Demonstrates use of the AAD Grpah API to perform common read and write operations on Users, Groups, Group Membership, Roles, Tenant information, Service Principals, and Applications.
Pre-Requisites
To make connection to your own azure active directory using the Graph API,You need to make the application and get client id and recreate key from the azure portal
Register the sample app for your own tenant
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory -Version 3.19.8.
Add following constant values in to the constants.cs file
public const string TenantName = “samplesolution.onmicrosoft.com”;
public const string TenantId = “8f4455df-8ae6-454d-bd00-e53e5f87f050”;
public const string ClientId = “3db07cc2-3c44-4f13-ca43-8edcbe130a29”;
public const string ClientSecret = “ItcmltZpNj4UiRItqJUsT8P2G3Fx6HY9RCU/l9vizpQ=”;
public const string ResourceUrl = “https://graph.windows.net”;
public const string authority=”https://login.windows.net/”CommonConstants.TenantName;
Secret key = key value which we have get from azure portal while generate the key.Code to create a ActiveDirectoryClient
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Net.Http.Headers;
using System.Threading.Tasks;static void Main(string[] args)
{
ActiveDirectoryClient activeDirectoryClient = GetActiveDirectoryClientAsApplication();// Get user based on email address.
// We can get the user from Azure AD using below method.We can get user based on UPN(User Principal Name,UserType) ;
Microsoft.Azure.ActiveDirectory.GraphClient.User user = (Microsoft.Azure.ActiveDirectory.GraphClient.User)activeDirectoryClient.Users.Where(u => u.Mail.Equals(mailAddress)).ExecuteAsync().Result.CurrentPage.FirstOrDefault();// Get application from the Azure AD which we have configured earlier.
Application application = (Application)activeDirectoryClient.Applications.Where(app => app.AppId.Equals(Constants.CommonConstants.ClientId)).ExecuteAsync().Result.CurrentPage.FirstOrDefault();// Get approle from selected application
// App role is define in to the manifest file.
AppRole appRole = application.AppRoles.Where(role => role.Id.Equals(Guid.Parse(Constants.ApplicationConstants.AppRoleID))).FirstOrDefault();// We can create new app role from below code.
//Create App Role
AppRole appRole = new AppRole();
appRole.Id = Guid.NewGuid();
appRole.IsEnabled = true;
appRole.AllowedMemberTypes.Add(“User”);
appRole.DisplayName = “Something”;
appRole.Description = “Anything”;
appRole.Value = “policy.write”;
application.AppRoles.Add(appRole);
application.UpdateAsync().Wait();// Get Service principal from active directory
ServicePrincipal servicePrincipal = (ServicePrincipal)activeDirectoryClient.ServicePrincipals.Where(service => service.AppId.Equals(Constants.CommonConstants.ClientId)).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
// Assign user to application in azure active directory
AppRoleAssignment appRoleAssignment = new AppRoleAssignment();
appRoleAssignment.Id = appRole.Id;
appRoleAssignment.ResourceId = Guid.Parse(servicePrincipal.ObjectId);
appRoleAssignment.PrincipalType = “User”;
appRoleAssignment.PrincipalId = Guid.Parse(user.ObjectId);
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
}
public static ActiveDirectoryClient GetActiveDirectoryClientAsApplication()
{
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri(new Uri(Constants.AzureConstants.ResourceUrl), Constants.CommonConstants.TenantId),
async () => await AcquireTokenAsyncForApplication());
return activeDirectoryClient;}public static async Task<string> AcquireTokenAsyncForApplication()
{
return GetAccessTokenAzure();
}public static string GetAccessTokenAzure()
{
AuthenticationContext authContext = new AuthenticationContext(Constants.AzureConstants.authority, null);
ClientCredential creds = new ClientCredential(Constants.CommonConstants.ClientId, Constants.CommonConstants.ClientSecret);AuthenticationResult authenticationResult = authContext.AcquireTokenAsync(Constants.AzureConstants.ResourceUrl, creds).Result;
string accessToken = authenticationResult.AccessToken;
return accessToken;
}