private Task <SecurityPolicyResult> EvaluateAsync(string userTenantId) { var credentialBuilder = new CredentialBuilder(); var fakes = new Fakes(); if (!string.IsNullOrEmpty(userTenantId)) { fakes.User.Credentials.Add( credentialBuilder.CreateExternalCredential( issuer: "AzureActiveDirectory", value: "value", identity: "identity", tenantId: userTenantId)); } foreach (var policy in RequireOrganizationTenantPolicy.Create(TenantId).Policies) { fakes.Organization.SecurityPolicies.Add(policy); } var context = new UserSecurityPolicyEvaluationContext( fakes.Organization.SecurityPolicies, sourceAccount: fakes.Organization, targetAccount: fakes.User ); return(RequireOrganizationTenantPolicy .Create() .EvaluateAsync(context)); }
private Task <SecurityPolicyResult> EvaluateAsync(string userTenantId) { var credentialBuilder = new CredentialBuilder(); var fakes = new Fakes(); if (!string.IsNullOrEmpty(userTenantId)) { // We can only have a single AAD account, remove previous one if present. var aadCredential = fakes.User.Credentials.Single(c => c.Type.Contains(CredentialTypes.External.AzureActiveDirectoryAccount)); if (aadCredential != null) { fakes.User.Credentials.Remove(aadCredential); } // Add the new AAD credential fakes.User.Credentials.Add( credentialBuilder.CreateExternalCredential( issuer: "AzureActiveDirectory", value: "value", identity: "identity", tenantId: userTenantId)); } foreach (var policy in RequireOrganizationTenantPolicy.Create(TenantId).Policies) { fakes.Organization.SecurityPolicies.Add(policy); } var context = new UserSecurityPolicyEvaluationContext( fakes.Organization.SecurityPolicies, sourceAccount: fakes.Organization, targetAccount: fakes.User ); return(RequireOrganizationTenantPolicy .Create() .EvaluateAsync(context)); }