private static async Task <bool> RemoveGroupOwner(string grpName, string userName)
{
try
{
// get object id for userPrincipalName
var userObjectId = GetUserObjectId(userName).GetAwaiter().GetResult();
// get object id fro group name
var groupObjectId = GetGroupObjectId(grpName).GetAwaiter().GetResult();
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// call MS Graph Api function that attaches a member to the group
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.DeleteWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/groups/{groupObjectId}/owners/{userObjectId}/$ref",
Program.AuthenticationResult.AccessToken);
return(true);
}
catch (Exception ex)
{
return(false);
}
}
private static async Task CreateGroup(string jsonGroup)
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
Debug.WriteLine("===================== Create Alvianda group: =======================");
try
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.PostWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/groups",
jsonGroup,
Program.AuthenticationResult.AccessToken,
Display);
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
}
finally
{
Debug.WriteLine("========================= End list ==========================================");
}
}
public static async Task <string> GetGroupObjectId(string groupname)
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
try
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
var result = await apiCaller.GetWebApiAndReturnResultAsync($"{config.ApiUrl}v1.0/groups", Program.AuthenticationResult.AccessToken, Display);
// TODO get the group is based on group name (query json result)
string groupId = string.Empty;
foreach (var group in JObject.Parse(result)["value"].ToList())
{
if (group["displayName"].ToString() == groupname)
{
groupId = group["id"].ToString();
break;
}
}
return(groupId);
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
return(null);
}
}
private static async Task <bool> AddGroupMember(string grpName, string userName)
{
try
{
// get object id for userPrincipalName
var userObjectId = GetUserObjectId(userName).GetAwaiter().GetResult();
// get object id fro group name
var groupObjectId = GetGroupObjectId(grpName).GetAwaiter().GetResult();
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// call MS Graph Api function that attaches a member to the group
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
var payloadUrl = "{'@odata.id': 'https://graph.microsoft.com/v1.0/directoryObjects/" + userObjectId + "'}";
await apiCaller.PostWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/groups/{groupObjectId}/members/$ref",
payloadUrl,
Program.AuthenticationResult.AccessToken, null);
return(true);
}
catch (Exception ex)
{
return(false);
}
}
private static async Task GetClientApplicationToken()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator.
string[] scopes = new string[] { $"{config.ApiUrl}.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Debug.WriteLine("Token acquired");
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Debug.WriteLine("Scope provided is not supported");
}
if (result != null)
{
AuthenticationResult = result;
}
}
private static async Task <AuthenticationResult> Login()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
AuthenticationResult authResult = null;
string[] scopes = new string[] { "user.read", "Directory.Read.All", "Directory.ReadWrite.All" };
try
{
var _clientId = config.ClientId; // this is an app client that allows 'client app' authentication
var _instance = config.Instance.Replace("{0}", "");
var _tenant = config.Tenant;
_clientApp = PublicClientApplicationBuilder.Create(_clientId)
.WithAuthority($"{_instance}{_tenant}")
//.WithAuthority(new Uri(config.Authority))
.WithDefaultRedirectUri()
//.WithRedirectUri("msal2676c812-ca98-4688-ad5c-9dcb92096171://auth")
.Build();
authResult = await Program.PublicClientApp.AcquireTokenInteractive(scopes)
.ExecuteAsync();
}
//catch (MsalUiRequiredException ex)
//{
// // A MsalUiRequiredException happened on AcquireTokenSilent.
// // This indicates you need to call AcquireTokenInteractive to acquire a token
// System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
// try
// {
// authResult = await Program.PublicClientApp.AcquireTokenInteractive(scopes)
// //.WithAccount(accounts.FirstOrDefault())
// //.WithPrompt(Prompt.SelectAccount)
// .ExecuteAsync();
// }
// catch (MsalException msalex)
// {
// Debug.WriteLine($"Error Acquiring Token:{System.Environment.NewLine}{msalex}");
// }
//}
catch (MsalException msalex)
{
Debug.WriteLine($"Error Acquiring Token:{System.Environment.NewLine}{msalex}");
}
catch (Exception ex)
{
Debug.WriteLine($"Error Acquiring Token:{System.Environment.NewLine}{ex}");
}
return(authResult);
}
private static async Task DeleteGroup(string groupName)
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
try
{
var groupId = MsGraphFacade.GetGroupObjectId(groupName).GetAwaiter().GetResult();
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.DeleteWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/groups/{groupId}", Program.AuthenticationResult.AccessToken);
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
}
}
public static async Task <string> GetUserObjectId(string username)
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
try
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
var result = await apiCaller.GetWebApiAndReturnResultAsync($"{config.ApiUrl}v1.0/users/{username}", Program.AuthenticationResult.AccessToken, Display);
// TODO get the group is based on group name (query json result)
string userId = JObject.Parse(result)["id"].ToString();
return(userId);
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
return(null);
}
}
