Software/Visual_Studio/Tango.Web/ActiveDirectory/ActiveDirectoryManager.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.Azure.ActiveDirectory.GraphClient.Extensions;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace Tango.Web.ActiveDirectory
{
    public class ActiveDirectoryManager
    {
        private String _service_root = $"https://login.microsoftonline.com/{WebConfig.TENANT_ID}";

        public AuthenticationResult ValidateUserCredentials(String email, String password)
        {
            var authContext = new AuthenticationContext(_service_root);
            authContext.TokenCache.Clear();
            UserCredential userCredential = new UserPasswordCredential(email, password);
            AuthenticationResult authResult = authContext.AcquireTokenAsync("https://graph.windows.net/", WebConfig.CLIENT_ID, userCredential).Result;
            return authResult;
        }

        private AuthenticationResult GetAppAuthenticationResult()
        {
            var authContext = new AuthenticationContext(_service_root);
            ClientCredential clientCredentials = new ClientCredential(WebConfig.CLIENT_ID, WebConfig.APP_SECRET);
            AuthenticationResult authResult = authContext.AcquireTokenAsync("https://graph.windows.net/", clientCredentials).Result;
            return authResult;
        }

        public List<Group> GetUserGroups(String email)
        {
            var authResult = GetAppAuthenticationResult();
            ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri($"https://graph.windows.net/{WebConfig.TENANT_ID}"), async () => await Task.FromResult(authResult.AccessToken));
            var user = activeDirectoryClient.Users.Where(x => x.UserPrincipalName == email).ExecuteSingleAsync().Result;

            var userFetcher = (IUserFetcher)user;

            List<Group> groups = new List<Group>();

            IPagedCollection<IDirectoryObject> pagedCollection = userFetcher.MemberOf.ExecuteAsync().Result;
            do
            {
                List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
                foreach (IDirectoryObject directoryObject in directoryObjects)
                {
                    if (directoryObject is Group)
                    {
                        var group = directoryObject as Group;
                        groups.Add(group);
                    }
                }
                pagedCollection = pagedCollection.GetNextPageAsync().Result;
            } while (pagedCollection != null);

            return groups;
        }

        public bool CanUserAccessCurrentEnvironment(String email)
        {
            var groups = GetUserGroups(email);
            return groups.Exists(x => x.DisplayName == WebConfig.ENVIRONMENT_GROUP);
        }
    }
}