Skip to content

Instantly share code, notes, and snippets.

@bachoang

bachoang/Program.cs

Created May 11, 2020 03:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bachoang/c3dd1385e23ceb3f34c9cab163646979 to your computer and use it in GitHub Desktop.
Save bachoang/c3dd1385e23ceb3f34c9cab163646979 to your computer and use it in GitHub Desktop.
Download ZIP
AppRoleAssignment using Azure SDK for .NET
Raw
Program.cs
using Microsoft.Azure.Management.Graph.RBAC.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using System;
namespace AzureSDKNetConsoleApp
{
class Program
{
static void Main(string[] args)
{
var clientId = "<Your Application ID>";
var clientSecret = "<Your App Secret>";
var tenantId = "<Your Tenant Name or Directory ID>";
string userEmail = SdkContext.RandomResourceName("test", 30);
string userName = userEmail.Replace("test", "Test ");
string groupEmail = SdkContext.RandomResourceName("group1", 30);
string groupName = groupEmail.Replace("group1", "Group ");
var raName = SdkContext.RandomGuid();
IActiveDirectoryGroup group = null;
IActiveDirectoryUser user = null;
var credentials = SdkContext.AzureCredentialsFactory
.FromServicePrincipal(clientId, clientSecret, tenantId, AzureEnvironment.AzureGlobalCloud);
// authenticate to Azure AD
var authenticated = Microsoft.Azure.Management.Fluent.Azure
.Configure()
.Authenticate(credentials);
try
{
// create a new user
user = authenticated.ActiveDirectoryUsers
.Define(userName)
.WithEmailAlias(userEmail)
.WithPassword("StrongPass!12")
.Create();
// query for the user just created
var querieduser = authenticated.ActiveDirectoryUsers
.GetById(user.Id);
Console.WriteLine("User created: " + querieduser.Name);
}
catch (Exception e)
{
Console.WriteLine("error getting or creating user");
Console.WriteLine(e.ToString());
}
try
{
// create a new group
group = authenticated.ActiveDirectoryGroups
.Define(groupName)
.WithEmailAlias(groupEmail)
.Create();
// query for the group just created
var queriedgroup = authenticated.ActiveDirectoryGroups
.GetById(group.Id);
Console.WriteLine("Group created: " + queriedgroup.Name);
}
catch (Exception e)
{
Console.WriteLine("error getting or creating group");
Console.WriteLine(e.ToString());
}
if ((group != null) && (user != null))
{
try
{
// Update group membership
group.Update().WithMember(user).Apply();
Console.WriteLine("Add user " + user.Name + " to group " + group.Name);
}
catch (Exception e)
{
Console.WriteLine("error adding user to group");
Console.WriteLine(e.ToString());
}
}
foreach (IActiveDirectoryObject member in group.ListMembers())
{
Console.WriteLine("enumerating group memebers");
Console.WriteLine("Member: " + member.Id);
}
// get all subscriptions
var subscriptions = authenticated.Subscriptions.List();
foreach (ISubscription s in subscriptions)
{
Console.WriteLine("Subscription ID: " + s.SubscriptionId + ", Subscription Name: " + s.DisplayName);
}
// Create new RBAC Role Assignment
IRoleAssignment roleAssignment = authenticated.RoleAssignments
.Define(raName)
.ForGroup(group)
.WithRoleDefinition("/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.Storage/storageAccounts/<Storage Account Name>/blobServices/default/containers/<Blob Container Name>/providers/Microsoft.Authorization/roleDefinitions/<RBAC Role ID from step 4 above>")
.WithScope("subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.Storage/storageAccounts/<Storage Account Name>/blobServices/default/containers/<Blob Container Name>")
.Create();
Console.WriteLine("Added Role Assignment");
Console.WriteLine("Performing clean up. Hit Enter to continue");
Console.ReadLine();
try
{
// Revoke Role Assignment
authenticated.RoleAssignments.DeleteById(roleAssignment.Id);
Console.WriteLine("Deleted Role Assignment");
// Delete user
authenticated.ActiveDirectoryUsers.DeleteById(user.Id);
Console.WriteLine("Deleted User: " + user.Name);
// Delete group
authenticated.ActiveDirectoryGroups.DeleteById(group.Id);
Console.WriteLine("Deleted Group: " + group.Name);
}
catch (Exception e)
{
Console.WriteLine("error occurred:");
Console.WriteLine(e.ToString());
}
Console.WriteLine("End. Hit Enter to end.");
Console.ReadLine();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment