I am using the ActiveDirectory GraphClient library by Microsoft to access an Azure AD.
In my IActiveDirectoryClient object I can access all users by using the collection in Users property.
By using the ExecuteAsync() method I can load all users, rooms and recources.
void async Task<List<IUser>> GetRooms(IActiveDirectoryClient client)
{
var rooms = new List<IUser>();
var pagedUsers = await client.Users.ExecuteAsync();
while (pagedUsers != null &&
pagedUsers.CurrentPage != null)
{
// enumerate IUser objects
foreach (IUser u in pagedUsers.CurrentPage)
{
//TODO: HOW-TO CHECK IF ROOM
}
/* load next page */
}
return rooms;
}
My problem is:
I'd like to get to know from an IUser object if it is a room or resource but I do not know where to look.
There is no such object in the Azure AD. But you can extend the Azure AD User object to create custom properties :
Extend Azure Active Directory Schema using Graph API
Room mailbox is an object related to Exchange and Exchange online.
Related
I got a SaaS project that needs the use Hangfire. We already implemented the requirements to identify a tenant.
Architecture
Persistence Layer
Each tenant has it's own database
.NET Core
We already have a service TenantCurrentService which returns the ID of the tenant, from a list of source [hostname, query string, etc]
We already have a DbContextFactory for Entity Framework which return a DB context with the correct connection string for the client
We are currently using ASP.NET Core DI (willing to change if that helps)
Hangfire
Using single storage (eg: Postgresql), no matter the tenant count
Execute the job in an appropriate Container/ServiceCollection, so we retrieve the right database, right settings, etc.
The problem
I'm trying to stamp a TenantId to a job, retrieved from TenantCurrentService (which is a Scoped service).
When the job then gets executed, we need to retrieve the TenantId from the Job and store it in HangfireContext, so then the TenantCurrentService knows the TenantId retrieved from Hangfire. And from there, our application layer will be able to connect to the right database from our DbContextFactory
Current state
Currently, we have been able to store tenantId retrieved from our Service using a IClientFilter.
How can I retrieve my current ASP.NET Core DI ServiceScope from IServerFilter (which is responsible to retrieve the saved Job Parameters), so I can call .GetRequiredService().IdentifyTenant(tenantId)
Is there any good article regarding this matter / or any tips that you guys can provide?
First, you need to be able to set the TenantId in your TenantCurrentService.
Then, you can rely on filters :
client side (where you enqueue jobs)
public class ClientTenantFilter : IClientFilter
{
public void OnCreating(CreatingContext filterContext)
{
if (filterContext == null) throw new ArgumentNullException(nameof(filterContext));
filterContext.SetJobParameter("TenantId", TenantCurrentService.TenantId);
}
}
and server side (where the job is dequeued).
public class ServerTenantFilter : IServerFilter
{
public void OnPerforming(PerformingContext filterContext)
{
if (filterContext == null) throw new ArgumentNullException(nameof(filterContext));
var tenantId = filterContext.GetJobParameter<string>("TenantId");
TenantCurrentService.TenantId = tenantId;
}
}
The server filter can be declared when you configure your server through an IJobFilterProvider:
var options = new BackgroundJobServerOptions
{
Queues = ...,
FilterProvider = new ServerFilterProvider()
};
app.UseHangfireServer(storage, options, ...);
where ServerFilterProvider is :
public class ServerFilterProvider : IJobFilterProvider
{
public IEnumerable<JobFilter> GetFilters(Job job)
{
return new JobFilter[]
{
new JobFilter(new CaptureCultureAttribute(), JobFilterScope.Global, null),
new JobFilter(new ServerTenantFilter (), JobFilterScope.Global, null),
};
}
}
The client filter can be declared when you instantiate a BackgroundJobClient
var client = new BackgroundJobClient(storage, new BackgroundJobFactory(new ClientFilterProvider());
where ClientFilterProvider behaves as ServerFilterProvider, delivering client filter
A difficulty may be to have the TenantCurrentService available in the filters. I guess this should be achievable by injecting factories in the FilterProviders and chain it to the filters.
I hope this will help.
The title suggests it. Is there any way for the bot to detect when a user joined the guild and automatically grant that user a specific role? I want to automatically grant every user the "member" role, how can I achieve this? I am not at all experienced with C#.
I have tried this, with no success:
public async Task auto_role(SocketGuildUser user)
{
await user.AddRoleAsync((Context.Guild.Roles.FirstOrDefault(x => x.Name == "Member")));
}
If you wish to add a role to any newly joined guild member, you should not be touching the command system at all since, well, it's not a command!
What you do want to do is hook something like the UserJoined event, which is fired whenever a new user joins a guild.
So, for example, you may want to do something like this:
public class MemberAssignmentService
{
private readonly ulong _roleId;
public MemberAssignmentService(DiscordSocketClient client, ulong roleId)
{
// Hook the evnet
client.UserJoined += AssignMemberAsync;
// Note that we are using role identifier here instead
// of name like your original solution; this is because
// a role name check could easily be circumvented by a new role
// with the exact name.
_roleId = roleId;
}
private async Task AssignMemberAsync(SocketGuildUser guildUser)
{
var guild = guildUser.Guild;
// Check if the desired role exist within this guild.
// If not, we simply bail out of the handler.
var role = guild.GetRole(_roleId);
if (role == null) return;
// Check if the bot user has sufficient permission
if (!guild.CurrentUser.GuildPermissions.Has(GuildPermissions.ManageRoles)) return;
// Finally, we call AddRoleAsync
await guildUser.AddRoleAsync(role);
}
}
Due to a problem caused by having multiple forms on a single page, I used an AJAX call to a WebMethod to submit my form instead of using ASP controls. However, in doing this, the previous method I had used to create a new entry into my database no longer works because a WebMethod must be static.
I have authenticated my user already using ASPX authentication, and am trying to retrieve the username and ID of that user with codebehind. The user has already been authenticated on Page_Load, but it seems I cannot access this information through my WebMethod. Is this possible to do inside of a static WebMethod? Thank you for all of your help in advance!
[WebMethod]
public static void CreateJob()
{
Submit_Job();
}
public static void Submit_Job()
{
if (Page.User.Identity.IsAuthenticated)
{
try
{
string username = Context.User.Identity.Name;
}
catch
{
Context.GetOwinContext().Authentication.SignOut();
}
}
var manager = new UserManager();
var usernameDatabase = new ApplicationUser() { UserName = username };
usernameDatabase = manager.Find(username, "password here");
if (usernameDatabase != null)
{
IdentityHelper.SignIn(manager, usernameDatabase, isPersistent: false);
string jobTitle = Request.Form["jobTitle"];
using (var ctx = new CreateUserContext(ConfigurationManager.ConnectionStrings["myconnectionstring"].ConnectionString))
{
Job job = new Job()
{
job_title = jobTitle
};
ctx.Jobs.Add(job);
ctx.SaveChanges();
}
}
}
Edit:
There are errors for example with Page.User.Identity.IsAuthenticated -- Page, Context, and Request all appear that they cannot be static.
The specific error:
(An object reference is required for the non-static field, method, or property 'Control.Page') as well as with Context and Request.
Moving it from a simple comment
I had the same issue recently.
Luckily, whenever a user signs in our application, we store the user information encrypted into a session variable, so I retrieve that information, pass it to our user's class constructor, which decrypts it and I can use my logged in users info without a hassle.
So, my solution is to store the users info in the Session, but be careful what you store. Maybe serialize the users object and store in the session, then, whenever you need it
public void Page_Load()
{
// Retrieve authenticated user information
UserClass userObject = GetUserCredentials();
// Call a method that turns the authenticated user object into a string that contains the users session information. Given the sensivity of this information, might want to try to encrypt it or offuscate it. Store it in a session variable as a string
Session["UserContext"] = userObject.SerializeUser()
/* rest of the page code goes here */
}
[WebMethod(EnableSession=true)]
public static void CreateJob()
{
Submit_Job();
}
public static void Submit_Job()
{
// Lets get the authenticated user information through the session variable. Due to the static nature of the method, we can't access the Session variables directly, so we call it using the current HttpContext
string serializedUserInfo = )HttpContext.Current.Session["UserContext"].ToString();
// Let's create the users object. In my case, we have a overcharged constructor that receives the users serialized/encrypted information, descrypts it, deserializes it, and return a instance of the class with the deserialized information
UserClass userObject = new UserClass(serializedUserInfo);
// Do whatever the method has to do now!
}
On the subject of serialization, a quick google search with "c# object serialization" will bring you several good matches. XML and JSON are 2 of the most used kind of serialization, specially on web methods. Binary serialization is a good option to also obfuscate information of the logged in user
I have the following code that creates a band profile:
var bandProfile = _profileService.CreateBandProfile(model.BandProfile, file, UserId);
if (bandProfile != null)
{
userManager.AddToRole(UserId, "Band");
//Store the bandprofile ID anywhere?
return RedirectToAction("Index", "Welcome");
}
No I want to store and make the bandprofile ID accessible through the application. Keep It accessible while the user is logged in with the profile.
How can I accomplish this?
For example, to get the userId, you can do like this through the application:
UserId = System.Web.HttpContext.Current.User.Identity.GetUserId();
I want to do the same thing, but with bandprofileId.
There is some debate as to the "correctness" of doing so (linked below), but you can store the variable in HttpContext.Current.Application["BandProfile"].
if (bandProfile != null)
{
userManager.AddToRole(UserId, "Band");
//Store the bandprofile ID anywhere?
HttpContext.Current.Application["BandProfile"] = bandProfile;
return RedirectToAction("Index", "Welcome");
}
Alternatively, you can use a static variable in a class somewhere.
public static class BandProfile
{
public static whatever Profile;
}
if (bandProfile != null)
{
userManager.AddToRole(UserId, "Band");
//Store the bandprofile ID anywhere?
BandProfile.Profile = bandProfile;
return RedirectToAction("Index", "Welcome");
}
Here is a related question that deals with the same issue, and here is another.
EDIT:
To then access these variables, you can use
var bandProfile = HttpContext.Current.Application["BandProfile"];
or
var bandProfile = BandProfile.Profile;
According to Microsoft:
ASP.NET includes application state primarily for compatibility with classic ASP so that it is easier to migrate existing applications to ASP.NET. It is recommended that you store data in static members of the application class instead of in the Application object.
That said, you should use the static variable method. Static variables are available by calling ClassName.Variable and will exist for the duration of the app running. If the app is closed or the variable is otherwise changed, you will lose this information.
In order to save the information, it's necessary to write the contents of this variable to an external source (DB, file, etc.) and read it in when the app starts.
I would appreciate some pointers regarding data access/control in a MVC based multi tenant site:
Is there a better/more secure/elegant way to make sure that in a multi tenant site the user can handle only its own data.
There are number of tenants using same app: firstTenant.myapp.com, secondTenant.myapp.com...
//
// GET: /Customer/
// show this tenant's customer info only
public ViewResult Index()
{
//get TenantID from on server cache
int TenantID = Convert.ToInt16( new AppSettings()["TenantID"]);
return View(context.Customers.ToList().Where(c => c.TenantID == TenantID));
}
If a user logs in for the first time and there is no server side cache for this tenant/user- AppSettings checks in db and stores TenantID in the cache.
Each table in database contains the field TenantID and is used to limit access to data only to appropriate Tenant.
So, to come to the point, instead of checking in each action in each controller if data belong to current tenant, can I do something more 'productive'?
Example:
When firstTenant admin tries editing some info for user 4, url has:
http://firstTenant.myapp.com/User/Edit/4
Let's say that user with ID 2 belongs to secondTenant. Admin from firstTenant puts
http://firstTenant.myapp.com/User/Edit/2 in url, and tries getting info which is not owned by his company.
In order to prevent this in the controller I check if the info being edited is actually owned by current tenant.
//
// GET: /User/Edit/
public ActionResult Edit(int id)
{
//set tennant ID
int TenanatID = Convert.ToInt32(new AppSettings()["TenantID"]);
//check if asked info is actually owned by this tennant
User user = context.Userss.Where(u => u.TenantID == TenantID).SingleOrDefault(u => u.UserID == id);
//in case this tenant doesn't have this user ID, ie.e returned User == null
//something is wrong, so handle bad request
//
return View(user);
}
Basically this sort of setneeds to be placed in every controller where there is an access to any data. Is there (and how) a better way to handle this? (Filters, attributes...)
I choose to use action filters to do this. It may not be the most elegant solution, but it is the cleanest of the solutions we've tried so far.
I keep the tenant (in our case, it's a team) in the URL like this: https://myapp.com/{team}/tasks/details/1234
I use custom bindings to map {team} into an actual Team object so my action methods look like this:
[AjaxAuthorize, TeamMember, TeamTask("id")]
public ActionResult Details(Team team, Task id)
The TeamMember attribute verifies that the currently logged in user actually belongs to the team. It also verifies that the team actually exists:
public class TeamMemberAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
var httpContext = filterContext.RequestContext.HttpContext;
Team team = filterContext.ActionParameters["team"] as Team;
long userId = long.Parse(httpContext.User.Identity.Name);
if (team == null || team.Members.Where(m => m.Id == userId).Count() == 0)
{
httpContext.Response.StatusCode = 403;
ViewResult insufficientPermssions = new ViewResult();
insufficientPermssions.ViewName = "InsufficientPermissions";
filterContext.Result = insufficientPermssions;
}
}
}
Similarly, the TeamTask attribute ensures that the task in question actually belongs to the team.
Since my app is using subdomains (sub1.app.com, sub2.app.com.....) I basically choose to:
a) use something like the following code to cache info about tenants and
b) to call an action filter on each controller as suggested by Ragesh & Doc:
(Following code is from the blog on : http://www.developer.com/design/article.php/10925_3801931_2/Introduction-to-Multi-Tenant-Architecture.htm )
// <summary>
// This class is used to manage the Cached AppSettings
// from the Database
// </summary>
public class AppSettings
{
// <summary>
// This indexer is used to retrieve AppSettings from Memory
// </summary>
public string this[string Name]
{
get
{
//See if we have an AppSettings Cache Item
if (HttpContext.Current.Cache["AppSettings"] == null)
{
int? TenantID = 0;
//Look up the URL and get the Tenant Info
using (ApplContext dc =
new ApplContext())
{
Site result =
dc.Sites
.Where(a => a.Host ==
HttpContext.Current.Request.Url.
Host.ToLower())
.FirstOrDefault();
if (result != null)
{
TenantID = result.SiteID;
}
}
AppSettings.LoadAppSettings(TenantID);
}
Hashtable ht =
(Hashtable)HttpContext.Current.Cache["AppSettings"];
if (ht.ContainsKey(Name))
{
return ht[Name].ToString();
}
else
{
return string.Empty;
}
}
}
// <summary>
// This Method is used to load the app settings from the
// database into memory
// </summary>
public static void LoadAppSettings(int? TenantID)
{
Hashtable ht = new Hashtable();
//Now Load the AppSettings
using (ShoelaceContext dc =
new ShoelaceContext())
{
//settings are turned off
// no specific settings per user needed currently
//var results = dc.AppSettings.Where(a =>
// a.in_Tenant_Id == TenantID);
//foreach (var appSetting in results)
//{
// ht.Add(appSetting.vc_Name, appSetting.vc_Value);
//}
ht.Add("TenantID", TenantID);
}
//Add it into Cache (Have the Cache Expire after 1 Hour)
HttpContext.Current.Cache.Add("AppSettings",
ht, null,
System.Web.Caching.Cache.NoAbsoluteExpiration,
new TimeSpan(1, 0, 0),
System.Web.Caching.CacheItemPriority.NotRemovable, null);
}
}
If you want to execute common code like this on every Action in the Controller, you can do this:
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
// do your magic here, you can check the session and/or call the database
}
We have developed a multi tenant application using ASP.NET MVC as well and including the tenant ID in every query is a completely acceptable and really necessary thing to do. I'm not sure where you are hosting your application but if you can use SQL Azure they have a new product called Federations that allows you to easily manage multi tenant data. One nice feature is that when you open the connection you can specify the tenant ID and all queries executed thereafter will only effect that tenants data. It is essentially just including their tenant ID in every request for you so you don't have to do it manually. (Note that federating data is not a new concept, Microsoft just released their own implementation of it recently)