connected to sharepoint by OzBob · Pull Request #52 · microsoft/hack-together

This repository was archived by the owner on Mar 31, 2023. It is now read-only.

src/SharepointFileSystem/0Console/.gitignore

Large diffs are not rendered by default.

src/SharepointFileSystem/0Console/AppCreationScripts/Cleanup.ps1

-Original file line number
+Diff line change
@@ -0,0 +1,66 @@
+    [CmdletBinding()]
+    param(
+        [PSCredential] $Credential,
+        [Parameter(Mandatory=$False, HelpMessage='MS Graph application name, must be URL safe characters, e.g. no spaces and & etc.')]
+        [string] $appName,
+        [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+        [string] $tenantId
+    )
+    if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) {
+        Install-Module "AzureAD" -Scope CurrentUser
+    }
+    Import-Module AzureAD
+    $ErrorActionPreference = 'Stop'
+    Function Cleanup
+    {
+    <#
+    .Description
+    This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
+    #>
+        # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
+        # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
+        # Login to Azure PowerShell (interactive if credentials are not already provided:
+        # you'll need to sign-in with creds enabling your to create apps in the tenant)
+        if (!$Credential -and $TenantId)
+        {
+            $creds = Connect-AzureAD -TenantId $tenantId
+        }
+        else
+        {
+            if (!$TenantId)
+            {
+                $creds = Connect-AzureAD -Credential $Credential
+            }
+            else
+            {
+                $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
+            }
+        }
+        if (!$tenantId)
+        {
+            $tenantId = $creds.Tenant.Id
+        }
+        $tenant = Get-AzureADTenantDetail
+        $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
+        # Removes the applications
+        Write-Host "Cleaning-up applications from tenant '$tenantName'"
+        Write-Host "Removing 'client' ($appName) if needed"
+        $apps=Get-AzureADApplication -Filter "DisplayName eq '$appName'"
+        foreach ($app in $apps)
+        {
+            Remove-AzureADApplication -ObjectId $app.ObjectId
+            Write-Host "Removed."
+        }
+    }
+    Cleanup -Credential $Credential -tenantId $TenantId

src/SharepointFileSystem/0Console/AppCreationScripts/Configure.ps1

-Original file line number
+Diff line change
@@ -0,0 +1,213 @@
+    [CmdletBinding()]
+    param(
+        [PSCredential] $Credential,
+    	[Parameter(Mandatory=$False, HelpMessage='MS Graph application display name')]
+    	[string] $displayName,
+        [Parameter(Mandatory=$False, HelpMessage='MS Graph application name, must be URL safe characters, e.g. no spaces and & etc.')]
+        [string] $appName,
+        [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+        [string] $tenantId
+    )
+    <#
+     This script creates the Azure AD applications needed for this sample and updates the configuration files
+     for the visual Studio projects from the data in the Azure AD applications.
+     Before running this script you need to install the AzureAD cmdlets as an administrator.
+     For this:
+) Run Powershell as an administrator
+) in the PowerShell window, type: Install-Module AzureAD
+     There are four ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
+    #>
+    # Create a password that can be used as an application key
+    Function ComputePassword
+    {
+        $aesManaged = New-Object "System.Security.Cryptography.AesManaged"
+        $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
+        $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
+        $aesManaged.BlockSize = 128
+        $aesManaged.KeySize = 256
+        $aesManaged.GenerateKey()
+        return [System.Convert]::ToBase64String($aesManaged.Key)
+    }
+    # Create an application key
+    # See https://www.sabin.io/blog/adding-an-azure-active-directory-application-and-key-using-powershell/
+    Function CreateAppKey([DateTime] $fromDate, [double] $durationInYears, [string]$pw)
+    {
+        $endDate = $fromDate.AddYears($durationInYears)
+        $keyId = (New-Guid).ToString();
+        $key = New-Object Microsoft.Open.AzureAD.Model.PasswordCredential
+        $key.StartDate = $fromDate
+        $key.EndDate = $endDate
+        $key.Value = $pw
+        $key.KeyId = $keyId
+        return $key
+    }
+    # Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure
+    # The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is
+    # described in $permissionType
+    Function AddResourcePermission($requiredAccess, `
+                                   $exposedPermissions, [string]$requiredAccesses, [string]$permissionType)
+    {
+            foreach($permission in $requiredAccesses.Trim().Split("|"))
+            {
+                foreach($exposedPermission in $exposedPermissions)
+                {
+                    if ($exposedPermission.Value -eq $permission)
+                     {
+                        $resourceAccess = New-Object Microsoft.Open.AzureAD.Model.ResourceAccess
+                        $resourceAccess.Type = $permissionType # Scope = Delegated permissions | Role = Application permissions
+                        $resourceAccess.Id = $exposedPermission.Id # Read directory data
+                        $requiredAccess.ResourceAccess.Add($resourceAccess)
+                     }
+                }
+            }
+    }
+    #
+    # Exemple: GetRequiredPermissions "Microsoft Graph"  "Graph.Read|User.Read"
+    # See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell
+    Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal)
+    {
+        # If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)
+        if ($servicePrincipal)
+        {
+            $sp = $servicePrincipal
+        }
+        else
+        {
+            $sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '$applicationDisplayName'"
+        }
+        $appid = $sp.AppId
+        $requiredAccess = New-Object Microsoft.Open.AzureAD.Model.RequiredResourceAccess
+        $requiredAccess.ResourceAppId = $appid
+        $requiredAccess.ResourceAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ResourceAccess]
+        # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:
+        if ($requiredDelegatedPermissions)
+        {
+            AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2Permissions -requiredAccesses $requiredDelegatedPermissions -permissionType "Scope"
+        }
+        # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application
+        if ($requiredApplicationPermissions)
+        {
+            AddResourcePermission $requiredAccess -exposedPermissions $sp.AppRoles -requiredAccesses $requiredApplicationPermissions -permissionType "Role"
+        }
+        return $requiredAccess
+    }
+    Set-Content -Value "<html><body><table>" -Path createdApps.html
+    Add-Content -Value "<thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>" -Path createdApps.html
+    Function ConfigureApplications
+    {
+    <#.Description
+       This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
+       configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
+       so that they are consistent with the Applications parameters
+    #>
+        # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
+        # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
+        # Login to Azure PowerShell (interactive if credentials are not already provided:
+        # you'll need to sign-in with creds enabling you to create apps in the tenant)
+        if (!$Credential -and $TenantId)
+        {
+            $creds = Connect-AzureAD -TenantId $tenantId
+        }
+        else
+        {
+            if (!$TenantId)
+            {
+                $creds = Connect-AzureAD -Credential $Credential
+            }
+            else
+            {
+                $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
+            }
+        }
+        if (!$tenantId)
+        {
+            $tenantId = $creds.Tenant.Id
+        }
+        $tenant = Get-AzureADTenantDetail
+        $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
+        # Get the user running the script
+        $user = Get-AzureADUser -ObjectId $creds.Account.Id
+       # Create the client AAD application
+       Write-Host "Creating the AAD application ($appName)"
+       # Get a 2 years application key for the client Application
+       $pw = ComputePassword
+       $fromDate = [DateTime]::Now;
+       $key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
+       $clientAppKey = $pw
+       $clientAadApplication = New-AzureADApplication -DisplayName "$displayName" `
+                                                      -ReplyUrls "https://$appName" `
+                                                      -IdentifierUris "https://$tenantName/$appName" `
+                                                      -PasswordCredentials $key `
+                                                      -PublicClient $False
+       $currentAppId = $clientAadApplication.AppId
+       $clientServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
+       # add the user running the script as an app owner if needed
+       $owner = Get-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId
+       if ($owner -eq $null)
+       {
+        Add-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId -RefObjectId $user.ObjectId
+        Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
+       }
+       Write-Host "Done creating the client application ($appName)"
+       # URL of the AAD application in the Azure portal
+       # Future? $clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
+       $clientPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
+       Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>$appName</a></td></tr>" -Path createdApps.html
+       $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
+       # Add Required Resources Access (from 'client' to 'Microsoft Graph')
+       Write-Host "Getting access from 'client' to 'Microsoft Graph'"
+       $requiredPermissions = GetRequiredPermissions -applicationDisplayName "Microsoft Graph" `
+                                                    -requiredApplicationPermissions "User.Read.All";
+       $requiredResourcesAccess.Add($requiredPermissions)
+       Set-AzureADApplication -ObjectId $clientAadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess
+       Write-Host "Granted permissions."
+       # Update config file for 'client'
+       $configFile = $pwd.Path + "\..\appsettings.json"
+       Write-Host "Updating the sample code ($configFile)"
+       $certificateDescriptor = @{ };
+       $dictionary = [ordered]@{ "Instance" = "https://login.microsoftonline.com/{0}"; "ApiUrl" = "https://graph.microsoft.com/";"Tenant" = $tenantName;"ClientId" = $clientAadApplication.AppId;"ClientSecret" = $clientAppKey;"CertificateName" = "CN=DaemonConsoleCert"; "Certificate" = $certificateDescriptor };
+       $dictionary | ConvertTo-Json | Out-File $configFile
+       Write-Host ""
+       Write-Host "IMPORTANT: Please follow the instructions below to complete a few manual step(s) in the Azure portal":
+       Write-Host "- For 'client'"
+       Write-Host "  - Navigate to '$clientPortalUrl'"
+       Write-Host "  - Navigate to the API permissions page and click on 'Grant admin consent for {tenant}'"
+       Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html
+    }
+    # Pre-requisites
+    if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) {
+        Install-Module "AzureAD" -Scope CurrentUser
+    }
+    Import-Module AzureAD
+    # Run interactively (will ask you for the tenant ID)
+    ConfigureApplications -Credential $Credential -tenantId $TenantId

src/SharepointFileSystem/0Console/AppCreationScripts/RegisterApp.ps1

-Original file line number
+Diff line change
@@ -0,0 +1,13 @@
+    ##Switch-AzureMode AzureResourceManager
+    ##Connect-AzAccount
+    ##Update-Module -Name Az
+    ##az login
+    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
+    Install-Module AzureAD
+    $tenantId = "yourTenantIdGuid"
+    $appname = "daemon-console"
+    $displayname = "MSGraph Daemon Console Test App"
+    ## if running the registration a 2nd time, uncomment this line
+    #. .\Cleanup.ps1 -TenantId $tenantId
+    . .\Configure.ps1 -TenantId $tenantId -AppName $appname -DisplayName $displayname

src/SharepointFileSystem/0Console/AppCreationScripts/createdApps.html

-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    <html><body><table>
+    <thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>
+    <tr><td>client</td><td>0aac9e6f-f2ab-40c4-8332-ef588854d90d</td><td><a href='https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/0aac9e6f-f2ab-40c4-8332-ef588854d90d/objectId/77d8defe-2a09-4ad7-ba59-f72acd0d967e/isMSAApp/'>daemon-console</a></td></tr>
+    </tbody></table></body></html>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

connected to sharepoint #52

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!