How to check if an azure active directory user is already in an approle

Question

I've created an Azure active directory user and added the user to app roles. Now i am retrieving this user and attempting to add it to more app roles.

var activeDirectoryUser = client.Users.Where(u => u.UserPrincipalName == user.UserName).ExecuteSingleAsync().Result as User;

As a precaution i want to first check if the user is already in an app role before adding however the problem is that the ApproleAssignments field on the User object is always empty. Even thou the user has app role assignments and i get an error if i try and add the user to the same app role.

Creating new app role assignment.

var appRoleAssignment = new AppRoleAssignment
{
    Id = appRole.Id,
    ResourceId = Guid.Parse(servicePrincpal.ObjectId),
    PrincipalType = "User",
    PrincipalId = Guid.Parse(user.ObjectId)
};

if(IsUserInAppRole(user,appRoleAssignment))return;

user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();

Checking if user is in app role.

private bool IsUserInAppRole(User user, AppRoleAssignment appRoleAssignment)
{
    var userInApprole = user.AppRoleAssignments.Where(ara => ara.ObjectId == appRoleAssignment.Id.ToString());
    return userInApprole.Any();
}

I'm using the latest version of Microsoft.Azure.ActiveDirectory.GraphClient library

Answer 1

Sorry for the late response. The following code worked for me. Not sure if you need to use the IUserFetcher interface, but your LINQ query fails because you are comparing the objectID of the assignment, with the appRole Id. What you need to compare is the ID of the assignment.

var userFetcher = user as IUserFetcher;
IPagedCollection<IAppRoleAssignment> rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;

IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
IAppRoleAssignment a = null;
a = assignments.Where(ara => ara.Id.Equals(appRole.Id)).First();
if (a != null) {
    Console.WriteLine("Found assignment {0} for user {1}", appRole.Id, user.DisplayName);
}

Hope this helps...

Answer 2

var userFetcher = user as IUserFetcher; 
IPagedCollection rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();

Above lines of code is causing exception due to casting not done, if cast it as:

IPagedCollection rawObjects = 
         (IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;

IList<IAppRoleAssignment> assignments = 
         (IList<IAppRoleAssignment>)rawObjects.CurrentPage.ToList();

Code get compiled successfully but gives runtime exception as:

Cannot implicitly convert type 'System.Collections.Generic.List' to 'System.Collections.Generic.IList'. An explicit conversion exists (are you missing a cast?)

Could you please guide how to use those two statements?

Update:

private static bool IsUserInRole(User user, AppRole appRole, bool roleAlreadyAssigned = false)
        {
        var userFetcher = user as IUserFetcher;
        IPagedCollection rawObjects = (IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;

        foreach (IAppRoleAssignment item in rawObjects.CurrentPage)
            {
            if (item.Id == appRole.Id)
                {
                roleAlreadyAssigned = true; break;
                }

            }
        return roleAlreadyAssigned;
        }

The above code worked for me. Try this, hope this will help :)