WorkerList
public async Task<IList<UserProfile>> Get()
{
var authenticationResult = await AdIntegration.GetAuthenticationTokenAsync();
var graphConnection = new GraphConnection(authenticationResult.AccessToken);
var adWorkers = graphConnection.Get<Group>(CloudConfigurationManager.GetSetting(Constants.ConfigurationKeys.WorkerAdGroup));
var members = graphConnection.GetLinkedObjects(adWorkers, LinkProperty.Members, null, -1);
var returnValue = new List<UserProfile>();
foreach (var member in members.Results)
{
var user = member as User;
if (user != null && (!user.AccountEnabled.HasValue || user.AccountEnabled.Value))
{
var groups = graphConnection.GetLinkedObjects(user, LinkProperty.MemberOf, null, -1);
returnValue.Add(new UserProfile
{
FullName = user.DisplayName,
FirstName = user.GivenName,
LastName = user.Surname,
UserId = user.UserPrincipalName,
Manager = groups.Results.ToList().Any(g => g.ObjectId == CloudConfigurationManager.GetSetting(Constants.ConfigurationKeys.ManagerAdGroup))
});
}
}
return returnValue;
}
/// <summary>
/// Get the Uri that refers to a single directory object.
/// </summary>
/// <typeparam name="T">Type of the directory object.</typeparam>
/// <param name="graphConnection">Call context.</param>
/// <param name="objectId">Object id (Optional).</param>
/// <param name="fragments">Optional fragments.</param>
/// <returns>Uri to refer to a specific object.</returns>
public static Uri GetRequestUri <T>(
GraphConnection graphConnection,
string objectId,
params string[] fragments) where T : DirectoryObject
{
return(Utils.GetRequestUri(
graphConnection, typeof(T), objectId, null, -1, fragments));
}
/// <summary>
/// Gets the uri for listing the directory objects.
/// </summary>
/// <param name="graphConnection">Call context.</param>
/// <param name="nextLink">Link to the next set of results.</param>
/// <param name="objectType">Directory object type.</param>
/// <param name="filter">Filter expression generator.</param>
/// <returns>Uri for listing the directory objects.</returns>
/// <exception cref="UriFormatException">Invalid format for next link.</exception>
/// <exception cref="ArgumentNullException">Invalid call context or object type.</exception>
public static Uri GetListUri(
Type objectType,
GraphConnection graphConnection,
string nextLink,
FilterGenerator filter)
{
return(GetListUri(null, objectType, graphConnection, nextLink, filter));
}
/// <summary>
/// Get the object uri for the specified type.
/// </summary>
/// <param name="graphConnection">Call context.</param>
/// <param name="typeOfEntityObject">Type of object.</param>
/// <param name="objectId">Object id (optional)</param>
/// <param name="fragments">Optional url fragments.</param>
/// <returns>Request uri.</returns>
public static Uri GetRequestUri(
GraphConnection graphConnection,
Type typeOfEntityObject,
string objectId,
params string[] fragments)
{
return(Utils.GetRequestUri(
graphConnection, typeOfEntityObject, objectId, null, -1, fragments));
}
public ActionResult Users()
{
// get the tenantName
var tenantId = ClaimsPrincipal.Current.FindFirst(ClaimType).Value;
var authenticationContext = new AuthenticationContext(
string.Format(AuthString, tenantId),
false);
authenticationContext.TokenCacheStore.Clear();
// retrieve the clientId and password from the Web.config file
var clientId = ConfigurationManager.AppSettings["ClientId"];
var clientSecret = ConfigurationManager.AppSettings["Password"];
// create the credentials and get a token
var clientCred = new ClientCredential(clientId, clientSecret);
try
{
var token = authenticationContext.AcquireToken(Resource, clientCred).AccessToken;
if (!string.IsNullOrEmpty(token))
{
var graphSettings = new GraphSettings
{
ApiVersion = "2013-11-08",
GraphDomainName = "graph.windows.net"
};
// get tenant information
var graphConnection = new GraphConnection(token, graphSettings);
var tenant = graphConnection.Get(typeof(TenantDetail), tenantId);
if (tenant != null)
{
var tenantDetail = (TenantDetail)tenant;
ViewBag.OtherMessage = "User List from tenant: " + tenantDetail.DisplayName;
}
// get the list of users
var pagedReslts = graphConnection.List<User>(null, new FilterGenerator());
return this.View(pagedReslts.Results);
}
}
catch (ActiveDirectoryAuthenticationException ex)
{
ViewBag.OtherMessage = string.Format("Acquiring a token failed with the following error: {0}", ex.Message);
}
catch (AuthorizationException e)
{
ViewBag.OtherMessage = string.Format("Failed to return the list of Users with Exception: {0}", e.ErrorMessage);
}
return this.View();
}
private static bool UserIsMemberOfGroup(GraphConnection graphConnection, string userUPN, string groupDisplayName)
{
// Get the group for which we want to check membership
FilterGenerator filter = new FilterGenerator();
Expression filterExpression = ExpressionHelper.CreateEqualsExpression(typeof(Group), GraphProperty.DisplayName, groupDisplayName);
filter.QueryFilter = filterExpression;
PagedResults<Group> groupToCheckResults = graphConnection.List<Group>(null, filter);
if (groupToCheckResults.Results.Count == 1)
{
// Add group to our groups to check list
Group groupToCheck = groupToCheckResults.Results[0] as Group;
IList<String> groupsList = new List<string>();
groupsList.Add(groupToCheck.ObjectId);
// Get the user for which we want to check the group membership
FilterGenerator userFilter = new FilterGenerator();
Expression userFilterExpression = ExpressionHelper.CreateEqualsExpression(typeof(User), GraphProperty.UserPrincipalName, userUPN);
userFilter.QueryFilter = userFilterExpression;
User retrievedUser = new User();
PagedResults<User> pagedUserResults = graphConnection.List<User>(null, userFilter);
if (pagedUserResults.Results.Count == 1)
{
retrievedUser = pagedUserResults.Results[0] as User;
// Check if the user belongs to any of the passed groups
IList<String> memberships = graphConnection.CheckMemberGroups(retrievedUser, groupsList);
// If the passed group is returned back then the user is a member
if (memberships.Contains(groupToCheck.ObjectId))
{
return true;
}
else
{
return false;
}
}
else
{
throw new ArgumentException(String.Format("Group {0} does not exist", groupDisplayName));
}
}
else
{
throw new ArgumentException(String.Format("User {0} does not exist", userUPN));
}
}
private static UserProfile LoadUser(GraphObject member, GraphConnection graphConnection)
{
var user = member as User;
if (user != null && (!user.AccountEnabled.HasValue || user.AccountEnabled.Value))
{
var groups = graphConnection.GetLinkedObjects(user, LinkProperty.MemberOf, null, -1);
return new UserProfile
{
FullName = user.DisplayName,
FirstName = user.GivenName,
LastName = user.Surname,
UserId = user.UserPrincipalName,
Manager = groups.Results.ToList()
.Any(g => g.ObjectId == CloudConfigurationManager.GetSetting(Constants.ConfigurationKeys.ManagerAdGroup))
};
}
return null;
}
// GET api/Profile
public async Task<UserProfile> Get()
{
var authenticationResult = await Utils.AdIntegration.GetAuthenticationTokenAsync();
var credentials = await Utils.AdIntegration.GetCredentialsAsync(User);
var graphConnection = new GraphConnection(authenticationResult.AccessToken);
var adUser = graphConnection.Get<User>(credentials.ObjectId);
var groups = graphConnection.GetLinkedObjects(adUser, LinkProperty.MemberOf, null, -1);
var returnValue = new UserProfile
{
FullName = adUser.DisplayName,
FirstName = adUser.GivenName,
LastName = adUser.Surname,
UserId = adUser.UserPrincipalName,
Manager = groups.Results.ToList().Any(g => g.ObjectId == CloudConfigurationManager.GetSetting(Constants.ConfigurationKeys.ManagerAdGroup))
};
return returnValue;
}
// GET api/WorkerList
public async Task<IList<UserProfile>> Get()
{
var authenticationResult = await AdIntegration.GetAuthenticationTokenAsync();
var graphConnection = new GraphConnection(authenticationResult.AccessToken);
var adWorkers = graphConnection.Get<Group>(CloudConfigurationManager.GetSetting(Constants.ConfigurationKeys.WorkerAdGroup));
var members = graphConnection.GetLinkedObjects(adWorkers, LinkProperty.Members, null, -1);
var returnValue = new List<UserProfile>();
foreach (var member in members.Results)
{
returnValue.Add(LoadUser(member, graphConnection));
}
var adManagers = graphConnection.Get<Group>(CloudConfigurationManager.GetSetting(Constants.ConfigurationKeys.ManagerAdGroup));
members = graphConnection.GetLinkedObjects(adManagers, LinkProperty.Members, null, -1);
foreach (var member in members.Results)
{
returnValue.Add(LoadUser(member, graphConnection));
}
return returnValue;
}
/// <summary>
/// Gets details of a single <see cref="Contact"/> Graph.
/// </summary>
/// <returns>A view with the details of a single <see cref="Contact"/>.</returns>
public ActionResult Details(string objectId)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get single Contact
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
Contact contact = graphConnection.Get<Contact>(objectId);
return View(contact);
}
/// <summary>
/// Get the object uri for the specified type.
/// </summary>
/// <param name="graphConnection">Call context.</param>
/// <param name="typeOfEntityObject">Type of object.</param>
/// <param name="objectId">Object id (optional)</param>
/// <param name="fragments">Optional url fragments.</param>
/// <returns>Request uri.</returns>
public static Uri GetRequestUri(
GraphConnection graphConnection,
Type parentType,
string parentObjectId,
Type containmentType,
string containmentObjectId,
params string[] fragments)
{
EntityAttribute containmentEntityAttribute = Utils.GetCustomAttribute <EntityAttribute>(containmentType, true);
StringBuilder containmentUriEntry = new StringBuilder(containmentEntityAttribute.SetName);
if (!string.IsNullOrEmpty(containmentObjectId))
{
containmentUriEntry.AppendFormat("/{0}", containmentObjectId);
}
IList <string> fragmentsList = fragments == null ? new List <string>() : fragments.ToList();
fragmentsList.Add(containmentUriEntry.ToString());
return(Utils.GetRequestUri(
graphConnection, parentType, parentObjectId, null, -1, fragmentsList.ToArray()));
}
/// <summary>
/// Gets a list of <see cref="Group"/> objects that a given <see cref="Contact"/> is member of.
/// </summary>
/// <param name="objectId">Unique identifier of the <see cref="Contact"/>.</param>
/// <returns>A view with the list of <see cref="Group"/> objects.</returns>
public ActionResult GetGroups(string objectId)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get Group membership
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
GraphObject graphContact = graphConnection.Get<Contact>(objectId);
PagedResults<GraphObject> memberShip = graphConnection.GetLinkedObjects(graphContact, LinkProperty.MemberOf, null, 999);
// filter for Groups only
int count = 0;
IList<Group> groupMembership = new List<Group>();
foreach (GraphObject graphObj in memberShip.Results)
{
if (graphObj.ODataTypeName.Contains("Group"))
{
Group groupMember = (Group)memberShip.Results[count];
groupMembership.Add(groupMember);
}
++count;
}
return View(groupMembership);
}
public ActionResult Edit([Bind(Include="ObjectId,UserPrincipalName,DisplayName,City,Department")] User user)
{
string accessToken = null;
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
if (tenantId != null)
{
accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId);
}
if (accessToken == null)
{
//
// If refresh is set to true, the user has clicked the link to be authorized again.
//
if (Request.QueryString["reauth"] == "True")
{
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// TODO: Add update logic here
CallContext currentCallContext = new CallContext(
accessToken, Guid.NewGuid(), graphApiVersion);
GraphConnection graphConnection = new GraphConnection(currentCallContext);
graphConnection.Update(user);
return RedirectToAction("Index");
}
catch(Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
public ActionResult ShowThumbnail(string id)
{
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get Group membership
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
// User user = graphConnection.Get<User>(id);
User user = new User();
user.ObjectId = id;
try
{
Stream ms = graphConnection.GetStreamProperty(user, GraphProperty.ThumbnailPhoto, "image/jpeg");
user.ThumbnailPhoto = ms;
}
catch
{
user.ThumbnailPhoto = null;
}
if (user.ThumbnailPhoto != null)
{
return File(user.ThumbnailPhoto, "image/jpeg");
}
return View();
}
public ActionResult Edit([Bind(Include = "ObjectId,UserPrincipalName,DisplayName,AccountEnabled,GivenName,Surname,JobTitle,Department,Mobile,StreetAddress,City,State,Country,")] User user, FormCollection values)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// TODO: Add update logic here
// Setup Graph API connection and update single User
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
graphConnection.Update(user);
// update thumbnail photo
if (!String.IsNullOrEmpty(values["photofile"]))
{
//string path = AppDomain.CurrentDomain.BaseDirectory + "uploads/";
//string filename = Path.GetFileName(values["photofile"]);
//Image image = Image.FromFile(filename);
var imageFile = Path.Combine(Server.MapPath("~/app_data"), values["photofile"]);
Image image = Image.FromFile(imageFile);
MemoryStream stream = new MemoryStream();
image.Save(stream, ImageFormat.Jpeg);
// Write the photo file to the Graph service.
graphConnection.SetStreamProperty(user, GraphProperty.ThumbnailPhoto, stream, "image/jpeg");
}
return RedirectToAction("Index");
}
catch(Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
/// <summary>
/// Gets a list of <see cref="Group"/> objects that a given <see cref="User"/> is member of.
/// </summary>
/// <param name="objectId">Unique identifier of the <see cref="User"/>.</param>
/// <returns>A view with the list of <see cref="Group"/> objects.</returns>
public ActionResult GetGroups(string objectId)
{
string accessToken = null;
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
if (tenantId != null)
{
accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId);
}
if (accessToken == null)
{
//
// If refresh is set to true, the user has clicked the link to be authorized again.
//
if (Request.QueryString["reauth"] == "True")
{
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
CallContext currentCallContext = new CallContext(
accessToken, Guid.NewGuid(), graphApiVersion);
GraphConnection graphConnection = new GraphConnection(currentCallContext);
IList<string> groupIds = graphConnection.GetMemberGroups(new User() { ObjectId = objectId }, false);
return View(groupIds);
}
// GET: UserProfile
public ActionResult Index()
{
string clientId = ConfigurationManager.AppSettings["ida:ClientID"];
string appKey = ConfigurationManager.AppSettings["ida:Password"];
string graphResourceID = "https://graph.windows.net";
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
bool validTokenPresent = true;
TodoListWebApp.Models.TokenCacheEntry tce = null;
//get a token using the cached values
var existing = db.TokenCache.FirstOrDefault(a => (a.SignedInUser==signedInUserID) && (a.ResourceID == graphResourceID));
if(existing!=null) //we have a token cache entry
{
tce = existing;
//if the access token is expired
if ( tce.Expiration.DateTime < DateTime.Now)
{
//use the refresh token to get a fresh set of tokens
try
{
ClientCredential clientcred = new ClientCredential(clientId, appKey);
AuthenticationContext authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantID));
AuthenticationResult result = authContext.AcquireTokenByRefreshToken(tce.RefreshToken, clientId, clientcred, graphResourceID);
TodoListWebApp.Models.TokenCacheEntry tce2 = new TodoListWebApp.Models.TokenCacheEntry
{
SignedInUser = signedInUserID,
TokenRequestorUser = result.UserInfo.UserId,
ResourceID = graphResourceID,
AccessToken = result.AccessToken,
RefreshToken = result.RefreshToken,
Expiration = result.ExpiresOn.AddMinutes(-5)
};
db.TokenCache.Remove(tce);
db.TokenCache.Add(tce2);
db.SaveChanges();
tce = tce2;
}
catch
{
// the refresh token might be expired
tce = null;
}
}
} else // we don't have a cached token
{
tce = null;// it's already null, but for good measure...
}
if (tce != null)
{
// CallContext currentCallContext = new CallContext { AccessToken = tce.AccessToken, ClientRequestId = Guid.NewGuid(), TenantId = tenantID, ApiVersion = "2013-11-08" };
CallContext currentCallContext = new CallContext(tce.AccessToken, Guid.NewGuid(), "2013-11-08");
GraphConnection graphConnection = new GraphConnection(currentCallContext);
User user = graphConnection.Get<User>(userObjectID);
return View(user);
}
else
{
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
}
public ActionResult Create([Bind(Include="UserPrincipalName,AccountEnabled,PasswordProfile,MailNickname,DisplayName,GivenName,Surname,JobTitle,Department")] User user)
{
string accessToken = null;
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
if (tenantId != null)
{
accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId);
}
if (accessToken == null)
{
//
// If refresh is set to true, the user has clicked the link to be authorized again.
//
if (Request.QueryString["reauth"] == "True")
{
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// Setup Graph API connection and add User
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = graphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
graphConnection.Add(user);
return RedirectToAction("Index");
}
catch (Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
/// <summary>
/// Gets a list of <see cref="User"/> objects from Graph.
/// </summary>
/// <returns>A view with the list of <see cref="User"/> objects.</returns>
public ActionResult Index()
{
// Retrieve the user's tenantID and access token since they are used to call the GraphAPI.
//
string accessToken = null;
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
if (tenantId != null)
{
accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId);
}
if (accessToken == null)
{
//
// If refresh is set to true, the user has clicked the link to be authorized again.
//
if (Request.QueryString["reauth"] == "True")
{
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get a list of users
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = graphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
PagedResults<User> pagedReslts = graphConnection.List<User>(null, new FilterGenerator());
return View(pagedReslts.Results);
}
/// <summary>
/// Gets a list of <see cref="Group"/> objects that a given <see cref="User"/> is member of.
/// </summary>
/// <param name="objectId">Unique identifier of the <see cref="User"/>.</param>
/// <returns>A view with the list of <see cref="Group"/> objects.</returns>
public ActionResult GetGroups(string objectId)
{
string accessToken = null;
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
if (tenantId != null)
{
accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId);
}
if (accessToken == null)
{
//
// If refresh is set to true, the user has clicked the link to be authorized again.
//
if (Request.QueryString["reauth"] == "True")
{
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get Group membership
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = graphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
GraphObject graphUser = graphConnection.Get<User>(objectId);
PagedResults<GraphObject> memberShip = graphConnection.GetLinkedObjects(graphUser, LinkProperty.MemberOf, null, 999);
// users can be members of Groups and Roles
// for this app, we will filter and only show Groups
int count = 0;
IList<Group> groupMembership = new List<Group>();
foreach (GraphObject graphObj in memberShip.Results)
{
if (graphObj.ODataTypeName.Contains("Group"))
{
Group groupMember = (Group)memberShip.Results[count];
groupMembership.Add(groupMember);
}
++count;
}
//return View(groupIds);
return View(groupMembership);
}
public static void GetUsersFromAD()
{
//if (HttpContext.Current.Cache["ADUSERS"] == null)
IDatabase cache = MvcApplication.RedisCache.GetDatabase();
var adUsers = cache.Get<List<ActiveDirectoryUser>>("ADUSERS");
if (adUsers == null)
{
// Graph API Settings
string graphResourceId = "https://graph.windows.net";
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string appPassword = ConfigurationManager.AppSettings["ida:Password"];
Uri audienceUri = new Uri(ConfigurationManager.AppSettings["ida:AudienceUri"]);
string tenant = audienceUri.Host;
string Authority = String.Format("https://login.windows.net/{0}", tenant);
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Authority);
activeDirectoryUsers = new List<ActiveDirectoryUser>();
ClientCredential credential = new ClientCredential(clientId, appPassword);
AuthenticationResult result = null;
List<User> userList = new List<User>();
result = authContext.AcquireToken(graphResourceId, credential);
//Setup Graph API connection and get a list of users
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = "2013-11-08";
GraphConnection graphConnection = new GraphConnection(result.AccessToken, ClientRequestId, graphSettings);
// Get results from all pages into a list
PagedResults<User> pagedResults = graphConnection.List<User>(null, new FilterGenerator());
userList.AddRange(pagedResults.Results);
while (!pagedResults.IsLastPage)
{
pagedResults = graphConnection.List<User>(pagedResults.PageToken, new FilterGenerator());
userList.AddRange(pagedResults.Results);
}
foreach (var u in userList)
{
var adUser = new ActiveDirectoryUser();
adUser.Location = String.Format("{0},{1}", u.City, u.State);
adUser.FullName = u.GivenName + " " + u.Surname;
adUser.Position = u.JobTitle;
adUser.ActiveDirectoryId = u.UserPrincipalName;
adUser.ObjectId = u.ObjectId;
try
{
using (Stream ms = graphConnection.GetStreamProperty(u, GraphProperty.ThumbnailPhoto, "image/jpeg"))
{
if (ms != null)
{
byte[] b;
using (BinaryReader br = new BinaryReader(ms))
{
b = br.ReadBytes((int)ms.Length);
}
adUser.ThumbnailPhoto = b;
// Retrieve via the controller
adUser.ImageUrl = String.Format("/AdImages/Details/{0}", adUser.ObjectId);
}
}
}
catch (Exception)
{
adUser.ImageUrl = "/images/user-placeholder.png";
}
activeDirectoryUsers.Add(adUser);
}
// HttpContext.Current.Cache.Insert("ADUSERS", activeDirectoryUsers, null, DateTime.Now.AddMinutes(5), TimeSpan.Zero, System.Web.Caching.CacheItemPriority.Normal, null);
cache.Set("ADUSERS", activeDirectoryUsers, TimeSpan.FromMinutes(5));
}
else
{
//activeDirectoryUsers = (List<ActiveDirectoryUser>)HttpContext.Current.Cache["ADUSERS"];
activeDirectoryUsers = (List<ActiveDirectoryUser>)cache.Get("ADUSERS");
}
}
/// <summary>
/// Gets the uri for listing the directory objects.
/// </summary>
/// <param name="graphConnection">Call context.</param>
/// <param name="nextLink">Link to the next set of results.</param>
/// <typeparam name="T">Directory object type.</typeparam>
/// <param name="filter">Filter expression generator.</param>
/// <returns>Uri for listing the directory objects.</returns>
/// <exception cref="UriFormatException">Invalid format for next link.</exception>
/// <exception cref="ArgumentNullException">Invalid filter.</exception>
public static Uri GetListUri <T>(
GraphConnection graphConnection, string nextLink, FilterGenerator filter) where T : DirectoryObject
{
return(GetListUri(typeof(T), graphConnection, nextLink, filter));
}
/// <summary>
/// Get the object uri for the specified type.
/// </summary>
/// <param name="graphConnection">Call context.</param>
/// <param name="typeOfEntityObject">Type of object.</param>
/// <param name="objectId">Object id (optional)</param>
/// <param name="nextLink">Optional next link.</param>
/// <param name="top">Optional top (less than zero is ignored)</param>
/// <param name="fragments">Optional url fragments.</param>
/// <returns>Request uri.</returns>
public static Uri GetRequestUri(
GraphConnection graphConnection,
Type typeOfEntityObject,
string objectId,
string nextLink,
int top,
params string[] fragments)
{
StringBuilder sb = new StringBuilder();
string baseUri = graphConnection.AadGraphEndpoint;
if (!String.IsNullOrEmpty(nextLink))
{
sb.AppendFormat(
CultureInfo.InvariantCulture,
"{0}/{1}",
baseUri,
nextLink);
}
else
{
if (typeOfEntityObject != null)
{
// TODO: Cache the EntityAttribute
EntityAttribute entityAttribute = Utils.GetCustomAttribute <EntityAttribute>(typeOfEntityObject, true);
sb.AppendFormat(
CultureInfo.InvariantCulture,
"{0}/{1}",
baseUri,
entityAttribute.SetName);
}
else
{
sb.Append(baseUri);
}
if (!String.IsNullOrEmpty(objectId))
{
sb.AppendFormat(
CultureInfo.InvariantCulture, "/{0}", objectId);
}
foreach (string fragment in fragments)
{
sb.AppendFormat(
CultureInfo.InvariantCulture,
"/{0}",
fragment);
}
}
UriBuilder uriBuilder = new UriBuilder(sb.ToString());
Utils.AddQueryParameter(
uriBuilder,
Constants.QueryParameterNameApiVersion,
graphConnection.GraphApiVersion,
true);
if (top > 0)
{
Utils.AddQueryParameter(
uriBuilder,
Constants.TopOperator,
top.ToString(),
true);
}
return(uriBuilder.Uri);
}
/// <summary>
/// Gets a list of <see cref="Group"/> objects from Graph.
/// </summary>
/// <returns>A view with the list of <see cref="Group"/> objects.</returns>
public ActionResult Index()
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
//Setup GRaph API connection and get a list of groups
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
PagedResults<Group> pagedResults = graphConnection.List<Group>(null, new FilterGenerator());
return View(pagedResults.Results);
}
static void Main()
{
// get OAuth token using Client Credentials
string tenantName = "GraphDir1.onMicrosoft.com";
string authString = "https://login.windows.net/" + tenantName;
AuthenticationContext authenticationContext = new AuthenticationContext(authString,false);
// Config for OAuth client credentials
string clientId = "118473c2-7619-46e3-a8e4-6da8d5f56e12";
string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q=";
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
string resource = "https://graph.windows.net";
string token;
try
{
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
token = authenticationResult.AccessToken;
}
catch (AuthenticationException ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
if (ex.InnerException != null)
{
//You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx
//InnerException Message will contain the HTTP error status codes mentioned in the link above
Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
}
Console.ResetColor();
Console.ReadKey();
return;
}
// record start DateTime of execution
string CurrentDateTime = DateTime.Now.ToUniversalTime().ToString();
//*********************************************************************
// setup Graph connection
//*********************************************************************
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = "2013-11-08";
graphSettings.GraphDomainName = "graph.windows.net";
GraphConnection graphConnection = new GraphConnection(token, ClientRequestId,graphSettings);
VerifiedDomain initialDomain = new VerifiedDomain();
VerifiedDomain defaultDomain = new VerifiedDomain();
//*********************************************************************
// Get Tenant Details
// Note: update the string tenantId with your TenantId.
// This can be retrieved from the login Federation Metadata end point:
// https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
// Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization
// The returned value from the first xml node "EntityDescriptor", will have a STS URL
// containing your tenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com
//*********************************************************************
string tenantId = "4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34";
GraphObject tenant = graphConnection.Get(typeof(TenantDetail), tenantId);
if (tenant == null)
{
Console.WriteLine("Tenant not found");
}
else
{
TenantDetail tenantDetail = (TenantDetail)tenant;
Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName);
// Get the Tenant's Verified Domains
initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value);
Console.WriteLine("Initial Domain Name: " + initialDomain.Name);
defaultDomain = tenantDetail.VerifiedDomains.First(x => x.Default.HasValue && x.Default.Value);
Console.WriteLine("Default Domain Name: " + defaultDomain.Name);
foreach (string techContact in tenantDetail.TechnicalNotificationMails)
{
Console.WriteLine("Tenant Tech Contact: " + techContact);
}
}
//*********************************************************************
// Demonstrate Getting a list of Users with paging (get 4 users), sort by displayName
//*********************************************************************
Console.WriteLine("\n Retrieving Users");
FilterGenerator userFilter = new FilterGenerator();
userFilter.Top = 4;
userFilter.OrderByProperty = GraphProperty.DisplayName;
PagedResults<User> users = graphConnection.List<User>(null, userFilter);
foreach (User user in users.Results)
{
Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName);
}
// if there are more users to retrieve, get the rest of the users, and specify maximum page size 999
do
{
userFilter.Top = 999;
if (users.PageToken != null)
{
users = graphConnection.List<User>(users.PageToken, userFilter);
Console.WriteLine("\n Next page of results");
}
foreach (User user in users.Results)
{
Console.WriteLine("DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName);
}
} while (users.PageToken != null);
// search for a single user by UPN
string searchString = "adam@" + initialDomain.Name;
FilterGenerator filter = new FilterGenerator();
Expression filterExpression = ExpressionHelper.CreateEqualsExpression(typeof(User), GraphProperty.UserPrincipalName, searchString );
filter.QueryFilter = filterExpression;
User retrievedUser = new User();
PagedResults<User> pagedUserResults = graphConnection.List<User>(null, filter);
// should only find one user with the specified UPN
if (pagedUserResults.Results.Count == 1)
{
retrievedUser = pagedUserResults.Results[0] as User;
}
else
{
Console.WriteLine("User not found {0}", searchString);
}
if (retrievedUser.UserPrincipalName != null)
{
Console.WriteLine("\n Found User: "******" UPN: " + retrievedUser.UserPrincipalName);
// get the user's Manager
int count = 0;
PagedResults<GraphObject> managers = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.Manager, null);
foreach (GraphObject managerObject in managers.Results)
{
if (managerObject.ODataTypeName.Contains("User"))
{
User manager = (User)managers.Results[count];
Console.WriteLine(" Manager: {0} UPN: {1}", manager.DisplayName, manager.UserPrincipalName);
}
count++;
}
//*********************************************************************
// get the user's Direct Reports
//*********************************************************************
int top = 99;
PagedResults<GraphObject> directReportObjects = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.DirectReports, null, top);
foreach (GraphObject graphObject in directReportObjects.Results)
{
if (graphObject.ODataTypeName.Contains("User"))
{
User User = (User)graphObject;
Console.WriteLine(" DirectReport {0}: {1} UPN: {2}", User.ObjectType, User.DisplayName, User.UserPrincipalName);
}
if (graphObject.ODataTypeName.Contains("Contact"))
{
Contact Contact = (Contact)graphObject;
Console.WriteLine(" DirectReport {0}: {1} Mail: {2} ", Contact.ObjectType, Contact.DisplayName, Contact.Mail);
}
}
//*********************************************************************
// get a list of Group IDs that the user is a member of
//*********************************************************************
Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName);
bool securityGroupsOnly = false;
IList<string> usersGroupMembership = graphConnection.GetMemberGroups(retrievedUser, securityGroupsOnly);
foreach (String groupId in usersGroupMembership)
{
Console.WriteLine("Member of Group ID: "+ groupId);
}
//*********************************************************************
// get the User's Group and Role membership, getting the complete set of objects
//*********************************************************************
PagedResults<GraphObject> memberOfObjects = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.MemberOf, null, top);
foreach (GraphObject graphObject in memberOfObjects.Results)
{
if (graphObject.ODataTypeName.Contains("Group"))
{
Group Group = (Group)graphObject;
Console.WriteLine(" Group: {0} Description: {1}", Group.DisplayName, Group.Description);
}
if (graphObject.ODataTypeName.Contains("Role"))
{
Role Role = (Role)graphObject;
Console.WriteLine(" Role: {0} Description: {1}", Role.DisplayName, Role.Description);
}
}
}
//*********************************************************************
// People picker
// Search for a user using text string "ad" match against userPrincipalName, proxyAddresses, displayName, giveName, surname
//*********************************************************************
searchString = "ad";
Console.WriteLine("\nSearching for any user with string {0} in UPN,ProxyAddresses,DisplayName,First or Last Name", searchString);
FilterGenerator userMatchFilter = new FilterGenerator();
userMatchFilter.Top = 19;
Expression firstExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.UserPrincipalName, searchString);
Expression secondExpression = ExpressionHelper.CreateAnyExpression(typeof(User), GraphProperty.ProxyAddresses, "smtp:" + searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(firstExpression, secondExpression, ExpressionType.Or);
Expression thirdExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.DisplayName, searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, thirdExpression, ExpressionType.Or);
Expression fourthExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.GivenName, searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, fourthExpression, ExpressionType.Or);
Expression fifthExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.Surname, searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, fifthExpression, ExpressionType.Or);
PagedResults<User> serachResults = graphConnection.List<User>(null, userMatchFilter);
if (serachResults.Results.Count > 0)
{
foreach (User User in serachResults.Results)
{
Console.WriteLine("User DisplayName: {0} UPN: {1}", User.DisplayName, User.UserPrincipalName);
}
}
else
{
Console.WriteLine("User not found");
}
//*********************************************************************
// Search for a group using a startsWith filter (displayName property)
//*********************************************************************
Group retrievedGroup = new Group();
searchString = "Wash";
filter.QueryFilter = ExpressionHelper.CreateStartsWithExpression(typeof(Group), GraphProperty.DisplayName, searchString);
filter.Top = 99;
PagedResults<Group> pagedGroupResults = graphConnection.List<Group>(null, filter);
if (pagedGroupResults.Results.Count > 0)
{
retrievedGroup = pagedGroupResults.Results[0] as Group;
}
else
{
Console.WriteLine("Group Not Found");
}
if (retrievedGroup.ObjectId != null)
{
Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description);
//*********************************************************************
// get the groups' membership using GetAllDirectLinks -
// Note this method retrieves ALL links in one request - please use this method with care - this
// may return a very large number of objects
//*********************************************************************
GraphObject graphObj = (GraphObject)retrievedGroup;
IList<GraphObject> members = graphConnection.GetAllDirectLinks(graphObj, LinkProperty.Members);
if (members.Count > 0)
{
Console.WriteLine(" Members:");
foreach (GraphObject graphObject in members)
{
if (graphObject.ODataTypeName.Contains("User"))
{
User User = (User)graphObject;
Console.WriteLine("User DisplayName: {0} UPN: {1}", User.DisplayName, User.UserPrincipalName);
}
if (graphObject.ODataTypeName.Contains("Group"))
{
Group Group = (Group)graphObject;
Console.WriteLine("Group DisplayName: {0}", Group.DisplayName);
}
if (graphObject.ODataTypeName.Contains("Contact"))
{
Contact Contact = (Contact)graphObject;
Console.WriteLine("Contact DisplayName: {0}", Contact.DisplayName);
}
}
}
}
//*********************************************************************
// Search for a Role by displayName
//*********************************************************************
searchString = "Company Administrator";
filter.QueryFilter = ExpressionHelper.CreateStartsWithExpression(typeof(Role), GraphProperty.DisplayName, searchString);
PagedResults<Role> pagedRoleResults = graphConnection.List<Role>(null, null);
if (pagedRoleResults.Results.Count > 0)
{
foreach (GraphObject graphObject in pagedRoleResults.Results)
{
Role role = graphObject as Role;
if (role.DisplayName == searchString.Trim())
{
Console.WriteLine("\n Found Role: {0} {1} {2} ", role.DisplayName, role.Description, role.ObjectId);
}
}
}
else
{
Console.WriteLine("Role Not Found {0}",searchString);
}
//*********************************************************************
// get the Service Principals
//*********************************************************************
filter.Top = 999;
filter.QueryFilter = null;
PagedResults<ServicePrincipal> servicePrincipals = new PagedResults<ServicePrincipal>();
do
{
servicePrincipals = graphConnection.List<ServicePrincipal>(servicePrincipals.PageToken, filter);
if (servicePrincipals != null)
{
foreach (ServicePrincipal servicePrincipal in servicePrincipals.Results)
{
Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId, servicePrincipal.DisplayName);
}
}
} while (servicePrincipals.PageToken != null);
//*********************************************************************
// get the Application objects
//*********************************************************************
filter.Top = 999;
PagedResults<Application> applications = new PagedResults<Application>();
do
{
applications = graphConnection.List<Application>(applications.PageToken, filter);
if (applications != null)
{
foreach (Application application in applications.Results)
{
Console.WriteLine("Application AppId: {0} Name: {1}", application.AppId, application.DisplayName);
}
}
}while (applications.PageToken != null);
string targetAppId = applications.Results[0].ObjectId;
//********************************************************************************************
// We'll now switch to Authenticating using OAuth Authorization Code Grant
// which includes user Authentication/Delegation
//*********************************************************************************************
var redirectUri = new Uri("https://localhost");
string clientIdForUserAuthn = "66133929-66a4-4edc-aaee-13b04b03207d";
AuthenticationResult userAuthnResult = null;
try
{
userAuthnResult = authenticationContext.AcquireToken(resource, clientIdForUserAuthn, redirectUri, PromptBehavior.Always);
token = userAuthnResult.AccessToken;
Console.WriteLine("\n Welcome " + userAuthnResult.UserInfo.GivenName + " " + userAuthnResult.UserInfo.FamilyName);
}
catch (AuthenticationException ex)
{
string message = ex.Message;
if (ex.InnerException != null)
message += "InnerException : " + ex.InnerException.Message;
Console.WriteLine(message);
Console.ReadKey();
return;
}
// re-establish Graph connection using the new token
graphConnection = new GraphConnection(token, ClientRequestId, graphSettings);
//*********************************************************************************************
// Create a new User with a temp password
//*********************************************************************************************
User userToBeAdded = new User();
userToBeAdded.DisplayName = "Sample App Demo User";
userToBeAdded.UserPrincipalName = "SampleAppDemoUser@" + defaultDomain.Name;
userToBeAdded.AccountEnabled = true;
userToBeAdded.MailNickname = "SampleAppDemoUser";
userToBeAdded.PasswordProfile = new PasswordProfile();
userToBeAdded.PasswordProfile.Password = "******";
userToBeAdded.PasswordProfile.ForceChangePasswordNextLogin = true;
userToBeAdded.UsageLocation = "US";
User newlyCreatedUser = new User();
try
{
newlyCreatedUser = graphConnection.Add<User>(userToBeAdded);
Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nError creating new user {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// update the newly created user's Password, PasswordPolicies and City
//*********************************************************************************************
if (newlyCreatedUser.ObjectId != null)
{
string userObjectId = newlyCreatedUser.ObjectId;
// update User's city and reset their User's password
User updateUser = graphConnection.Get<User>(userObjectId);
updateUser.City = "Seattle";
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.Password = "******";
passwordProfile.ForceChangePasswordNextLogin = false;
updateUser.PasswordProfile = passwordProfile;
updateUser.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword";
try
{
graphConnection.Update(updateUser);
Console.WriteLine("\nUser {0} was updated", updateUser.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nError Updating the user {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// Add, then retrieve a thumbnailPhoto for the newly created user
//*********************************************************************************************
Bitmap thumbnailPhoto = new Bitmap(20, 20);
thumbnailPhoto.SetPixel(5, 5, Color.Beige);
thumbnailPhoto.SetPixel(5, 6, Color.Beige);
thumbnailPhoto.SetPixel(6, 5, Color.Beige);
thumbnailPhoto.SetPixel(6, 6, Color.Beige);
using (MemoryStream ms = new MemoryStream())
{
thumbnailPhoto.Save(ms, ImageFormat.Jpeg);
graphConnection.SetStreamProperty(newlyCreatedUser, GraphProperty.ThumbnailPhoto, ms, "image/jpeg");
// graphConnection.SetStreamProperty(newlyCreatedUser, "thumbnailPhoto", ms, "image/jpeg");
}
using (Stream ms = graphConnection.GetStreamProperty(newlyCreatedUser, GraphProperty.ThumbnailPhoto, "image/jpeg"))
{
Image jpegImage = Image.FromStream(ms);
}
//*********************************************************************************************
// User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service
// first get a list of Tenant's subscriptions and find the "Enterprisepack" one
// Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline
// validate that Subscription is Enabled and there are enough units left to assign to users
//*********************************************************************************************
PagedResults<SubscribedSku> skus = graphConnection.List<SubscribedSku>(null, null);
foreach (SubscribedSku sku in skus.Results)
{
if (sku.SkuPartNumber == "ENTERPRISEPACK")
if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) && (sku.CapabilityStatus == "Enabled"))
{
// create addLicense object and assign the Enterprise Sku GUID to the skuId
//
AssignedLicense addLicense = new AssignedLicense();
addLicense.SkuId = sku.SkuId.Value;
// find plan id of SharePoint Service Plan
foreach (ServicePlanInfo servicePlan in sku.ServicePlans)
{
if (servicePlan.ServicePlanName.Contains("SHAREPOINT"))
{
addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value);
break;
}
}
IList<AssignedLicense> licensesToAdd = new AssignedLicense[] { addLicense };
IList<Guid> licensesToRemove = new Guid[] { };
// attempt to assign the license object to the new user
try
{
graphConnection.AssignLicense(newlyCreatedUser, licensesToAdd, licensesToRemove);
Console.WriteLine("\n User {0} was assigned license {1}", newlyCreatedUser.DisplayName, addLicense.SkuId);
}
catch (GraphException graphException)
{
Console.WriteLine("\nLicense assingment failed {0} {1}", graphException.Code, graphException.Message);
}
}
}
//*********************************************************************************************
// Add User to the "WA" Group
//*********************************************************************************************
if (retrievedGroup.ObjectId != null)
{
try
{
graphConnection.AddLink(retrievedGroup, newlyCreatedUser, LinkProperty.Members);
Console.WriteLine("\nUser {0} was added to Group {1}", newlyCreatedUser.DisplayName, retrievedGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", graphException.Code, graphException.Message);
}
}
//*********************************************************************************************
// Create a new Group
//*********************************************************************************************
Group CaliforniaEmployees = new Group();
CaliforniaEmployees.DisplayName = "California Employees";
CaliforniaEmployees.Description = "Employees in the state of California";
CaliforniaEmployees.MailNickname = "CalEmployees";
CaliforniaEmployees.MailEnabled = false;
CaliforniaEmployees.SecurityEnabled = true;
Group newGroup = null;
try
{
newGroup = graphConnection.Add<Group>(CaliforniaEmployees);
Console.WriteLine("\nNew Group {0} was created", newGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nError creating new Group {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// Add the new User member to the new Group
//*********************************************************************************************
if (newGroup.ObjectId != null)
{
try
{
graphConnection.AddLink(newGroup, newlyCreatedUser, LinkProperty.Members);
Console.WriteLine("\nUser {0} was added to Group {1}", newlyCreatedUser.DisplayName, newGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", graphException.Code, graphException.Message);
}
}
//*********************************************************************************************
// Delete the user that we just created
//*********************************************************************************************
if (newlyCreatedUser.ObjectId != null)
{
try
{
graphConnection.Delete(newlyCreatedUser);
Console.WriteLine("\nUser {0} was deleted", newlyCreatedUser.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("Deleting User failed {0} {1}", graphException.Code, graphException.Message);
}
}
//*********************************************************************************************
// Delete the Group that we just created
//*********************************************************************************************
if (newGroup.ObjectId != null)
{
try
{
graphConnection.Delete(newGroup);
Console.WriteLine("\nGroup {0} was deleted", newGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("Deleting Group failed: {0} {1}", graphException.Code, graphException.Message);
}
}
}
//*********************************************************************************************
// Get a list of Mobile Devices from tenant
//*********************************************************************************************
Console.WriteLine("\nGetting Devices");
FilterGenerator deviceFilter = new FilterGenerator();
deviceFilter.Top = 999;
PagedResults<Device> devices = graphConnection.List<Device>(null, deviceFilter);
foreach(Device device in devices.Results)
{
if (device.ObjectId !=null)
{
Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType);
foreach (GraphObject owner in device.RegisteredOwners)
{
Console.WriteLine("Device Owner ID: " + owner.ObjectId);
}
}
}
//*********************************************************************************************
// Create a new Application object
//*********************************************************************************************
Application appObject = new Application();
appObject.DisplayName = "Test-Demo App";
appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid().ToString());
appObject.ReplyUrls.Add("https://localhost/demo");
// created Keycredential object for the new App object
KeyCredential KeyCredential = new KeyCredential();
KeyCredential.StartDate = DateTime.UtcNow;
KeyCredential.EndDate = DateTime.UtcNow.AddYears(1);
KeyCredential.Type = "Symmetric";
KeyCredential.Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4=");
KeyCredential.Usage = "Verify";
appObject.KeyCredentials.Add(KeyCredential);
GraphObject newApp = null;
try
{
newApp = graphConnection.Add(appObject);
Console.WriteLine("New Application created: " + newApp.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Application Creation execption: {0} {1}", graphException.Code, graphException.Message);
}
// Get the application object that was just created
if (newApp != null)
{
GraphObject app = graphConnection.Get(typeof(Application), newApp.ObjectId);
Application retrievedApp = (Application)app;
//*********************************************************************************************
// create a new Service principal
//*********************************************************************************************
ServicePrincipal newServicePrincpal = new ServicePrincipal();
newServicePrincpal.DisplayName = "Test-Demo App";
newServicePrincpal.AccountEnabled = true;
newServicePrincpal.AppId = retrievedApp.AppId;
GraphObject newSP = null;
try
{
newSP = graphConnection.Add<ServicePrincipal>(newServicePrincpal);
// newSP = graphConnection.Add(newServicePrincpal);
Console.WriteLine("New Service Principal created: " + newSP.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Service Principal Creation execption: {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// get all Permission Objects
//*********************************************************************************************
Console.WriteLine("\n Getting Permissions");
filter.Top = 999;
PagedResults<Permission> permissions = new PagedResults<Permission>();
do
{
try
{
permissions = graphConnection.List<Permission>(permissions.PageToken, filter);
}
catch (GraphException graphException)
{
Console.WriteLine("Error: {0} {1}", graphException.Code, graphException.Message);
break;
}
foreach (Permission permission in permissions.Results)
{
Console.WriteLine("Permission: {0} Name: {1}", permission.ClientId, permission.Scope);
}
} while (permissions.PageToken != null);
//*********************************************************************************************
// Create new permission object
//*********************************************************************************************
Permission permissionObject = new Permission();
permissionObject.ConsentType = "AllPrincipals";
permissionObject.Scope = "user_impersonation";
permissionObject.StartTime = DateTime.Now;
permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12);
// resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API)
permissionObject.ResourceId = "dbf73c3e-e80b-495b-a82f-2f772bb0a417";
//ClientId = objectId of servicePrincipal
permissionObject.ClientId = newSP.ObjectId;
GraphObject newPermission = null;
try
{
newPermission = graphConnection.Add(permissionObject);
Console.WriteLine("New Permission object created: " + newPermission.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Permission Creation exception: {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// Delete Application Objects
//*********************************************************************************************
if (retrievedApp.ObjectId != null)
{
try
{
graphConnection.Delete(retrievedApp);
Console.WriteLine("Deleting Application object: " + retrievedApp.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Application Deletion execption: {0} {1}", graphException.Code, graphException.Message);
}
}
}
//*********************************************************************************************
// Show Batching with 3 operators. Note: up to 5 operations can be in a batch
//*********************************************************************************************
// get users
Console.WriteLine("\n Executing Batch Request");
BatchRequestItem firstItem = new BatchRequestItem(
"GET",
false,
Utils.GetListUri<User>(graphConnection, null, new FilterGenerator()),
null,
String.Empty);
// get members of a Group
Uri membersUri = Utils.GetRequestUri<Group>(graphConnection, retrievedGroup.ObjectId, "members");
BatchRequestItem secondItem = new BatchRequestItem(
"GET",
false,
new Uri(membersUri.ToString()),
null,
String.Empty);
// update an existing group's Description property
retrievedGroup.Description = "New Employees in Washington State";
BatchRequestItem thirdItem = new BatchRequestItem(
"Patch",
true,
Utils.GetRequestUri<Group>(graphConnection,retrievedGroup.ObjectId),
null,
retrievedGroup.ToJson(true));
// Execute the batch requst
IList<BatchRequestItem> batchRequest = new BatchRequestItem[] { firstItem, secondItem, thirdItem };
IList<BatchResponseItem> batchResponses = graphConnection.ExecuteBatch(batchRequest);
int responseCount = 0;
foreach (BatchResponseItem responseItem in batchResponses)
{
if (responseItem.Failed)
{
Console.WriteLine("Failed: {0} {1}",
responseItem.Exception.Code,
responseItem.Exception.ErrorMessage);
}
else
{
Console.WriteLine("Batch Item Result {0} succeeded {1}",
responseCount++,
!responseItem.Failed);
}
}
// this next section shows how to access the signed-in user's mailbox.
// First we get a new token for Office365 Exchange Online Resource
// using the multi-resource refresh token tha was included when the previoius
// token was acquired.
// We can now request a new token for Office365 Exchange Online.
//
string office365Emailresource = "https://outlook.office365.com/";
string office365Token = null;
if (userAuthnResult.IsMultipleResourceRefreshToken)
{
userAuthnResult = authenticationContext.AcquireTokenByRefreshToken(userAuthnResult.RefreshToken, clientIdForUserAuthn, office365Emailresource);
office365Token = userAuthnResult.AccessToken;
//
// Call the Office365 API and retrieve the top item from the user's mailbox.
//
string requestUrl = "https://outlook.office365.com/EWS/OData/Me/Inbox/Messages?$top=1";
WebRequest getMailboxRequest;
getMailboxRequest = WebRequest.Create(requestUrl);
getMailboxRequest.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + office365Token);
Console.WriteLine("\n Getting the User's Mailbox Contents \n");
//
// Read the contents of the user's mailbox, and display to the console.
//
Stream objStream = null;
try
{
objStream = getMailboxRequest.GetResponse().GetResponseStream();
StreamReader objReader = new StreamReader(objStream);
string sLine = "";
int i = 0;
while (sLine != null)
{
i++;
sLine = objReader.ReadLine();
if (sLine != null)
{
Console.WriteLine("{0}:{1}", i, sLine);
}
}
}
catch (Exception ex)
{
Console.WriteLine("\n Error Getting User's Mailbox: {0} \n", ex.Message);
}
}
//*********************************************************************************************
// End of Demo Console App
//*********************************************************************************************
Console.WriteLine("\nCompleted at {0} \n ClientRequestId: {1}", CurrentDateTime, ClientRequestId);
Console.ReadKey();
return;
}
/// <summary>
/// Creates a view to delete an existing <see cref="Group"/>.
/// </summary>
/// <param name="objectId">Unique identifier of the <see cref="Group"/>.</param>
/// <returns>A view of the <see cref="Group"/> to be deleted.</returns>
public ActionResult Delete(string objectId)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
//Setup Graph API and get a single Group
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
Group group = graphConnection.Get<Group>(objectId);
return View(group);
}
catch (Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
private static void Test(GraphConnection graphConnection, string userUPN, string groupDisplayName)
{
Console.WriteLine("Is user {0} member of group {1}: {2}", userUPN, groupDisplayName, UserIsMemberOfGroup(graphConnection, userUPN, groupDisplayName));
}
