187 lines
7.5 KiB
PowerShell
187 lines
7.5 KiB
PowerShell
[CmdletBinding()]
|
|
param(
|
|
[PSCredential] $Credential,
|
|
[Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
|
|
[string] $tenantId,
|
|
[Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
|
|
[string] $azureEnvironmentName
|
|
)
|
|
|
|
#Requires -Modules AzureAD -RunAsAdministrator
|
|
|
|
<#
|
|
This script creates the Azure AD applications needed for this sample and updates the configuration files
|
|
for the visual Studio projects from the data in the Azure AD applications.
|
|
|
|
Before running this script you need to install the AzureAD cmdlets as an administrator.
|
|
For this:
|
|
1) Run Powershell as an administrator
|
|
2) in the PowerShell window, type: Install-Module AzureAD
|
|
|
|
There are four ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
|
|
#>
|
|
|
|
# Create a password that can be used as an application key
|
|
Function ComputePassword
|
|
{
|
|
$aesManaged = New-Object "System.Security.Cryptography.AesManaged"
|
|
$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
|
|
$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
|
|
$aesManaged.BlockSize = 128
|
|
$aesManaged.KeySize = 256
|
|
$aesManaged.GenerateKey()
|
|
return [System.Convert]::ToBase64String($aesManaged.Key)
|
|
}
|
|
|
|
# Create an application key
|
|
# See https://www.sabin.io/blog/adding-an-azure-active-directory-application-and-key-using-powershell/
|
|
Function CreateAppKey([DateTime] $fromDate, [double] $durationInYears, [string]$pw)
|
|
{
|
|
$endDate = $fromDate.AddYears($durationInYears)
|
|
$keyId = (New-Guid).ToString();
|
|
$key = New-Object Microsoft.Open.AzureAD.Model.PasswordCredential
|
|
$key.StartDate = $fromDate
|
|
$key.EndDate = $endDate
|
|
$key.Value = $pw
|
|
$key.KeyId = $keyId
|
|
return $key
|
|
}
|
|
|
|
Function ReplaceInLine([string] $line, [string] $key, [string] $value)
|
|
{
|
|
$index = $line.IndexOf($key)
|
|
if ($index -ige 0)
|
|
{
|
|
$index2 = $index+$key.Length
|
|
$line = $line.Substring(0, $index) + $value + $line.Substring($index2)
|
|
}
|
|
return $line
|
|
}
|
|
|
|
Function ReplaceInTextFile([string] $configFilePath, [System.Collections.HashTable] $dictionary)
|
|
{
|
|
$lines = Get-Content $configFilePath
|
|
$index = 0
|
|
while($index -lt $lines.Length)
|
|
{
|
|
$line = $lines[$index]
|
|
foreach($key in $dictionary.Keys)
|
|
{
|
|
if ($line.Contains($key))
|
|
{
|
|
$lines[$index] = ReplaceInLine $line $key $dictionary[$key]
|
|
}
|
|
}
|
|
$index++
|
|
}
|
|
|
|
Set-Content -Path $configFilePath -Value $lines -Force
|
|
}
|
|
|
|
Set-Content -Value "<html><body><table>" -Path createdApps.html
|
|
Add-Content -Value "<thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>" -Path createdApps.html
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
Function ConfigureApplications
|
|
{
|
|
<#.Description
|
|
This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
|
|
configuration files in the client and service project of the visual studio solution (App.Config and Web.Config)
|
|
so that they are consistent with the Applications parameters
|
|
#>
|
|
$commonendpoint = "common"
|
|
|
|
if (!$azureEnvironmentName)
|
|
{
|
|
$azureEnvironmentName = "AzureCloud"
|
|
}
|
|
|
|
# $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
|
|
# into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
|
|
|
|
# Login to Azure PowerShell (interactive if credentials are not already provided:
|
|
# you'll need to sign-in with creds enabling your to create apps in the tenant)
|
|
if (!$Credential -and $TenantId)
|
|
{
|
|
$creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
|
|
}
|
|
else
|
|
{
|
|
if (!$TenantId)
|
|
{
|
|
$creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
|
|
}
|
|
else
|
|
{
|
|
$creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
|
|
}
|
|
}
|
|
|
|
if (!$tenantId)
|
|
{
|
|
$tenantId = $creds.Tenant.Id
|
|
}
|
|
|
|
|
|
|
|
$tenant = Get-AzureADTenantDetail
|
|
$tenantName = ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
|
|
|
|
# Get the user running the script to add the user as the app owner
|
|
$user = Get-AzureADUser -ObjectId $creds.Account.Id
|
|
|
|
# Create the webApp AAD application
|
|
Write-Host "Creating the AAD application (ms-identity-node)"
|
|
# Get a 2 years application key for the webApp Application
|
|
$pw = ComputePassword
|
|
$fromDate = [DateTime]::Now;
|
|
$key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
|
|
$webAppAppKey = $pw
|
|
# create the application
|
|
$webAppAadApplication = New-AzureADApplication -DisplayName "ms-identity-node" `
|
|
-HomePage "http://localhost:3000" `
|
|
-ReplyUrls "http://localhost:3000/redirect" `
|
|
-IdentifierUris "https://$tenantName/ms-identity-node" `
|
|
-PasswordCredentials $key `
|
|
-PublicClient $False
|
|
|
|
# create the service principal of the newly created application
|
|
$currentAppId = $webAppAadApplication.AppId
|
|
$webAppServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
|
|
|
|
# add the user running the script as an app owner if needed
|
|
$owner = Get-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId
|
|
if ($owner -eq $null)
|
|
{
|
|
Add-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId -RefObjectId $user.ObjectId
|
|
Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($webAppServicePrincipal.DisplayName)'"
|
|
}
|
|
|
|
|
|
Write-Host "Done creating the webApp application (ms-identity-node)"
|
|
|
|
# URL of the AAD application in the Azure portal
|
|
# Future? $webAppPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$webAppAadApplication.AppId+"/objectId/"+$webAppAadApplication.ObjectId+"/isMSAApp/"
|
|
$webAppPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$webAppAadApplication.AppId+"/objectId/"+$webAppAadApplication.ObjectId+"/isMSAApp/"
|
|
Add-Content -Value "<tr><td>webApp</td><td>$currentAppId</td><td><a href='$webAppPortalUrl'>ms-identity-node</a></td></tr>" -Path createdApps.html
|
|
|
|
|
|
# Update config file for 'webApp'
|
|
$configFile = $pwd.Path + "\..\index.js"
|
|
Write-Host "Updating the sample code ($configFile)"
|
|
$dictionary = @{ "Enter_the_Application_Id_Here" = $webAppAadApplication.AppId;"Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here" = 'https://login.microsoftonline.com/common';"Enter_the_Client_Secret_Here" = $webAppAppKey };
|
|
ReplaceInTextFile -configFilePath $configFile -dictionary $dictionary
|
|
|
|
Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html
|
|
}
|
|
|
|
# Pre-requisites
|
|
if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) {
|
|
Install-Module "AzureAD" -Scope CurrentUser
|
|
}
|
|
|
|
Import-Module AzureAD
|
|
|
|
# Run interactively (will ask you for the tenant ID)
|
|
ConfigureApplications -Credential $Credential -tenantId $TenantId |