public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request) { var azureToken = request.DataStore.GetJson("AzureToken"); var subscription = request.DataStore.GetJson("SelectedSubscription", "SubscriptionId"); JObject graphToken = AzureTokenUtility.GetTokenForResource(request, azureToken, "https://graph.windows.net"); var tenantId = AzureUtility.GetTenantFromToken(request.DataStore.GetJson("AzureToken")); // Generate new key for ClientSecret string key = GetNewKey(); string graphUriBase = "https://graph.windows.net/{0}/applications"; string graphApi = string.Format(graphUriBase, tenantId); AzureHttpClient client = new AzureHttpClient(graphToken["access_token"].ToString(), subscription); dynamic payload = new ExpandoObject(); payload.displayName = "solutiontemplate"; payload.availableToOtherTenants = false; payload.homepage = "www.test.com"; payload.identifierUris = new string[1]; payload.identifierUris[0] = "https://test.com/" + RandomGenerator.GetRandomLowerCaseCharacters(10); payload.passwordCredentials = new ExpandoObject[1]; payload.passwordCredentials[0] = new ExpandoObject(); payload.passwordCredentials[0].startDate = DateTime.UtcNow.ToString("o"); payload.passwordCredentials[0].endDate = DateTime.UtcNow.AddYears(3).ToString("o"); payload.passwordCredentials[0].keyId = Guid.NewGuid(); payload.passwordCredentials[0].value = key; string body = JsonUtility.GetJsonStringFromObject(payload); var response = await client.ExecuteGenericRequestWithHeaderAsync(HttpMethod.Post, graphApi + "?api-version=1.6", body); string responseBody = await response.Content.ReadAsStringAsync(); JObject responseBodyObj = JsonUtility.GetJObjectFromJsonString(responseBody); if (response.IsSuccessStatusCode) { string appId = responseBodyObj["appId"].ToString(); string obbId = responseBodyObj["objectId"].ToString(); responseBodyObj.Add("SPNAppId", appId); responseBodyObj.Add("SPNKey", key); responseBodyObj.Add("SPNUser", "app:" + appId + "@" + tenantId); responseBodyObj.Add("SPNTenantId", tenantId); // Delete the SPN if required //string graphUriBaseWithApplication = "https://graph.windows.net/{0}/applications/{1}"; //string graphApiWithApp = string.Format(graphUriBaseWithApplication, tenantId, obbId); //response = await client.ExecuteGenericRequestWithHeaderAsync(HttpMethod.Delete, graphApiWithApp + "?api-version=1.6", body); return(new ActionResponse(ActionStatus.Success, responseBodyObj, true)); } return(new ActionResponse(ActionStatus.Failure, responseBody, null, null, "Unable to create a Service Principal")); }
public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request) { string code = request.DataStore.GetValue("code"); string aadTenant = request.DataStore.GetValue("AADTenant"); string oauthType = (request.DataStore.GetValue("oauthType") ?? string.Empty).ToLowerInvariant(); JObject token = new JObject(); token = oauthType == "mscrm" ? AzureTokenUtility.GetTokenForResourceFromCode(Constants.AzureManagementCoreApi, Constants.MsCrmClientId, aadTenant, request.Info.WebsiteRootUrl, code) : AzureTokenUtility.GetTokenForResourceFromCode(oauthType, aadTenant, request.Info.WebsiteRootUrl, code); if (token.SelectToken("error") != null) { return(new ActionResponse(ActionStatus.Failure, token, null, DefaultErrorCodes.DefaultLoginFailed, token.SelectToken("error_description")?.ToString())); } var emailAddress = AzureUtility.GetEmailFromToken(token); if (emailAddress.Contains('#')) { emailAddress = emailAddress.Split('#')?[1]; } request.DataStore.AddToDataStore("EmailAddress", emailAddress); switch (oauthType) { case "keyvault": request.DataStore.AddToDataStore("AzureTokenKV", token); break; case "as": request.DataStore.AddToDataStore("AzureTokenAS", token); break; case "mscrm": JObject crmToken = AzureTokenUtility.GetTokenForResourceFromExistingToken(oauthType, request.Info.WebsiteRootUrl, token, Constants.MsCrmResource); request.DataStore.AddToDataStore("MsCrmToken", crmToken); request.DataStore.AddToDataStore("AzureToken", token); break; case "powerbi": request.DataStore.AddToDataStore("PBIToken", token); request.DataStore.AddToDataStore("DirectoryName", emailAddress.Split('@').Last()); request.DataStore.AddToDataStore("PowerBITenantId", AzureUtility.GetTenantFromToken(token)); break; default: request.DataStore.AddToDataStore("AzureToken", token); var tenantId = AzureUtility.GetTenantFromToken(token); var directoryName = emailAddress.Split('@').Last(); request.DataStore.AddToDataStore("DirectoryName", directoryName); request.DataStore.AddToDataStore("PowerBITenantId", tenantId); break; } return(new ActionResponse(ActionStatus.Success, token, true)); }
public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request) { var tenant = request.DataStore.GetFirstValue("SPNTenantId"); var clientId = request.DataStore.GetFirstValue("SPNAppId"); string authBase = string.Format(Constants.AzureAuthUri, tenant); string authUri = AzureTokenUtility.GetAuthUriForServicePrincipal(clientId, authBase, request.Info.WebsiteRootUrl + Constants.WebsiteRedirectPath); // hack to allow the SPN to be propagated in AD await Task.Delay(50000); return(new ActionResponse(ActionStatus.Success, JsonUtility.GetJObjectFromStringValue(authUri.ToString()))); }
public static JObject GetTokenForResourceFromCode(AzureTokenRequestMeta meta, string tenantId, string redirect, string code) { JObject tokenObj; using (HttpClient httpClient = new HttpClient()) { string tokenUrl = string.Format(Constants.AzureTokenUri, tenantId); string token = AzureTokenUtility.GetTokenBodyFromCode(code, meta.Resource, redirect, meta.ClientId); StringContent content = new StringContent(token); content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded"); string response2 = httpClient.PostAsync(new Uri(tokenUrl), content).Result.Content.AsString(); tokenObj = JsonUtility.GetJsonObjectFromJsonString(response2); } return(tokenObj); }
public static JObject GetTokenForResourceFromExistingToken(string oauthType, string redirect, JToken tokenWithRefresh, string resource) { JObject tokenObj; using (HttpClient httpClient = new HttpClient()) { string tenantId = AzureUtility.GetTenantFromToken(tokenWithRefresh); string refreshToken = AzureUtility.GetRefreshToken(tokenWithRefresh); string tokenUrl = string.Format(Constants.AzureTokenUri, tenantId); var tokenMeta = GetMetaFromOAuthType(oauthType); string token = AzureTokenUtility.GetTokenBodyFromRefreshToken(refreshToken, resource, redirect, tokenMeta.ClientId); StringContent content = new StringContent(token); content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded"); string response2 = httpClient.PostAsync(new Uri(tokenUrl), content).Result.Content.AsString(); tokenObj = JsonUtility.GetJsonObjectFromJsonString(response2); } return(tokenObj); }
public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request) { var aadTenant = request.DataStore.GetValue("AADTenant"); string authBase = string.Format(Constants.AzureAuthUri, aadTenant); string oauthType = (request.DataStore.GetValue("oauthType") ?? string.Empty).ToLowerInvariant(); switch (oauthType) { case "keyvault": var registrationResponse = RegisterKeyVault(request); if (!registrationResponse.IsSuccess) { return(registrationResponse); } break; } string authUri = AzureTokenUtility.GetAzureAuthUri(oauthType, request.Info.WebsiteRootUrl + Constants.WebsiteRedirectPath, authBase); return(new ActionResponse(ActionStatus.Success, JsonUtility.GetJObjectFromStringValue(authUri.ToString()))); }
public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request) { // Handle Azure token slightly diffrent - depends on client id if (request.DataStore.GetValue("MsCrmToken") == null && request.DataStore.GetValue("AzureToken") != null && request.DataStore.GetJson("AzureToken", "expires_on") != null) { var expiryDateTime = UnixTimeStampToDateTime(request.DataStore.GetJson("AzureToken", "expires_on")); if ((expiryDateTime - DateTime.Now).TotalMinutes < 5) { var dataStoreItem = request.DataStore.GetDataStoreItem("AzureToken"); var meta = AzureTokenUtility.GetMetaFromOAuthType(""); var newToken = AzureTokenUtility.GetTokenForResourceFromExistingToken("", request.Info.WebsiteRootUrl, dataStoreItem.Value, meta.Resource); UpdateToken(dataStoreItem.Value, newToken); } } // Handle Azure token slightly diffrent - depends on client id - use mscrm client id to refresh the token // Checks for both tokens in the CRMSalesManagement case if (request.DataStore.GetValue("MsCrmToken") != null && request.DataStore.GetValue("AzureToken") != null && request.DataStore.GetJson("AzureToken", "expires_on") != null) { var expiryDateTime = UnixTimeStampToDateTime(request.DataStore.GetJson("AzureToken", "expires_on")); if ((expiryDateTime - DateTime.Now).TotalMinutes < 5) { var dataStoreItem = request.DataStore.GetDataStoreItem("AzureToken"); var meta = AzureTokenUtility.GetMetaFromOAuthType("mscrm"); var newToken = AzureTokenUtility.GetTokenForResourceFromExistingToken("mscrm", request.Info.WebsiteRootUrl, dataStoreItem.Value, Constants.AzureManagementCoreApi); UpdateToken(dataStoreItem.Value, newToken); } } if (request.DataStore.GetValue("AzureTokenKV") != null && request.DataStore.GetJson("AzureTokenKV", "expires_on") != null) { var expiryDateTime = UnixTimeStampToDateTime(request.DataStore.GetJson("AzureTokenKV", "expires_on")); if ((expiryDateTime - DateTime.Now).TotalMinutes < 5) { var dataStoreItem = request.DataStore.GetDataStoreItem("AzureTokenKV"); var meta = AzureTokenUtility.GetMetaFromOAuthType("keyvault"); var newToken = AzureTokenUtility.GetTokenForResourceFromExistingToken("keyvault", request.Info.WebsiteRootUrl, dataStoreItem.Value, meta.Resource); UpdateToken(dataStoreItem.Value, newToken); } } // Checks for crmtoken expiry in CrmSalesManagement if (request.DataStore.GetValue("MsCrmToken") != null && request.DataStore.GetJson("MsCrmToken", "expires_on") != null) { var expiryDateTime = UnixTimeStampToDateTime(request.DataStore.GetJson("MsCrmToken", "expires_on")); if ((expiryDateTime - DateTime.Now).TotalMinutes < 5) { var dataStoreItem = request.DataStore.GetDataStoreItem("MsCrmToken"); var meta = AzureTokenUtility.GetMetaFromOAuthType("mscrm"); var newToken = AzureTokenUtility.GetTokenForResourceFromExistingToken("mscrm", request.Info.WebsiteRootUrl, dataStoreItem.Value, meta.Resource); UpdateToken(dataStoreItem.Value, newToken); } } if (request.DataStore.GetValue("AzureTokenAS") != null && request.DataStore.GetJson("AzureTokenAS", "expires_on") != null) { var expiryDateTime = UnixTimeStampToDateTime(request.DataStore.GetJson("AzureTokenAS", "expires_on")); if ((expiryDateTime - DateTime.Now).TotalMinutes < 5) { var dataStoreItem = request.DataStore.GetDataStoreItem("AzureTokenAS"); var meta = AzureTokenUtility.GetMetaFromOAuthType("as"); var newToken = AzureTokenUtility.GetTokenForResourceFromExistingToken("as", request.Info.WebsiteRootUrl, dataStoreItem.Value, meta.Resource); UpdateToken(dataStoreItem.Value, newToken); } } return(new ActionResponse(ActionStatus.Success)); }
public static JObject GetTokenForResourceFromCode(string oauthType, string tenantId, string redirect, string code) { var meta = AzureTokenUtility.GetMetaFromOAuthType(oauthType); return(GetTokenForResourceFromCode(meta, tenantId, redirect, code)); }