Framework/Helpers/IdentityHelpers.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
Set-StrictMode -Version Latest 

class IdentityHelpers
{

    hidden static [bool] IsServiceAccount($ObjectId, $SignInName, $ObjectType, $GraphAccessToken)
    {
        $return = $null            
        $header = "Bearer " + $GraphAccessToken
        $RMContext = Get-AzureRmContext -ErrorAction Ignore
        $headers = @{"Authorization"=$header;"Content-Type"="application/json"}
        $uri=""    
        $output = $null
        if($ObjectType -eq "User")
        {
            if($null -ne $ObjectId -and [System.Guid]::Empty -ne $ObjectId)
            {
                $uri = [string]::Format("https://graph.windows.net/{0}/users/{1}?api-version=1.6",$RMContext.Tenant.Id, $ObjectId)
            }
            elseif ($null -ne $SignInName) {
                $uri = [string]::Format("https://graph.windows.net/{0}/users/{1}?api-version=1.6",$RMContext.Tenant.Id, $SignInName)        
            }
            else {
                return $false
            }
        }
        elseif($ObjectType -eq "ServicePrincipal"){
            return $false
        }
        else
        {
            #in the case of coadmins
            return $false
        }
    
        $err = $null
        $result = ""
        try { 
                $result = Invoke-WebRequest -Method GET -Uri $uri -Headers $headers -UseBasicParsing
                if($result.StatusCode -ge 200 -and $result.StatusCode -le 399){
                    if($null -ne $result.Content){
                        $json = (ConvertFrom-Json $result.Content)
                        if($null -ne $json){
                            $output = $json
                            if($null -ne ($json | Get-Member value) )
                            {
                                $output = $json.value
                            }
                        }
                    }
                    $isGuid = [IdentityHelpers]::IsADObjectGUID($output.immutableId)
                    return $isGuid          
                }  
            } 
        catch{ 
            $err = $_ 
            if($null -ne $err)
            {
                if($null -ne $err.ErrorDetails.Message){
                    $json = (ConvertFrom-Json $err.ErrorDetails.Message)
                    if($null -ne $json){
                        $return = $json
                        if($json.'odata.error'.code -eq "Request_ResourceNotFound")
                        {
                            return $false;
                        }
                    }
                }
            }
        }
        return $null 
    }


    hidden static [bool] IsADObjectGUID($immutableId){        
        try {
            $decodedII = [system.convert]::frombase64string($immutableId)
            $guid = [GUID]$decodedII    
        }
        catch {
            return $false
        }
        return $true
    }
}