diff --git a/CS/TokenCacheHelperEx.cs b/CS/TokenCacheHelperEx.cs
new file mode 100644
index 0000000..4dc2837
--- /dev/null
+++ b/CS/TokenCacheHelperEx.cs
@@ -0,0 +1,57 @@
+// Updated original code from
+// Added support for custom file location
+// https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization#simple-token-cache-serialization-msal-only
+
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using Microsoft.Identity.Client;
+
+public static class TokenCacheHelperEx
+{
+ public static void EnableSerialization(ITokenCache tokenCache, String fileName = @"%LOCALAPPDATA%\GraphPowerShellManager\MSALToken.bin")
+ {
+ tokenCache.SetBeforeAccess(BeforeAccessNotification);
+ tokenCache.SetAfterAccess(AfterAccessNotification);
+
+ CacheFilePath = Environment.ExpandEnvironmentVariables(fileName);
+ }
+
+ ///
+ /// Path to the token cache
+ ///
+
+ public static string CacheFilePath { get; private set;}
+
+ private static readonly object FileLock = new object();
+
+ private static void BeforeAccessNotification(TokenCacheNotificationArgs args)
+ {
+ lock (FileLock)
+ {
+ args.TokenCache.DeserializeMsalV3(File.Exists(CacheFilePath)
+ ? ProtectedData.Unprotect(File.ReadAllBytes(CacheFilePath),
+ null,
+ DataProtectionScope.CurrentUser)
+ : null);
+ }
+ }
+
+ private static void AfterAccessNotification(TokenCacheNotificationArgs args)
+ {
+ // if the access operation resulted in a cache update
+ if (args.HasStateChanged)
+ {
+ lock (FileLock)
+ {
+ Directory.CreateDirectory(Path.GetDirectoryName(CacheFilePath));
+ // reflect changes in the persistent store
+ File.WriteAllBytes(CacheFilePath,
+ ProtectedData.Protect(args.TokenCache.SerializeMsalV3(),
+ null,
+ DataProtectionScope.CurrentUser)
+ );
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/CloudAPIPowerShellManagement.psd1 b/CloudAPIPowerShellManagement.psd1
new file mode 100644
index 0000000..3ca7eb2
Binary files /dev/null and b/CloudAPIPowerShellManagement.psd1 differ
diff --git a/CloudAPIPowerShellManagement.psm1 b/CloudAPIPowerShellManagement.psm1
new file mode 100644
index 0000000..fe812a9
--- /dev/null
+++ b/CloudAPIPowerShellManagement.psm1
@@ -0,0 +1,108 @@
+#region Console functions
+
+# https://stackoverflow.com/questions/40617800/opening-powershell-script-and-hide-command-prompt-but-not-the-gui
+Add-Type -Name Window -Namespace Console -MemberDefinition '
+[DllImport("Kernel32.dll")]
+public static extern IntPtr GetConsoleWindow();
+
+[DllImport("user32.dll")]
+public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow);
+
+[DllImport("kernel32.dll", SetLastError = true)]
+public static extern bool SetConsoleIcon(IntPtr hIcon);
+
+[DllImport("user32.dll")]
+public static extern int SendMessage(int hWnd, uint wMsg, uint wParam, IntPtr lParam);
+'
+
+function Show-Console
+{
+ $consolePtr = [Console.Window]::GetConsoleWindow()
+
+ # Hide = 0,
+ # ShowNormal = 1,
+ # ShowMinimized = 2,
+ # ShowMaximized = 3,
+ # Maximize = 3,
+ # ShowNormalNoActivate = 4,
+ # Show = 5,
+ # Minimize = 6,
+ # ShowMinNoActivate = 7,
+ # ShowNoActivate = 8,
+ # Restore = 9,
+ # ShowDefault = 10,
+ # ForceMinimized = 11
+
+ [Console.Window]::ShowWindow($consolePtr, 4)
+}
+
+function Hide-Console
+{
+ $consolePtr = [Console.Window]::GetConsoleWindow()
+ #0 hide
+ [Console.Window]::ShowWindow($consolePtr, 0) | Out-Null
+}
+
+#endregion
+
+# Unblock all files
+# Not 100% OK but avoid issues with loading blocked files
+function Unblock-AllFiles
+{
+ param($folder)
+
+ (Get-ChildItem $folder -force | Where-Object {! $_.PSIsContainer}) | Unblock-File
+
+ foreach($subFolder in (Get-ChildItem $folder -force | Where-Object {$_.PSIsContainer}))
+ {
+ Unblock-AllFiles $subFolder.FullName
+ }
+}
+
+function Initialize-CloudAPIManagement
+{
+ [CmdletBinding(SupportsShouldProcess=$True)]
+ param(
+ [string]
+ $View = "",
+ [switch]
+ $ShowConsoleWindow
+ )
+
+ $global:wpfNS = "xmlns='http://schemas.microsoft.com/winfx/2006/xaml/presentation' xmlns:x='http://schemas.microsoft.com/winfx/2006/xaml'"
+
+ [void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
+ Add-Type -AssemblyName PresentationFramework
+
+ try
+ {
+ [xml]$xaml = Get-Content ([IO.Path]::GetDirectoryName($PSCommandPath) + "\Xaml\SplashScreen.xaml")
+ $global:SplashScreen = ([Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $xaml)))
+ $global:txtSplashTitle = $global:SplashScreen.FindName("txtSplashTitle")
+ $global:txtSplashText = $global:SplashScreen.FindName("txtSplashText")
+
+ $global:txtSplashTitle.Text = ("Initializing Cloud API PowerShell Management")
+
+ $global:SplashScreen.Show() | Out-Null
+ [System.Windows.Forms.Application]::DoEvents()
+ }
+ catch
+ {
+
+ }
+
+ if($ShowConsoleWindow -ne $true)
+ {
+ Hide-Console
+ }
+
+ $global:txtSplashText.Text = "Unblock files"
+ [System.Windows.Forms.Application]::DoEvents()
+ Unblock-AllFiles $PSScriptRoot
+
+ $global:txtSplashText.Text = "Load core module"
+ [System.Windows.Forms.Application]::DoEvents()
+ Import-Module ($PSScriptRoot + "\Core.psm1") -Force -Global
+
+ Start-CoreApp $View
+}
diff --git a/Core.psm1 b/Core.psm1
new file mode 100644
index 0000000..fd2a093
--- /dev/null
+++ b/Core.psm1
@@ -0,0 +1,1435 @@
+<#
+.SYNOPSIS
+Core UI and Settings fatures for the CloudAPIPowerShellManager solution
+
+.DESCRIPTION
+This module handles the WPF UI
+
+.NOTES
+ Version: 3.0.0
+ Author: Mikael Karlsson
+#>
+
+function Get-ModuleVersion
+{
+ '3.0.0'
+}
+
+function Start-CoreApp
+{
+ param($View)
+
+ if(-not $global:defaultGlobalVariables)
+ {
+ $global:defaultGlobalVariables = Get-Variable -Scope Global
+ }
+
+ $global:useDefaultFolderDialog = $false
+ $global:WindowsAPICodePackLoaded = $false
+
+ $global:loadedModules = @()
+ $global:viewObjects = @()
+
+ $global:AppRootFolder = $PSScriptRoot
+
+ # Load all modules in the Modules folder
+ $global:modulesPath = [IO.Path]::GetDirectoryName($PSCommandPath) + "\Extensions"
+
+ #Import-Module ($PSScriptRoot + "\Core.psm1") -Force -Global
+
+ Add-DefaultSettings
+
+ Write-Log "#####################################################################################"
+ Write-Log "Application started"
+ Write-Log "#####################################################################################"
+
+ if(Test-Path $global:modulesPath)
+ {
+ Import-AllModules
+ }
+ else
+ {
+ Write-Warning "Extensions folder $($global:modulesPath) not found. Aborting..." 3
+ exit 1
+ }
+
+ $global:Debug = Get-SettingValue "Debug"
+ $global:currentViewObject = $null
+ $global:FirstTimeRunning = ((Get-Setting "" "FirstTimeRunning" "true") -eq "true")
+ $global:MainAppStarted = $false
+
+ $global:txtSplashText.Text = "Initialize views"
+ [System.Windows.Forms.Application]::DoEvents()
+
+ Invoke-ModuleFunction "Invoke-InitializeModule"
+
+ #This will load the main window
+ $global:txtSplashText.Text = "Load main window"
+ [System.Windows.Forms.Application]::DoEvents()
+ Get-MainWindow
+
+ if($global:window)
+ {
+ $global:txtSplashText.Text = "Open default view"
+ [System.Windows.Forms.Application]::DoEvents()
+
+ Show-View $View
+
+ Invoke-ModuleFunction "Invoke-ShowMainWindow"
+
+ $global:txtSplashText.Text = "Open main window"
+ [System.Windows.Forms.Application]::DoEvents()
+ $global:window.ShowDialog() | Out-Null
+ }
+}
+
+function Import-AllModules
+{
+ foreach($file in (Get-Item -path "$($global:modulesPath)\*.psm1"))
+ {
+ $fileName = [IO.Path]::GetFileName($file)
+ if($skipModules -contains $fileName) { Write-Warning "Module $fileName excluded"; continue; }
+
+ $global:txtSplashText.Text = "Import module $fileName"
+ [System.Windows.Forms.Application]::DoEvents()
+
+ $module = Import-Module $file -PassThru -Force -Global -ErrorAction SilentlyContinue
+ if($module)
+ {
+ $global:loadedModules += $module
+ Write-Host "Module $($module.Name) loaded successfully"
+ }
+ else
+ {
+ Write-Warning "Failed to load module $file"
+ }
+ }
+}
+
+#region Log functions
+function Write-Log
+{
+ param($Text, $type = 1)
+
+ if($script:logFailed -eq $true) { return }
+
+ if(-not $global:logFile) { $global:logFile = Get-SettingValue "LogFile" ([IO.Path]::Combine($global:AppRootFolder,"CloudAPIPowerShellManagement.log")) }
+
+ if(-not $global:logFileMaxSize) { [Int64]$global:logFileMaxSize = Get-SettingValue "LogFileSize" 1024; $global:logFileMaxSize = $global:logFileMaxSize * 1kb }
+
+ $fi = [IO.FileInfo]$global:logFile
+
+ if($fi.Length -gt $global:logFileMaxSize)
+ {
+ # Larger than max size. Rename current to .bak
+ # Delete current .bak if it exists
+ $bakFile = ($fi.DirectoryName + "\" + $fi.BaseName + ".lo_")
+ if([IO.File]::Exists($bakFile))
+ {
+ try
+ {
+ [IO.File]::Delete($bakFile)
+ }
+ catch { }
+ }
+ try
+ {
+ $fi.MoveTo($bakFile)
+ }
+ catch { }
+ }
+
+ try
+ {
+ $logPath = [IO.Path]::GetDirectoryName($global:logFile)
+ if(-not (Test-Path $logPath)) { mkdir -Path $logPath -Force -ErrorAction SilentlyContinue | Out-Null }
+ }
+ catch
+ {
+ $script:logFailed = $true
+ return
+ }
+
+ $date = Get-Date
+
+ if($global:PSCommandPath)
+ {
+ $fileObj = [System.IO.FileInfo]$global:PSCommandPath
+ }
+ else
+ {
+ $fileObj = [System.IO.FileInfo]$PSCommandPath
+ }
+
+ $timeStr = "$($date.ToString(""HH"")):$($date.ToString(""mm"")):$($date.ToString(""ss"")).000+000"
+ $dateStr = "$($date.ToString(""MM""))-$($date.ToString(""dd""))-$($date.ToString(""yyyy""))"
+ $logOut = ""
+
+ if($type -eq 2)
+ {
+ Write-Warning $Text
+ }
+ elseif($type -eq 3)
+ {
+ $host.ui.WriteErrorLine($Text)
+ }
+ else
+ {
+ write-host $Text
+ }
+
+ try
+ {
+ out-file -filePath $global:logFile -append -encoding "ASCII" -inputObject $logOut
+ }
+ catch { }
+}
+
+function Write-LogDebug
+{
+ param($Text, $type = 1)
+
+ if($global:Debug)
+ {
+ Write-Log ("Debug: " + $text) $type
+ }
+}
+
+function Write-LogError
+{
+ param($Text, $Exception)
+
+ if($Text -and $Exception.message)
+ {
+ $Text += " Exception: $($Exception.Message)"
+ }
+
+ Write-Log $Text 3
+}
+
+function Write-Status
+{
+ param($Text, [switch]$SkipLog, [switch]$Block, [switch]$Force)
+
+ if(-not $text) { $global:BlockStatusUpdates = $false }
+ elseif($global:BlockStatusUpdates -eq $true -and $Force -ne $true) { return }
+ elseif($Block -eq $true) { $global:BlockStatusUpdates = $true }
+
+ $global:txtInfo.Content = $Text
+ if($text)
+ {
+ $global:grdStatus.Visibility = "Visible"
+ if($SkipLog -ne $true) { Write-Log $text }
+ }
+ else
+ {
+ $global:grdStatus.Visibility = "Collapsed"
+ }
+
+ [System.Windows.Forms.Application]::DoEvents()
+}
+
+#endregion
+
+#region Popup
+function Show-Popup
+{
+ param($popup)
+
+ if(-not $global:grdPopup -or -not $global:cvsPopup) { return }
+
+ $global:cvsPopup.AddChild($popup) | Out-Null
+ $global:grdPopup.Visibility = "Visible"
+
+ [System.Windows.Forms.Application]::DoEvents()
+}
+
+function Hide-Popup
+{
+ if(-not $global:grdPopup -or -not $global:cvsPopup) { return }
+ $global:cvsPopup.Children.Clear()
+ $global:grdPopup.Visibility = "Collapsed"
+ [System.Windows.Forms.Application]::DoEvents()
+}
+#endregion
+
+#region Xaml functions
+
+function Set-XamlProperty
+{
+ param($xamlObj, $controlName, $propertyName, $value)
+
+ $obj = $xamlObj.FindName($controlName)
+
+ try
+ {
+ if($obj)
+ {
+ $obj."$propertyName" = $value
+ }
+ else
+ {
+ Write-Log "Could not find object with name $controlName" 3
+ }
+ }
+ catch
+ {
+ Write-LogError "Failed to set Xaml property value. Control: $controlName. Property: $propertyName. Error:" $_.Exception
+ }
+}
+
+function Get-XamlProperty
+{
+ param($xamlObj, $controlName, $propertyName, $defaultValue)
+
+ $obj = $xamlObj.FindName($controlName)
+
+ try
+ {
+ if($obj)
+ {
+ return (?? $obj."$propertyName" $null)
+ }
+ else
+ {
+ Write-Log "Could not find object with name $controlName" 3
+ }
+ }
+ catch
+ {
+ Write-LogError "Failed to set Xaml property value. Control: $controlName. Property: $propertyName. Error:" $_.Exception
+ }
+}
+
+function Add-XamlEvent
+{
+ param($xamlObj, $controlName, $eventName, $scriptBlock)
+
+ try {
+ $obj = $xamlObj.FindName($controlName)
+ if($obj)
+ {
+ $obj."$eventName"($scriptBlock)
+ }
+ else
+ {
+ Write-Log "Failed to add Xaml event $eventName to $controlName. Control not found" 3
+ }
+ }
+ catch
+ {
+ Write-LogError "Failed to add Xaml event $eventName to $controlName. Error:" $_.Exception
+ }
+}
+
+function Add-XamlVariables
+{
+ param($xaml, $obj)
+
+ # Generate a global variable for each object with Name property set
+ # Ref: https://learn-powershell.net/2014/08/10/powershell-and-wpf-radio-button/
+ $xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | ForEach-Object {
+ Write-LogDebug "Add global variable $($_.Name)"
+ New-Variable -Name $_.Name -Value $obj.FindName($_.Name) -Force -Scope Global
+ }
+}
+
+function Get-XamlObject
+{
+ param($fileName, [switch]$AddVariables)
+
+ if(([IO.File]::Exists($fileName)))
+ {
+ try
+ {
+ [xml]$xaml = Get-Content $fileName
+
+ $xamlObj = ([Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $xaml)))
+
+ if($xamlObj -and $AddVariables -eq $true)
+ {
+ Add-XamlVariables $xaml $xamlObj
+ }
+ return $xamlObj
+ }
+ catch
+ {
+ Write-LogError "Failed to load Xaml file $fileName. Error:" $_.Exception
+ }
+ }
+ else
+ {
+ Write-Log "Failed to open Xaml file. File not found: $fileName"
+ }
+}
+
+#endregion
+
+#region Dialogs
+
+function Show-AboutDialog
+{
+ $script:dlgAbout = Get-XamlObject ($global:AppRootFolder + "\Xaml\AboutDialog.xaml")
+ if(-not $script:dlgAbout) { return }
+
+ $loadedItems = @()
+ $externalModules = @("MSAL.PS","Az.Account")
+ $externalAssemblies = @("Microsoft.Identity.Client.dll")
+
+ foreach($module in (((Get-Module | Where-Object { $_.ModuleBase -like "$($global:AppRootFolder)*" -or $_.Name -in $externalModules }))))
+ {
+ $ver = $module.Version
+ if($module.Version.Major -eq 0 -and $module.Version.Minor -eq 0)
+ {
+ $cmd = $module.ExportedFunctions["Get-ModuleVersion"]
+ if($cmd)
+ {
+ $tmpVer = Invoke-Command -ScriptBlock $cmd.ScriptBlock
+ $ver = ?? $tmpVer $ver
+ }
+ }
+
+ $loadedItems += (New-Object PSObject -Property @{
+ Name = $module.Name
+ Version = $ver
+ Type = "PSModule"
+ })
+ }
+
+ $assms = [System.AppDomain]::CurrentDomain.GetAssemblies() | Where { $_.GlobalAssemblyCache -eq $false -and [String]::IsNullOrEmpty($_.Location) -eq $false }
+ foreach($assmName in $externalAssemblies)
+ {
+ $assmObjs = $assms | Where { $_.Location -like "*\$($assmName)" }
+ foreach($assmObj in $assmObjs)
+ {
+ try
+ {
+ $fi = [IO.FileInfo]"$($assmObj.Location)"
+ $loadedItems += (New-Object PSObject -Property @{
+ Name = $fi.Name
+ Version = $fi.VersionInfo.FileVersion
+ Type = "Assembly"
+ })
+ }
+ catch {}
+ }
+ }
+
+ Set-XamlProperty $script:dlgAbout "txtTitle" "Text" "CloudAPIPowerShellManagement"
+ Set-XamlProperty $script:dlgAbout "txtViewTitle" "Text" ("Current view: " + $global:currentViewObject.ViewInfo.Title)
+ if($global:currentViewObject.ViewInfo.Description)
+ {
+ Set-XamlProperty $script:dlgAbout "txtViewDescription" "Text" $global:currentViewObject.ViewInfo.Description
+ }
+
+ Set-XamlProperty $script:dlgAbout "lstModules" "ItemsSource" $loadedItems
+
+ Add-XamlEvent $script:dlgAbout "linkSource" "Add_RequestNavigate" ({ [System.Diagnostics.Process]::Start($_.Uri.AbsoluteUri); $_.Handled = $true })
+
+ Show-ModalForm "About" $script:dlgAbout
+}
+
+function Show-InputDialog
+{
+ param(
+ $FormTitle = "Input",
+ $FormText,
+ $DefaultValue)
+
+ $script:inputBox = Get-XamlObject ($global:AppRootFolder + "\Xaml\InputDialog.xaml")
+ if(-not $script:inputBox) { return }
+
+ $script:inputBox.Title = $FormTitle
+
+ Set-XamlProperty $script:inputBox "txtLabel" "Content" $FormText
+ Set-XamlProperty $script:inputBox "txtValue" "Text" $DefaultValue
+
+ $script:txtValue = $script:inputBox.FindName("txtValue")
+
+ Add-XamlEvent $script:inputBox "btnOk" "Add_Click" ({ $script:inputBox.Close() })
+ Add-XamlEvent $script:inputBox "btnCancel" "Add_Click" ({ $script:txtValue.Text ="";$script:inputBox.Close() })
+
+ $inputBox.Add_ContentRendered({
+ $script:txtValue.SelectAll();
+ $script:txtValue.Focus();
+ })
+
+ $inputBox.ShowDialog() | Out-null
+
+ return $script:txtValue.Text
+}
+
+function Show-ModalForm
+{
+ param(
+ $FormTitle = "",
+ $formObject,
+ [switch]$HideButtons)
+
+ $xamlStr = Get-Content ($global:AppRootFolder + "\Xaml\ModalForm.xaml")
+
+ $modalForm = [Windows.Markup.XamlReader]::Parse($xamlStr)
+
+ if($HideButtons -eq $true)
+ {
+ Set-XamlProperty $modalForm "spButtons" "Visibility" "Collapsed"
+ }
+ else
+ {
+ Add-XamlEvent $modalForm "btnClose" "Add_Click" ({
+ Show-ModalObject
+ })
+ }
+
+ Set-XamlProperty $modalForm "txtTitle" "Text" $FormTitle
+
+ $grdModalContainer = $modalForm.FindName("grdModalContainer")
+ if($grdModalContainer -and $formObject)
+ {
+ $formObject.SetValue([System.Windows.Controls.Grid]::RowProperty,1)
+ $grdModalContainer.Children.Add($formObject) | Out-Null
+ }
+ Show-ModalObject $modalForm
+}
+function Show-ModalObject
+{
+ param( $obj )
+
+ if($obj)
+ {
+ $obj.SetValue([System.Windows.Controls.Grid]::RowProperty,1)
+ $obj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ $global:grdModal.Children.Add($obj) | Out-Null
+ $global:grdModal.Visibility = "Visible"
+ }
+ else
+ {
+ $global:grdModal.Children.Clear()
+ $global:grdModal.Visibility = "Collapsed"
+ }
+
+ [System.Windows.Forms.Application]::DoEvents()
+}
+#endregion
+
+#region Controls
+function Show-AuthenticationInfo
+{
+ if($global:grdMenu)
+ {
+ $global:txtSplashText.Text = "Get profile picture"
+ [System.Windows.Forms.Application]::DoEvents()
+
+ $authenticationProvider = $global:currentViewObject.ViewInfo.Authentication
+ if($global:grdMenu.Children[-1].Tag -eq "ProfilePicture")
+ {
+ $global:grdMenu.Children.Remove($global:grdMenu.Children[-1])
+ }
+
+ if($authenticationProvider.ProfilePicture)
+ {
+ $profileObj = & $authenticationProvider.ProfilePicture -Size 24 -Fontsize 12 -Popup -AuthenticationProvider $authenticationProvider
+ if($profileObj)
+ {
+ $profileObj.Tag = "ProfilePicture"
+ $profileObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1) | Out-Null
+ $global:grdMenu.Children.Add($profileObj) | Out-Null
+ }
+ }
+ [System.Windows.Forms.Application]::DoEvents()
+ }
+}
+#endregion
+
+#region Generic functions
+function Invoke-Coalesce ($value, $default)
+{
+ # Use IsNullOrEmpty instead of -not
+ if ([String]::IsNullOrEmpty($value)) { $value = $default }
+
+ return $value
+}
+
+function Invoke-IfTrue ($expression, $valueIfTrue, $valueIfFalse)
+{
+ if ($expression) { return $valueIfTrue }
+ else { return $valueIfFalse }
+}
+
+function Set-ObjectGrid
+{
+ param( $obj )
+
+ if($obj)
+ {
+ $global:grdObject.Children.Add($obj)
+ $global:grdObject.Visibility = "Visible"
+ }
+ else
+ {
+ $global:grdObject.Children.Clear()
+ $global:grdObject.Visibility = "Collapsed"
+ }
+
+ [System.Windows.Forms.Application]::DoEvents()
+}
+
+function Remove-InvalidFileNameChars
+{
+ param($Name)
+
+ $re = "[{0}]" -f [RegEx]::Escape(([IO.Path]::GetInvalidFileNameChars() -join ''))
+
+ $Name = $Name -replace $re
+ $Name = $Name -replace "[]]", ""
+ $Name = $Name -replace "[[]", ""
+
+ return $Name
+}
+
+function Remove-ObjectProperty
+{
+ param($obj, $property)
+
+ if(-not $obj -or -not $property) { return }
+
+ if(($obj | Get-Member -MemberType NoteProperty -Name $property))
+ {
+ $obj.PSObject.Properties.Remove($property)
+ }
+}
+
+function Get-Folder
+{
+ param($path = $env:temp, $title = "Select a directory")
+
+ if($global:useDefaultFolderDialog -ne $true)
+ {
+ try
+ {
+ if($global:WindowsAPICodePackLoaded -eq $false)
+ {
+ $apiCodec = Join-Path $global:AppRootFolder "Microsoft.WindowsAPICodePack.Shell.dll"
+ if([IO.File]::Exists($apiCodec))
+ {
+ Add-Type -Path $apiCodec | Out-Null
+ $global:WindowsAPICodePackLoaded = $true
+ }
+ else
+ {
+ Write-Log "Could not find Microsoft.WindowsAPICodePack.Shell.dll" 2
+ }
+ }
+ $dlgCOFD = New-Object Microsoft.WindowsAPICodePack.Dialogs.CommonOpenFileDialog
+ }
+ catch
+ {
+ Write-LogError "Failed to load Microsoft.WindowsAPICodePack.Shell.dll. Verify that the .Net 3.5 feature is enabled" $_.Exception
+ }
+ }
+
+ if($dlgCOFD -and $global:useDefaultFolderDialog -ne $true)
+ {
+ $dlgCOFD.EnsureReadOnly = $true
+ $dlgCOFD.IsFolderPicker = $true
+ $dlgCOFD.AllowNonFileSystemItems = $false
+ $dlgCOFD.Multiselect = $false
+ $dlgCOFD.Title = $title
+
+ if($path -and (Test-Path $path))
+ {
+ $dlgCOFD.InitialDirectory = $path
+ }
+ if($dlgCOFD.ShowDialog($window) = [Microsoft.WindowsAPICodePack.Dialogs.CommonFileDialogResult]::Ok)
+ {
+ $dlgCofd.FileName
+ }
+ }
+ else
+ {
+ $global:useDefaultFolderDialog = $true
+ [Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
+ [System.Windows.Forms.Application]::EnableVisualStyles()
+ $dlgFBD = New-Object System.Windows.Forms.FolderBrowserDialog
+ $dlgFBD.SelectedPath = "C:\"
+ $dlgFBD.ShowNewFolderButton = $false
+ $dlgFBD.Description = $title
+ if($dlgFBD.ShowDialog() -eq "OK")
+ {
+ $dlgFBD.SelectedPath
+ }
+ $dlgFBD.Dispose()
+ }
+}
+function Remove-Property
+{
+ param($obj, $prop)
+ if(($obj | GM -MemberType NoteProperty -Name $prop))
+ {
+ Write-LogDebug "Remove property $prop"
+ $obj.PSObject.Properties.Remove($prop) | Out-Null
+ }
+}
+
+#endregion
+
+#region Reg functions
+########################################################################
+#
+# Reg functions
+#
+########################################################################
+
+function Save-Setting
+{
+ param($SubPath, $Key, $Value, $Type = "String")
+
+ $regPath = Get-RegPath $SubPath
+ if((Test-Path $regPath) -eq $false)
+ {
+ New-Item (Get-RegPath $SubPath) -ErrorAction SilentlyContinue
+ }
+ New-ItemProperty -Path $regPath -Name $Key -Value $Value -Type $Type -Force | Out-Null
+}
+
+function Get-Setting
+{
+ param($SubPath, $Key, $defautValue)
+
+ try
+ {
+ $val = Get-ItemPropertyValue -Path (Get-RegPath $SubPath) -Name $Key -ErrorAction SilentlyContinue
+ }
+ catch { }
+ if(-not $val)
+ {
+ $defautValue
+ }
+ else
+ {
+ $val
+ }
+}
+
+function Get-RegPath
+{
+ param($SubPath)
+
+ $path = "HKCU:\Software\CloudAPIPowerShellManagement"
+ if($SubPath)
+ {
+ $path = $path + "\" + $SubPath
+ }
+
+ $path
+}
+#endregion
+
+#region Setting functions
+
+########################################################################
+#
+# Settings functions
+#
+########################################################################
+
+function Add-SettingsItem
+{
+ param($settingItem, $title, $description)
+
+ $rd = [System.Windows.Controls.RowDefinition]::new()
+ $rd.Height = [double]::NaN
+ $spSettings.RowDefinitions.Add($rd)
+ $settingItem.SetValue([System.Windows.Controls.Grid]::RowProperty,$spSettings.RowDefinitions.Count-1)
+
+ if(-not $title)
+ {
+ $settingItem.SetValue([System.Windows.Controls.Grid]::ColumnSpanProperty, 2)
+ }
+ else
+ {
+ if($description)
+ {
+ $descriptionInfo = ""
+ }
+
+ $xaml = @"
+
+
+ $descriptionInfo
+
+"@
+ $settingsTitle = [Windows.Markup.XamlReader]::Parse($xaml)
+ $settingsTitle.SetValue([System.Windows.Controls.Grid]::RowProperty,$spSettings.RowDefinitions.Count-1)
+ $settingItem.SetValue([System.Windows.Controls.Grid]::ColumnProperty, 1)
+ $spSettings.AddChild($settingsTitle)
+ $settingItem.Margin = "0,5,0,0"
+ }
+ $spSettings.AddChild($settingItem)
+}
+
+function Add-SettingTextBox
+{
+ param($id, $value)
+
+ $xaml = @"
+$value
+"@
+ return [Windows.Markup.XamlReader]::Parse($xaml)
+}
+
+function Add-SettingCheckBox
+{
+ param($id, $value)
+
+ $tmpValue = ($value -eq $true -or $value -eq "true").ToString().ToLower()
+
+ $xaml = @"
+
+"@
+ return [Windows.Markup.XamlReader]::Parse($xaml)
+}
+
+function Add-SettingComboBox
+{
+ param($id, $value, $itemsData)
+
+ $xaml = @"
+
+"@
+ $xamlObj = [Windows.Markup.XamlReader]::Parse($xaml)
+
+ $xamlObj.ItemsSource = $itemsData
+ if($value)
+ {
+ $xamlObj.SelectedValue = $value
+ }
+
+ $xamlObj
+}
+
+function Add-SettingFolder
+{
+ param($id, $value)
+ $xaml = @"
+
+
+
+
+
+
+ $value
+
+
+
+"@
+
+ $obj = [Windows.Markup.XamlReader]::Parse($xaml)
+
+ $btnBrowse = $obj.FindName("browse_$($id)")
+ $txtObj = $obj.FindName($id)
+ if($btnBrowse)
+ {
+ $btnBrowse.Tag = $txtObj
+ $btnBrowse.Add_Click({
+ $folder = Get-Folder $this.Tag.Text
+ if($folder) { $this.Tag.Text = $folder }
+ })
+ }
+ return $obj
+}
+
+function Add-SettingValue
+{
+ param($settingValue)
+
+ $id = "id_" + [Guid]::NewGuid().ToString('n')
+
+ $value = Get-SettingValue $settingValue.Key
+
+ if($settingValue.Type -eq "folder")
+ {
+ $settingObj = Add-SettingFolder $id $value
+ }
+ elseif($settingValue.Type -eq "Boolean")
+ {
+ $settingObj = Add-SettingCheckBox $id $value
+ }
+ elseif($settingValue.Type -eq "List")
+ {
+ $settingObj = Add-SettingComboBox $id $value $settingValue.ItemsSource
+ }
+ else
+ {
+ $settingObj = Add-SettingTextBox $id $value
+ }
+
+ if($settingObj)
+ {
+ Add-SettingsItem $settingObj $settingValue.Title $settingValue.Description
+ # Find the control in the setting object that contains the actual value
+ # $settingObj might be a grid that contains the TextBox with the settings value
+ $ctrl = $settingObj.FindName($id)
+ if(($settingValue | Get-Member -MemberType NoteProperty -Name "Control"))
+ {
+ $settingValue.Control = $ctrl
+ }
+ else
+ {
+ $settingValue | Add-Member -MemberType NoteProperty -Name "Control" -Value $ctrl
+ }
+ }
+}
+
+function Add-SettingTitle
+{
+ param($title, $marginTop = "0")
+
+ $xaml = @"
+
+"@
+
+ #$global:spSettings.Children.Add([Windows.Markup.XamlReader]::Parse($xaml))
+ Add-SettingsItem ([Windows.Markup.XamlReader]::Parse($xaml)) | Out-Null
+}
+
+function Show-SettingsForm
+{
+ $settingsStr = Get-Content ($global:AppRootFolder+ "\Xaml\SettingsForm.xaml")
+
+ $settingsForm = [Windows.Markup.XamlReader]::Parse($settingsStr)
+ $global:settingControls = @()
+ $global:spSettings = $settingsForm.FindName("spSettings")
+
+ Add-XamlEvent $settingsForm "btnSave" "Add_Click" ({
+ Save-AllSettings
+ $global:Debug = Get-SettingValue "Debug"
+ })
+
+ Add-XamlEvent $settingsForm "btnClose" "Add_Click" ({
+ Show-ModalObject
+ })
+
+ $tmp = $global:appSettingSections | Where-Object Id -eq "General"
+ if($tmp.Values.Count -gt 0)
+ {
+ Add-SettingTitle $tmp.Title
+ foreach($settingObj in $tmp.Values)
+ {
+ Add-SettingValue $settingObj
+ }
+ }
+
+ foreach($section in $global:appSettingSections)
+ {
+ if(-not ($settingObj | Get-Member -MemberType NoteProperty -Name "Priority"))
+ {
+ $settingObj | Add-Member -MemberType NoteProperty -Name "Priority" -Value 100
+ }
+ if($settingObj.Priority -lt 1) { $settingObj.Priority = 1}
+ }
+
+ foreach($section in ($global:appSettingSections | Where-Object Id -ne "General" | Sort-Object -Property Priority,Title))
+ {
+ if($section.Values.Count -eq 0) { continue }
+ Add-SettingTitle $section.Title 5
+ foreach($settingObj in $section.Values)
+ {
+ Add-SettingValue $settingObj
+ }
+ }
+ Show-ModalObject $settingsForm
+}
+
+function Add-DefaultSettings
+{
+ $global:appSettingSections = @()
+
+ $global:appSettingSections += (New-Object PSObject -Property @{
+ Title = "General"
+ Id = "General"
+ Values = @()
+ })
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Log file"
+ Key = "LogFile"
+ Type = "File"
+ }) "General"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Max log file size"
+ Key = "LogFileSize"
+ Type = "Int"
+ DefaultValue = 1024
+ }) "General"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Debug"
+ Key = "Debug"
+ Type = "Boolean"
+ DefaultValue = $false
+ }) "General"
+}
+
+function Add-SettingsObject
+{
+ param($obj, $section)
+
+ $section = $global:appSettingSections | Where-Object Id -eq $section
+ if(-not $section)
+ {
+ Write-Log "Could not find section $section" 3
+ return
+ }
+ $section.Values += $obj
+}
+
+function Save-AllSettings
+{
+ Write-Status "Save settings"
+ foreach($section in $global:appSettingSections)
+ {
+ foreach($settingObj in $section.Values)
+ {
+ if(-not $settingObj.Control) { continue }
+ $valueFound = $false
+ if($settingObj.Control.GetType().Name -eq "TextBox")
+ {
+ $value = $settingObj.Control.Text
+ if($settingObj.Type -eq "Int")
+ {
+ try
+ {
+ $value = [int]$value
+ }
+ catch
+ {
+ # Log or set invalid
+ $value = $settingObj.Value
+ }
+ }
+ $valueFound = $true
+ }
+ elseif($settingObj.Control.GetType().Name -eq "CheckBox")
+ {
+ $value = $settingObj.Control.IsChecked
+ $valueFound = $true
+ }
+ elseif($settingObj.Control.GetType().Name -eq "ComboBox")
+ {
+ Write-LogDebug "$($settingObj.Control.Text) | $($settingObj.Control.SelectedIndex)"
+ if($settingObj.Control.SelectedIndex -eq -1)
+ {
+ $value = $settingObj.Control.Text
+ }
+ else
+ {
+ $value = $settingObj.Control.SelectedValue
+ }
+ $valueFound = $true
+ }
+
+ if($valueFound)
+ {
+ Save-Setting $settingObj.SubPath $settingObj.Key $value
+ }
+ }
+ }
+
+ if($global:currentViewObject.ViewInfo.SaveSettings)
+ {
+ & $global:currentViewObject.ViewInfo.SaveSettings
+ }
+ Start-Sleep -Seconds 1 # It goes to quick...ToDo: Do this in a better way
+ Write-Status ""
+}
+
+function Get-SettingValue
+{
+ param($Key, $defaultValue)
+
+ foreach($section in $global:appSettingSections)
+ {
+ $settingObj = $section.Values | Where Key -eq $Key
+ if($settingObj) { break }
+ }
+
+ if(-not $defaultValue) { $defaultValue = $settingObj.DefaultValue }
+
+ $value = Get-Setting $settingObj.SubPath $settingObj.Key $defaultValue
+ if($value)
+ {
+ if($settingObj.Type -eq "Boolean")
+ {
+ $value = $value -eq $true -or $value -eq "true"
+ }
+ elseif($settingObj.Type -eq "Boolean")
+ {
+ try
+ {
+ $value = [int]$value
+ }
+ catch
+ {
+ if($settingObj.DefaultValue)
+ {
+ try
+ {
+ $value = [int]$settingObj.DefaultValue
+ }
+ catch { }
+ }
+ }
+ }
+
+ # Keep last read value
+ if($settingObj -and ($settingObj | Get-Member -MemberType NoteProperty -Name "Value"))
+ {
+ $settingObj.Value = $value # Keep last read value
+ }
+ else
+ {
+ $settingObj | Add-Member -MemberType NoteProperty -Name "Value" -Value $value
+ }
+ }
+ $value
+}
+
+#endregion
+
+#region Menu functions
+
+#####################################################################################################
+#
+# Menu functions
+#
+#####################################################################################################
+
+function Add-ViewObject
+{
+ param($viewObject)
+
+ $global:viewObjects += New-Object PSObject -Property @{ ViewInfo = $viewObject; ViewItems = @() }
+}
+
+function Add-ViewItem
+{
+ param($viewItem)
+
+ $objSection = $global:viewObjects | Where { $_.ViewInfo.Id -eq $viewItem.ViewID }
+ if(-not $objSection)
+ {
+ if(($arrMenuInlcude -and $arrMenuInlcude -notcontains $viewItem.ViewID) -or ($arrMenuExlcude -and $arrMenuExlcude -contains $viewItem.ViewID)) { return }
+
+ Write-Log "Could not find menu with id $($viewItem.ViewID). Item $($viewItem.Title) not added" 2
+ return
+ }
+
+ ### !!! ToDo: Should not be here...
+ if(-not ($viewItem.PSObject.Properties | Where Name -eq "ImportOrder"))
+ {
+ $viewItem | Add-Member -NotePropertyName "ImportOrder" -NotePropertyValue 1000
+ }
+
+ if(-not $global:PermissionScope) { $global:PermissionScope = @() }
+ foreach($scope in $viewItem.Permissons)
+ {
+ if($global:PermissionScope -notcontains $scope) { $global:PermissionScope += $scope }
+ }
+
+ foreach($required in @("openid","profile","email","User.ReadWrite.All","Group.ReadWrite.All")) #,"https://management.azure.com/user_impersonation") )
+ {
+ if($required -in $global:PermissionScope) { continue }
+ $global:PermissionScope += $required
+ Write-LogDebug "Adding required scope $required"
+ }
+
+ if($viewItem.Icon -or [IO.File]::Exists(($global:AppRootFolder + "\Xaml\Icons\$($viewItem.Id).xaml")))
+ {
+ $ctrl = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\$((?? $viewItem.Icon $viewItem.Id)).xaml")
+ $viewItem | Add-Member -NotePropertyName "IconImage" -NotePropertyValue $ctrl
+ }
+
+ $objSection.ViewItems += $viewItem
+}
+
+function Show-View
+{
+ param($viewId)
+
+ if(($global:viewObjects | measure).Count -eq 0)
+ {
+ Write-Log "No View Objects loaded!" 3
+ return
+ }
+
+ if(-not $viewId)
+ {
+ # Use first View if not specified
+ # ToDo: Use last or default view
+ $viewId = $global:viewObjects[0].ViewInfo.Id
+ }
+
+ if($global:currentViewObject.ViewInfo.ID -eq $viewId) { return } # Current view already selected
+
+ # Get the View object
+ $viewObject = $global:viewObjects | Where { $_.ViewInfo.Id -eq $viewId }
+ if(-not $viewObject)
+ {
+ Write-Log "Could not find View with id $($viewId)" 3
+ return
+ }
+ Write-Log "Change view to $($viewObject.ViewInfo.Title)"
+
+ if($global:currentViewObject -ne $viewObject -and $global:currentViewObject.ViewInfo.Deactivating)
+ {
+ Write-Log "Deactivating View $($global:currentViewObject.ViewInfo.Title)"
+ & $global:currentViewObject.ViewInfo.Deactivating
+ }
+
+ $viewItems = ?: ($viewObject.ViewInfo.Sort -ne $false) ($viewObject.ViewItems | Sort-Object -Property Title) ($viewObject.ViewItems)
+
+ $lblMenuTitle.Content = $viewObject.ViewInfo.Title
+
+ $lstMenuItems.ItemsSource = @($viewItems)
+
+ $grdViewPanel.Children.Clear()
+
+ if($viewObject.ViewInfo.Authenticate)
+ {
+ $global:txtSplashText.Text = "Authenticate"
+ [System.Windows.Forms.Application]::DoEvents()
+ & $viewObject.ViewInfo.Authenticate
+ }
+
+ if($viewObject.ViewInfo.Activating)
+ {
+ Write-Log "Activating View $($viewObject.ViewInfo.Title)"
+ & $viewObject.ViewInfo.Activating
+ }
+
+ if($viewObject.ViewInfo.ViewPanel)
+ {
+ $grdViewPanel.Children.Add($viewObject.ViewInfo.ViewPanel) | Out-Null
+ }
+
+ $global:currentViewObject = $viewObject
+
+ Set-MainTitle
+
+ Show-AuthenticationInfo
+
+ if($viewObject.ViewInfo.Activated)
+ {
+ Write-Log "Activated View $($viewObject.ViewInfo.Title)"
+ & $viewObject.ViewInfo.Activated
+ }
+}
+
+#endregion
+
+#region Main Window
+function Set-MainTitle
+{
+ if(-not $global:window -or -not $global:currentViewObject.ViewInfo.Title) { return }
+
+ Write-LogDebug "Set main title to $($global:currentViewObject.ViewInfo.Title)"
+
+ $global:window.Title = ?? $global:currentViewObject.ViewInfo.Title "Cloud API PowerShell Management"
+}
+
+function Get-MainWindow
+{
+ try
+ {
+ [xml]$xaml = Get-Content ($global:AppRootFolder + "\Xaml\MainWindow.xaml")
+ [xml]$styles = Get-Content ($global:AppRootFolder + "\Themes\Styles.xaml")
+
+ ### Update relative path to full path for ResourceDictionary
+ [System.Xml.XmlNamespaceManager] $nsm = $xaml.NameTable;
+ $nsm.AddNamespace("s", 'http://schemas.microsoft.com/winfx/2006/xaml/presentation');
+ foreach($rsdNode in ($xaml.SelectNodes("//s:ResourceDictionary[@Source]", $nsm)))
+ {
+ $rsdNode.Source = (Join-Path ($PSScriptRoot) ($rsdNode.Source)).ToString()
+ }
+
+ # Add Styles
+ foreach($node in $styles.DocumentElement.ChildNodes)
+ {
+ $tmpNode = $xaml.CreateElement("Temp")
+ $tmpNode.InnerXml = $node.OuterXml
+ $xaml.Window.'Window.Resources'.ResourceDictionary.AppendChild($tmpNode.Style) | Out-Null
+ }
+ $global:window = [Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $xaml))
+ }
+ catch
+ {
+ Write-LogError "Failed to initialize main window" $_.Exception
+ return
+ }
+
+ # ToDo: Convert to a list for data binding
+ Add-XamlEvent $window "mnuSettings" "Add_Click" -scriptBlock ([scriptblock]{ Show-SettingsForm })
+ Add-XamlEvent $window "mnuAbout" "Add_Click" -scriptBlock ([scriptblock]{ Show-AboutDialog })
+ Add-XamlEvent $window "mnuExit" "Add_Click" -scriptBlock ([scriptblock]{
+ if([System.Windows.MessageBox]::Show("Are you sure you want to exit?", "Exit?", "YesNo", "Question") -eq "Yes")
+ {
+ $window.Close()
+ }
+ }
+ )
+
+ Add-XamlVariables $xaml $window
+
+ $lstMenuItems.Add_SelectionChanged({
+ if($global:currentViewObject.ViewInfo.ItemChanged)
+ {
+ & $global:currentViewObject.ViewInfo.ItemChanged
+ }
+ })
+
+ $global:grdPopup.add_MouseLeftButtonDown( { Hide-Popup } )
+
+ # ToDo: !!! Intune should not be default icon...
+ $iconFile = "$($global:AppRootFolder)\Intune.ico"
+ if([io.File]::Exists($iconFile))
+ {
+ $Window.Icon = $iconFile
+ }
+
+ $window.Add_Closed({
+ })
+
+ $window.add_Loaded({
+ $global:SplashScreen.Hide()
+ $global:window.Activate()
+ [System.Windows.Forms.Application]::DoEvents()
+ #$global:window.Topmost = $true
+ #$global:window.Topmost = $false
+ #$global:window.Focus()
+
+ $global:MainAppStarted = $true
+
+ if($global:FirstTimeRunning)
+ {
+ $script:welcomeForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\Welcome.xaml") -AddVariables
+
+ Add-XamlEvent $script:welcomeForm "gitHubLink" "Add_RequestNavigate" ({ [System.Diagnostics.Process]::Start($_.Uri.AbsoluteUri); $_.Handled = $true })
+ Add-XamlEvent $script:welcomeForm "licenseLink" "Add_RequestNavigate" ({ [System.Diagnostics.Process]::Start($_.Uri.AbsoluteUri); $_.Handled = $true })
+
+ Add-XamlEvent $script:welcomeForm "chkAcceptConditions" "add_click" {
+ $global:btnAcceptConditions.IsEnabled = ($this.IsChecked -eq $true)
+ }
+
+ Add-XamlEvent $script:welcomeForm "btnAcceptConditions" "add_click" {
+ Save-Setting "" "LicenseAccepted" "True"
+ Save-Setting "" "FirstTimeRunning" "False"
+ Show-ModalObject
+
+ if($global:currentViewObject.ViewInfo.Authentication.ShowErrors)
+ {
+ & $global:currentViewObject.ViewInfo.Authentication.ShowErrors
+ }
+ }
+
+ Add-XamlEvent $script:welcomeForm "btnCancel" "add_click" {
+ if([System.Windows.MessageBox]::Show("Conditions not accepted`n`nDo you want to close the application?", "Close App?", "YesNo", "Warning") -eq "Yes")
+ {
+ $window.Close()
+ }
+ }
+
+ Show-ModalForm $window.Title $script:welcomeForm -HideButtons
+ }
+ })
+
+ foreach($view in $global:viewObjects)
+ {
+ $subItem = [System.Windows.Controls.MenuItem]::new()
+ $subItem.Header = $view.ViewInfo.Title
+ $subItem.Tag = $view.ViewInfo.Id
+ $subItem.Add_Click({
+ if($this.Tag)
+ {
+ Show-View $this.Tag
+ }
+ })
+ $global:mnuViews.AddChild($subItem) | Out-Null
+ }
+}
+
+#endregion
+
+#region Module functions
+function Invoke-ModuleFunction
+{
+ param($function)
+
+ Write-Log "Trigger function $function"
+
+ foreach($module in $global:loadedModules)
+ {
+ # Get command with ExportedFunctions instead of Get-Command
+ $cmd = $module.ExportedFunctions[$function]
+ if($cmd)
+ {
+ Write-Log "Trigger $function in $($module.Name)"
+ Invoke-Command -ScriptBlock $cmd.ScriptBlock
+ }
+ else
+ {
+ #Write-Log "$function not found in $($module.Name)" 2
+ }
+ }
+}
+
+#endregion
+
+#region JWTToken
+
+### See JWT token documentation for more info: https://tools.ietf.org/html/rfc7519
+### AccessToken documentation https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens
+function Get-JWTtoken
+{
+ param($token)
+
+ if(-not $token -or -not $token.StartsWith("eyJ")) { Write-Log "Invalid token" 3; return }
+
+ # First part is the header. Second part is the payload. Third part is the signature
+ $arr = $token.Split(".")
+
+ if($arr.Count -lt 2) { Write-Log "Invalid token" 3; return }
+
+ $header = $arr[0].Replace('-', '+').Replace('_', '/') # change base64url to base64
+ while ($header.Length % 4) { $header += "=" } # Add padding to match required length
+
+ $payload = $arr[1].Replace('-', '+').Replace('_', '/') # change base64url to base64
+ while ($payload.Length % 4) { $payload += "=" } # Add padding to match required length
+
+ return (New-Object PSObject -Property @{
+ Header=(([System.Text.Encoding]::ASCII.GetString(([System.Convert]::FromBase64String($header)))) | ConvertFrom-Json)
+ Payload=(([System.Text.Encoding]::ASCII.GetString(([System.Convert]::FromBase64String($payload)))) | ConvertFrom-Json)
+ })
+}
+#endregion
+
+function AddGridObject
+{
+ param($grid, $obj)
+
+ $rd = [System.Windows.Controls.RowDefinition]::new()
+ $rd.Height = [double]::NaN
+ $obj.SetValue([System.Windows.Controls.Grid]::RowProperty,$grid.RowDefinitions.Count) | Out-Null
+ $grid.RowDefinitions.Add($rd) | Out-Null
+ $grid.Children.Add($obj) | Out-Null
+}
+
+function Get-IsAdmin
+{
+ (New-Object Security.Principal.WindowsPrincipal ([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
+}
+
+New-Alias -Name ?? -value Invoke-Coalesce
+New-Alias -Name ?: -value Invoke-IfTrue
+Export-ModuleMember -alias * -function *
\ No newline at end of file
diff --git a/Extensions/AppProtection.psm1 b/Extensions/AppProtection.psm1
deleted file mode 100644
index 7fedeff..0000000
--- a/Extensions/AppProtection.psm1
+++ /dev/null
@@ -1,332 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-AppProtectionName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-AppProtections}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AppProtectionName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all app protection/configuration policies"
- Import-AllAppProtectionObjects (Join-Path $rootFolder (Get-AppProtectionFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AppProtectionName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all app protection/configuration policies"
- Get-AppProtectionObjects | ForEach-Object { Export-SingleAppProtection $PSItem.Object (Join-Path $rootFolder (Get-AppProtectionFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-AppProtectionFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-AppProtectionName
-{
- return "App Protection/Configuration"
-}
-
-function Get-AppProtectionFolderName
-{
- return "AppProtection"
-}
-
-function Get-AppProtections
-{
- Write-Status "Loading app protections and configurations"
- $dgObjects.ItemsSource = @(Get-AppProtectionObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllAppProtections $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedAppProtection $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllAppProtectionObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-AppProtectionObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-AppProtection}) -ViewFullObject ([scriptblock]{Get-AppProtectionObject $global:dgObjects.SelectedItem.Object}) -ForceFullObject
-}
-
-function Get-AppProtectionObjects
-{
- Get-GraphObjects -Url "/deviceAppManagement/managedAppPolicies"
-}
-
-function Get-AppProtectionObject
-{
- param($object, $additional = "")
-
- if(-not $object.id) { return }
-
- $objType = Get-AppProtectionObjectType $object."@odata.type"
-
- $expand = ""
- if($objType -eq "targetedManagedAppConfigurations")
- {
- $expand = "?`$expand=Apps"
- }
-
- if($objType)
- {
- Invoke-GraphRequest -Url "/deviceAppManagement/$objType/$($object.id)$($expand)"
- }
-}
-
-function Export-AllAppProtections
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleAppProtection $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedAppProtection
-{
- param($path = "$env:Temp")
-
- Export-SingleAppProtection $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleAppProtection
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-AppProtectionFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
-
- $obj = Get-AppProtectionObjectForExport $psObj
-
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Get-AppProtectionObjectType
-{
- param($odataType)
-
- if($odataType -like "*targetedManagedAppConfiguration*")
- {
- "targetedManagedAppConfigurations"
-
- }
- elseif($odataType -like "*iosManagedAppProtection*")
- {
- "iosManagedAppProtections"
- }
- elseif($odataType -like "*androidManagedAppProtection*")
- {
- "androidManagedAppProtections"
- }
- elseif($odataType -like "*mdmWindowsInformationProtectionPolicy*")
- {
- # Win 10 - With enrollment e.g. Intune enrolled Win 10 devices
- "mdmWindowsInformationProtectionPolicies"
- }
- elseif($odataType -like "*windowsInformationProtectionPolicy*")
- {
- # Win 10 - Without enrollment e.g. MAM polices for Win 10
- "WindowsInformationProtectionPolicies"
- }
-}
-
-function Get-AppProtectionObjectForExport
-{
- param($obj)
-
- $objType = Get-AppProtectionObjectType $obj."@odata.type"
-
- $expand = "?`$expand=assignments"
- if($objType -eq "targetedManagedAppConfigurations")
- {
- $expand += ",Apps"
- }
-
- if($objType)
- {
- Invoke-GraphRequest -Url "/deviceAppManagement/$objType/$($obj.id)$($expand)"
- }
-}
-
-function Copy-AppProtection
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect app protection/configuration item you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy app protection/configuration" "Select name for the new policy" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- $obj = Get-AppProtectionObjectForExport $dgObjects.SelectedItem.Object
- if($obj)
- {
- # Remove assignment properties
- Remove-ObjectProperty $obj "assignments"
- Remove-ObjectProperty $obj "assignments@odata.context"
-
- # Import new profile
- $obj.displayName = $ret
- Import-AppProtection $obj | Out-Null
-
- $dgObjects.ItemsSource = @(Get-AppProtectionObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-AppProtection
-{
- param($obj)
-
- if(($obj | GM -MemberType NoteProperty -Name "Apps"))
- {
- $apps = $obj.Apps
- }
- Start-PreImport $obj -RemoveProperties @("apps","apps@odata.context")
-
- Write-Status "Import $($obj.displayName)"
-
- $objType = Get-AppProtectionObjectType $obj."@odata.context"
-
- if($objType)
- {
- #Import the app configuration policy
- $response = Invoke-GraphRequest -Url "/deviceAppManagement/$objType" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
- if($response -and $apps)
- {
- # Import targeted apps
- $response2 = Invoke-GraphRequest -Url "/deviceAppManagement/$objType/$($response.Id)/targetApps" -Content "{ apps: $(ConvertTo-Json $apps -Depth 5)}" -HttpMethod POST
- }
- $response
- }
-}
-
-function Import-AllAppProtectionObjects
-{
- param($path = "$env:Temp")
-
- Import-AppProtectionObjects (Get-JsonFileObjects $path)
-}
-
-function Import-AppProtectionObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import app protection/configuration policies"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import App Protection/Configuration: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-AppProtection $obj.Object
-
- if($response)
- {
- $global:importedObjects++
-
- $dataType = Get-AppProtectionObjectType $response."@odata.context"
-
- if($dataType)
- {
- Import-GraphAssignments $assignments "assignments" "/deviceAppManagement/$dataType/$($response.Id)/assign"
- }
- }
- }
- $dgObjects.ItemsSource = @(Get-AppProtectionObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/AutoPilot.psm1 b/Extensions/AutoPilot.psm1
deleted file mode 100644
index 20c4409..0000000
--- a/Extensions/AutoPilot.psm1
+++ /dev/null
@@ -1,249 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-AutoPilotName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-AutoPilots}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AutoPilotName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all AutoPilot policies"
- Import-AllAutoPilotObjects (Join-Path $rootFolder (Get-AutoPilotFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AutoPilotName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all AutoPilot policies"
- Get-AutoPilotObjects | ForEach-Object { Export-SingleAutoPilotObject $PSItem.Object (Join-Path $rootFolder (Get-AutoPilotFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-AutoPilotFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-AutoPilotName
-{
- (Get-AutoPilotFolderName)
-}
-
-function Get-AutoPilotFolderName
-{
- "AutoPilot"
-}
-
-function Get-AutoPilots
-{
- Write-Status "Loading AutoPilot profiles"
- $dgObjects.ItemsSource = @(Get-AutoPilotObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllAutoPilots $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedAutoPilotObject $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllAutoPilotObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-AutoPilotObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-AutoPilot}) -ViewFullObject ([scriptblock]{Get-AutoPilotObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-AutoPilotObjects
-{
- Get-GraphObjects -Url "/deviceManagement/windowsAutopilotDeploymentProfiles"
-}
-
-function Get-AutoPilotObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- Invoke-GraphRequest -Url "/deviceManagement/windowsAutopilotDeploymentProfiles/$($Object.id)$additional"
-}
-
-function Export-AllAutoPilots
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleAutoPilotObject $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedAutoPilotObject
-{
- param($path = "$env:Temp")
-
- Export-SingleAutoPilotObject $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleAutoPilotObject
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-AutoPilotFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "/deviceManagement/windowsAutopilotDeploymentProfiles/$($psObj.id)?`$expand=assignments"
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-AutoPilot
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect AutoPilot item you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy AutoPilot" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- if($obj)
- {
- # Import new profile
- $obj.displayName = Remove-InvalidFileNameChars $ret
- Import-AutoPilot $obj | Out-Null
-
- $dgObjects.ItemsSource = @(Get-AutoPilotObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-AutoPilot
-{
- param($obj)
-
- Write-Status "Import $($obj.displayName)"
-
- Start-PreImport $obj
-
- Invoke-GraphRequest -Url "/deviceManagement/windowsAutopilotDeploymentProfiles" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
-}
-
-function Import-AllAutoPilotObjects
-{
- param(
- $path = "$env:Temp"
- )
-
- Import-AutoPilotObjects (Get-JsonFileObjects $path)
-}
-
-function Import-AutoPilotObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import AutoPilot profiles"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import AutoPilot profile: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-AutoPilot $obj.Object
-
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments2 $assignments "/deviceManagement/windowsAutopilotDeploymentProfiles/$($response.Id)/assignments"
- }
- }
- $dgObjects.ItemsSource = @(Get-AutoPilotObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/AzureBranding.psm1 b/Extensions/AzureBranding.psm1
deleted file mode 100644
index a43e64d..0000000
--- a/Extensions/AzureBranding.psm1
+++ /dev/null
@@ -1,319 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-AZBrandingName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-AZBrandings}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AZBrandingName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all Azure branding"
- Import-AllAZBrandingObjects (Join-Path $rootFolder (Get-AZBrandingFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AZBrandingName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all Azure branding"
- Get-AZBrandingObjects | ForEach-Object { Export-SingleAZBranding $PSItem.Object (Join-Path $rootFolder (Get-AZBrandingFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-AZBrandingFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-AZBrandingName
-{
- return "Azure Branding"
-}
-
-function Get-AZBrandingFolderName
-{
- return "AZBranding"
-}
-
-function Get-AZBrandings
-{
- Write-Status "Loading Azure brandings"
- $dgObjects.ItemsSource = @(Get-AZBrandingObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllAZBrandings $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedAZBranding $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("DisplayColumn", "localeDisplayName")
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllAZBrandingObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-AZBrandingObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -ViewFullObject ([scriptblock]{Get-AZBrandingObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-AZBrandingObjects
-{
- $response = Get-AzureNativeObjects "LoginTenantBrandings" -property @('locale', 'localeDisplayName')
- if($response)
- {
- $response | Where { $_.Object.isConfigured -eq $true }
- }
-}
-
-function Get-AZBrandingObject
-{
- param($object, $additional = "")
-
- if(-not $Object.locale) { return }
-
- Invoke-AzureNativeRequest "LoginTenantBrandings/$($Object.locale)$additional"
-}
-
-function Export-AllAZBrandings
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleAZBranding $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedAZBranding
-{
- param($path = "$env:Temp")
-
- Export-SingleAZBranding $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleAZBranding
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-AZBrandingFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.localeDisplayName)"
- $obj = Invoke-AzureNativeRequest "LoginTenantBrandings/$($psObj.locale)"
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.localeDisplayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Save-AzureBrandingFile $obj "tileLogoUrl" $path
- Save-AzureBrandingFile $obj "bannerLogoUrl" $path
- Save-AzureBrandingFile $obj "illustrationUrl" $path
- Save-AzureBrandingFile $obj "squareLogoDarkUrl" $path
-
- $global:exportedObjects++
- }
- Set-ObjectPath $global:txtExportPath.Text
- }
-}
-
-function Save-AzureBrandingFile
-{
- param($obj, $prop, $path)
-
- if(-not $obj.$prop) { return }
-
- $arr=$obj.$prop.Split('.')
- if($arr.Length -ne 1)
- {
- return
- }
- $fileType = "jpg" # Assume...not OK. $arr[0] contains information about what kind of file it is
-
- $fileName = "$path\$((Remove-InvalidFileNameChars "$($obj.localeDisplayName).$prop.$fileType"))"
- try
- {
- if(Test-Path $fileName)
- {
- Remove-Item -Path $fileName -Force
- }
- [IO.File]::WriteAllBytes($fileName, [System.Convert]::FromBase64String($arr[1]))
- }
- catch {}
-}
-
-function Import-AZBranding
-{
- param($obj)
-
- if($global:runningBulkImport -eq $true)
- {
- # Update Default and create the rest...
- $createNew = $obj.locale -ne 0
- }
- else
- {
- $curObj = $global:lstFiles.ItemsSource | Where { $_.Object.locale -eq $obj.locale }
-
- if($curObj -and $obj.locale -ne 0)
- {
- return # Do not update existing object except default
- }
- elseif(-not $curObj)
- {
- $createNew = $true
- }
- else
- {
- $createNew = $false
- }
- }
-
- $json = "{"
-
- if($createNew) { $json += "`"locale`":`"$($obj.locale)`"," }
-
- if($obj.signInUserIdLabel) { $json += "`"userIdLabel`": `"$($obj.signInUserIdLabel)`"," }
- if($obj.signInPageText) { $json += "`"boilerPlateText`": `"$($obj.signInPageText)`"," }
- if($obj.signInBackColor) { $json += "`"backgroundColor`": `"$($obj.signInBackColor)`"," }
- if($obj.tileLogoUrl) { $json += "`"tileLogoUrl`": `"$($obj.tileLogoUrl)`"," }
- if($obj.bannerLogoUrl) { $json += "`"bannerLogoUrl`": `"$($obj.bannerLogoUrl)`"," }
- if($obj.illustrationUrl) { $json += "`"illustrationUrl`": `"$($obj.illustrationUrl)`"," }
- if($obj.squareLogoDarkUrl) { $json += "`"squareLogoDarkUrl`": `"$($obj.squareLogoDarkUrl)`"," }
-
- if($obj.hideKeepMeSignedIn -and $obj.locale -eq 0) { $json += "`"keepMeSignedInDisabled`": $($obj.hideKeepMeSignedIn.ToString().ToLower())," }
-
- if($createNew)
- {
- if($curObj.bannerLogoUrl -ne $curObj.bannerLogoUrl)
- {
- $json += "`"isTileLogoUpdated`":true,"
- }
-
- if($curObj.illustrationUrl -ne $curObj.illustrationUrl)
- {
- $json += "`"isIllustrationImageUpdated`":true,"
- }
-
- if($curObj.squareLogoDarkUrl -ne $curObj.squareLogoDarkUrl)
- {
- $json += "`"isSquareDarkLogoUpdated`":true,"
- }
-
- if($curObj.bannerLogoUrl -ne $curObj.bannerLogoUrl)
- {
- $json += "`"isBannerLogoUpdated`":true,"
- }
- }
-
- $json = $json.TrimEnd(',')
- $json += "}"
-
- Write-Status "Import $($obj.localeDisplayName)"
-
- if($createNew)
- {
- Invoke-AzureNativeRequest "LoginTenantBrandings" -Method POST -Body $json | Out-Null
- }
- else
- {
- Invoke-AzureNativeRequest "LoginTenantBrandings/$($obj.locale)" -Method PATCH -Body $json | Out-Null
- }
-}
-
-function Import-AllAZBrandingObjects
-{
- param($path = "$env:Temp")
-
- Import-AZBrandingObjects (Get-JsonFileObjects $path)
-}
-
-function Import-AZBrandingObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import Azure brandings"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import Azure branding"
-
- $response = Import-AZBranding $obj.Object
-
- if($response)
- {
- $global:importedObjects++
- }
- }
- $dgObjects.ItemsSource = @(Get-AZBrandingObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/AzureNative.psm1 b/Extensions/AzureNative.psm1
deleted file mode 100644
index 9f61227..0000000
--- a/Extensions/AzureNative.psm1
+++ /dev/null
@@ -1,221 +0,0 @@
-#Requires -module Az.Accounts
-
-function Invoke-InitializeModule
-{
- if(-not $global:AzToken)
- {
- # Only allow re-logging if it failed the first time
- $global:AuthenticatedToAzure = $false
-
- }
- #!!! - Used for testing login
- #Disconnect-AzAccount -Username admin@delematelab2.onmicrosoft.com
-}
-
-function Connect-AzureNative
-{
- <#
- .SYNOPSIS
- Tries to connect to Azure with existing token
- Uses Connect-AZAccount if no token found in cache
- #>
-
- param($user)
-
- Write-Log "Authenticate to Azure (Az module). Try from cache with user $user"
-
- $Context = (Get-AzContext -ListAvailable | Where { $_.Account.Id -eq $user } | select -first 1)
-
- if (-not $Context)
- {
- $user | Clip # Copy login id to clipboard
-
- # Run Connect-AZAccount in a separate runspace or it will hang
- $Runspace = [runspacefactory]::CreateRunspace()
- $PowerShell = [powershell]::Create()
- $PowerShell.Runspace = $Runspace
- $Runspace.Open()
- $PowerShell.AddScript({Connect-AZAccount})
- $PowerShell.Invoke()
-
- [System.Windows.Forms.Application]::DoEvents()
-
- $Context = (Get-AzContext -ListAvailable | Where { $_.Account.Id -eq $user } | select -first 1)
- }
- $global:AzToken = ""
- try
- {
- $Resource = '74658136-14ec-4630-ad9b-26e160ff0fc6'
- $global:AzToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id, $null, "Never", $null, $Resource)
- }
- catch
- {
- Write-LogError "Failed to authenticate with Instance.AuthenticationFactory.Authenticate" $_.Exception
- }
-
- if(-not $global:AzToken)
- {
- Write-Log "Failed to authenticate" 3
- }
- else
- {
- Write-Log "Authenticated as $($global:AzToken.UserId)"
- }
- $global:AuthenticatedToAzure = $true
-
- Set-MainTitle
-}
-
-# Invoke-AzureNativeRequest is based on the following project
-# https://github.com/JustinGrote/Az.PortalAPI/tree/master/Az.PortalAPI
-#
-# Some small changes:
-# - Get-AzContext is based on the same user as Intune user
-# - Renamed Invoke-Request to Invoke-AzureNativeRequest
-# - Added support for HTTP Method PATCH
-# - Added support for paging with nextLink (Lazy solution...not fully tested but looks like it is working)
-# - Removed Token parameter. Created the Connect-AzureNative to get token
-# - Removed Context parameter
-
-function Invoke-AzureNativeRequest {
- <#
- .SYNOPSIS
- Runs a command against the Azure Portal API
- #>
-
- [CmdletBinding(SupportsShouldProcess)]
- param (
- #The target of your request. This is appended to the Portal API URI. Example: Permissions
- [Parameter(Mandatory)]$Target,
-
- #The command you wish to execute. Example: GetUserSystemRoleTemplateIds
- [Parameter()]$Action,
-
- #The body of your request. This is usually in JSON format
- $Body,
-
- #Specify the HTTP Method you wish to use. Defaults to GET
- [ValidateSet("GET","POST","OPTIONS","DELETE","PATCH")]
- $Method = "GET",
-
- #The base URI for the Portal API. Typically you don't need to change this
- [Uri]$baseURI = 'https://main.iam.ad.ext.azure.com/api/',
-
- [URI]$requestOrigin = 'https://iam.hosting.portal.azure.net',
-
- #The request ID for the session. You can generate one with [guid]::NewGuid().guid.
- #Typically you only specify this if you're trying to retry an operation and don't want to duplicate the request, such as for a POST operation
- $requestID = [guid]::NewGuid().guid,
-
- [switch]$allowPaging
- )
-
- if(-not $global:AzToken -and $global:AuthenticatedToAzure -eq $false)
- {
- Connect-AzureNative $global:me.userPrincipalName
- }
-
- if(-not $global:AzToken)
- {
- return
- }
-
- #Combine the BaseURI and Target
- [String]$ApiAction = $Target.TrimStart('/')
-
- if ($Action) {
- $ApiAction = $ApiAction + '/' + $Action
- }
-
- $uriStr = "$baseURI$ApiAction"
-
- if($allowPaging)
- {
- $uri = [Uri]::New("$uriStr&nextLink=null")
- }
- else
- {
- $uri = [Uri]::New($baseURI,$ApiAction)
- }
-
- if(-not $global:AzToken.AccessToken.tostring())
- {
- Write-Log "No access token available" 3
- return
- }
-
- $InvokeRestMethodParams = @{
- Uri = $uri
- Method = $Method
- Header = [ordered]@{
- Authorization = 'Bearer ' + $global:AzToken.AccessToken.tostring()
- 'Content-Type' = 'application/json'
- 'x-ms-client-request-id' = $requestID
- 'Host' = $baseURI.Host
- 'Origin' = 'https://iam.hosting.portal.azure.net'
- }
- Body = $Body
- }
-
- $max = 100
- $cur = 0
-
- $retObj = Invoke-RestMethod @InvokeRestMethodParams
- if(($retObj | GM -MemberType NoteProperty -Name "nextLink"))
- {
- while($retObj.nextLink)
- {
- # Get more objects
- $InvokeRestMethodParams["Uri"] = [Uri]::New($uriStr + "&nextLink=" + $retObj.nextLink)
- $retObj = Invoke-RestMethod @InvokeRestMethodParams
-
- if($cur -ge $max) { break }
- $cur++ # Loop gets stuck if nextLink=null is added to the command line so make sure it doesn't hang forever
- }
- }
-
- $retObj
-}
-
-function Get-AzureNativeObjects
-{
- param(
- [Array]
- $Target,
- [Array]
- $property,
- [Array]
- $exclude,
- $SortProperty = "",
- [switch]$allowPaging)
-
- $objects = @()
- $nativeObjects = Invoke-AzureNativeRequest $Target -allowPaging:($allowPaging -eq $true)
-
- if(($nativeObjects | GM -Name "items"))
- {
- $objectList = $nativeObjects.Items
- }
- else
- {
- $objectList = $nativeObjects
- }
-
- foreach($nativeObject in $objectList)
- {
- $params = @{}
- if($property) { $params.Add("Property", $property) }
- if($exclude) { $params.Add("ExcludeProperty", $exclude) }
- foreach($objTmp in ($nativeObject | select @params))
- {
- $objTmp | Add-Member -NotePropertyName "Object" -NotePropertyValue $nativeObject
- $objects += $objTmp
- }
- }
-
- if($objects.Count -gt 0 -and $SortProperty -and ($objects[0] | GM -MemberType NoteProperty -Name $SortProperty))
- {
- $objects = $objects | sort -Property $SortProperty
- }
- $objects
-}
\ No newline at end of file
diff --git a/Extensions/Baseline.psm1 b/Extensions/Baseline.psm1
deleted file mode 100644
index 0b12afc..0000000
--- a/Extensions/Baseline.psm1
+++ /dev/null
@@ -1,306 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-BaselineTemplatesName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-BaselineTemplates}
- })
-
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-BaselineName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-BaselineProfiles}
- })
-
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AppProtectionName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all baseline policies"
- Import-AllBaselineProfileObjects (Join-Path $rootFolder (Get-BaselineFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-AppProtectionName)
- Folder = (Get-BaselineFolderName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all baseline policies"
- Get-BaselineProfileObjects | ForEach-Object { Export-SingleBaselineProfile $PSItem.Object (Join-Path $rootFolder (Get-BaselineFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-BaselineFolderName }
-
-}
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-BaselineTemplatesName
-{
- return "Baseline Templates"
-}
-
-
-function Get-BaselineName
-{
- return "Baseline Profiles"
-}
-
-function Get-BaselineFolderName
-{
- return "Baseline"
-}
-
-function Get-BaselineTemplates
-{
- Write-Status "Loading baseline templates" -SkipLog
- $dgObjects.ItemsSource = @(Get-BaselineTemplateObjects)
-}
-
-function Get-BaselineTemplateObjects
-{
- Get-GraphObjects -Url "/deviceManagement/templates"
-}
-
-function Get-BaselineProfiles
-{
- Write-Status "Loading banding profiles" -SkipLog
- $dgObjects.ItemsSource = @(Get-BaselineProfileObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllBaselineProfiles $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedBaselineProfile $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllBaselineProfileObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-BaselineProfileObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude @("*_Settings.json","*_assignments.json"))
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-BaselineProfile}) -ViewFullObject ([scriptblock]{Get-BaselineProfileObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-BaselineProfileObjects
-{
- Get-GraphObjects -Url "/deviceManagement/intents"
-}
-
-function Get-BaselineProfileObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- $profile = Invoke-GraphRequest -Url "/deviceManagement/intents/$($Object.id)"
- $settings = Invoke-GraphRequest -Url "/deviceManagement/intents/$($Object.id)/Settings"
-
- @($profile, $settings)
-}
-
-function Export-AllBaselineProfiles
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleBaselineProfile $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedBaselineProfile
-{
- param($path = "$env:Temp")
-
- Export-SingleBaselineProfile $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleBaselineProfile
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-BaselineFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = $psObj
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
- $settings = Invoke-GraphRequest -Url "/deviceManagement/intents/$($obj.id)/settings"
- ConvertTo-Json $settings.value -Depth 5 | Out-File "$path\$($obj.displayName)_Settings.json" -Force
- }
- $assignments = Invoke-GraphRequest -Url "/deviceManagement/intents/$($obj.id)/assignments"
- if(($assignments.Value | measure).Count -gt 0)
- {
- ConvertTo-Json $assignments.value -Depth 5| Out-File "$path\$($obj.displayName)_assignments.json" -Force
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-BaselineProfile
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect baseline profile you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy baseline profiles" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- $settings = Invoke-GraphRequest -Url "/deviceManagement/intents/$($obj.id)/settings"
- $intentSettings = ConvertTo-Json $settings.value -Depth 5
-
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-BaselineProfile $obj $intentSettings | Out-null
-
- $dgObjects.ItemsSource = @(Get-BaselineProfileObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-BaselineProfile
-{
- param($obj, $intentSettings, $templateId)
-
-$json = @"
- {
- "displayName": "$($obj.displayName)",
- "description": "$($obj.description)",
- "settingsDelta":
- $($intentSettings)
-
- }
-"@
-
- if($templateId)
- {
- $tempId = $templateId
- }
- else
- {
- $tempId = $obj.templateId
- }
-
- Write-Status "Import $($obj.displayName)"
-
- return Invoke-GraphRequest -Url "/deviceManagement/templates/$($tempId)/createInstance" -Content $json -HttpMethod POST
-}
-
-function Import-AllBaselineProfileObjects
-{
- param(
- $path = "$env:Temp"
- )
-
- Import-BaselineProfileObjects (Get-JsonFileObjects $path)
-}
-
-function Import-BaselineProfileObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import terms and conditions"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import security baseline: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $settingsFile = $obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_settings.json"
- if(-not (Test-Path $settingsFile)) { continue }
-
- $intentSettings = Get-Content $settingsFile -Raw
-
- $response = Import-BaselineProfile $obj.Object $intentSettings
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments $assignments "assignments" "/deviceManagement/intents/$($response.Id)/assign"
- }
- }
- $dgObjects.ItemsSource = @(Get-BaselineProfileObjects)
- Write-Status ""
-}
diff --git a/Extensions/Branding.psm1 b/Extensions/Branding.psm1
deleted file mode 100644
index 70120fa..0000000
--- a/Extensions/Branding.psm1
+++ /dev/null
@@ -1,236 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-IntuneBrandingName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-IntuneBrandings}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-IntuneBrandingName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all Intune branding objects"
- Import-AllIntuneBrandingObjects (Join-Path $rootFolder (Get-IntuneBrandingFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-IntuneBrandingName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all Intune branding objects"
- Get-IntuneBrandingObjects | ForEach-Object { Export-SingleIntuneBranding $PSItem.Object (Join-Path $rootFolder (Get-IntuneBrandingFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-IntuneBrandingFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-IntuneBrandingName
-{
- return "Intune Branding"
-}
-
-function Get-IntuneBrandingFolderName
-{
- return "IntuneBranding"
-}
-
-function Get-IntuneBrandings
-{
- Write-Status "Loading banding profiles"
- $dgObjects.ItemsSource = @(Get-IntuneBrandingObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllIntuneBrandings $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- # Same as ExportAllScript since only one object is supported
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-AllIntuneBrandings $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllIntuneBrandingObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-IntuneBrandingObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles})
-}
-
-function Get-IntuneBrandingObjects
-{
- Get-GraphObjects -Url "/deviceManagement/intuneBrand" -property @("displayName")
-}
-
-function Export-AllIntuneBrandings
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleIntuneBranding $objTmp.Object $path
- }
- }
-}
-
-function Export-SingleIntuneBranding
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-IntuneBrandingFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
-
- $obj = $psObj
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
- Save-IntuneBrandingFile $obj "lightBackgroundLogo" $path
- Save-IntuneBrandingFile $obj "darkBackgroundLogo" $path
- Save-IntuneBrandingFile $obj "landingPageCustomizedImage" $path
- }
- $global:exportedObjects++
- }
-}
-
-function Save-IntuneBrandingFile
-{
- param($obj, $prop, $path)
-
- if(-not $obj.$prop.type) { return }
-
- $arr=$obj.$prop.type.Split('/')
- if($arr.Length -gt 1)
- {
- $fileType = $arr[1]
- }
- else
- {
- $fileType = ".jpg" # assume...
- }
-
- $fileName = "$path\$((Remove-InvalidFileNameChars "$($obj.displayName).$prop.$fileType"))"
- try
- {
- if(Test-Path $fileName)
- {
- Remove-Item -Path $fileName -Force
- }
- [IO.File]::WriteAllBytes($fileName, [System.Convert]::FromBase64String($obj.$prop.value))
- }
- catch {}
-}
-
-
-function Import-IntuneBranding
-{
- param($obj)
-
- Start-PreImport $obj -RemoveProperties @("@odata.context")
-
- $newObject = @"
-{
- "intuneBrand":$((ConvertTo-Json $obj -Depth 5))
-}
-
-"@
- Write-Status "Import $($obj.displayName)"
-
- # Note: Branding is imported to deviceManagement with JSON parent object intuneBrand
- Invoke-GraphRequest -Url "$URL/deviceManagement" -Content $newObject -HttpMethod PATCH
-}
-
-function Import-AllIntuneBrandingObjects
-{
- param($path = "$env:Temp")
-
- Import-IntuneBrandingObjects (Get-JsonFileObjects $path)
-}
-
-function Import-IntuneBrandingObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import Intune branding"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import Intune branding"
-
- $response = Import-IntuneBranding $obj.Object
-
- # Note: No assignments for branding. This is default branding for everyone
-
- }
- $dgObjects.ItemsSource = @(Get-IntuneBrandingObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/CompliancePolicies.psm1 b/Extensions/CompliancePolicies.psm1
deleted file mode 100644
index fa2a53b..0000000
--- a/Extensions/CompliancePolicies.psm1
+++ /dev/null
@@ -1,255 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-CompliancePolicyName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-CompliancePolicies}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-CompliancePolicyName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all Intune compliance policies"
- Import-AllCompliancePolicyObjects (Join-Path $rootFolder (Get-CompliancePolicyFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-CompliancePolicyName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all compliance policies"
- Get-CompliancePolicyObjects | ForEach-Object { Export-SingleCompliancePolicy $PSItem.Object (Join-Path $rootFolder (Get-CompliancePolicyFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-CompliancePolicyFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-CompliancePolicyName
-{
- return "Compliance Policies"
-}
-
-function Get-CompliancePolicyFolderName
-{
- return "CompliancePolicies"
-}
-
-function Get-CompliancePolicies
-{
- Write-Status "Loading compliance policies"
- $dgObjects.ItemsSource = @(Get-CompliancePolicyObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllCompliancePolicies $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedCompliancePolicy $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllCompliancePolicyObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-CompliancePolicyObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-CompliancePolicy}) -ViewFullObject ([scriptblock]{Get-CompliancePolicyObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-CompliancePolicyObjects
-{
- Get-GraphObjects -Url "/deviceManagement/deviceCompliancePolicies"
-}
-
-function Get-CompliancePolicyObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceCompliancePolicies/$($Object.id)$additional"
-}
-
-function Export-AllCompliancePolicies
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleCompliancePolicy $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedCompliancePolicy
-{
- param($path = "$env:Temp")
-
- Export-SingleCompliancePolicy $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleCompliancePolicy
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-CompliancePolicyFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "/deviceManagement/deviceCompliancePolicies/$($psObj.id)?`$expand=assignments"
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-CompliancePolicy
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect compliance policy item you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy compliance policy" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-CompliancePolicy $obj | Out-null
-
- $dgObjects.ItemsSource = @(Get-CompliancePolicyObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-CompliancePolicy
-{
- param($obj)
-
- Start-PreImport $obj
-
- $json = ConvertTo-Json $obj -Depth 5
- $json = $json.Trim().TrimEnd('}').Trim()
- $json += @"
-,
- "scheduledActionsForRule":[{"ruleName":"PasswordRequired","scheduledActionConfigurations":[{"actionType":"block","gracePeriodHours":0,"notificationTemplateId":"","notificationMessageCCList":[]}]}]
-}
-
-"@
-
- Write-Status "Import $($obj.displayName)"
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceCompliancePolicies" -Content $json -HttpMethod POST
-}
-
-function Import-AllCompliancePolicyObjects
-{
- param($path = "$env:Temp")
-
- Import-CompliancePolicyObjects (Get-JsonFileObjects $path)
-}
-
-function Import-CompliancePolicyObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import compliance policies"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import Compliance Policy: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-CompliancePolicy $obj.Object
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments $assignments "assignments" "/deviceManagement/deviceCompliancePolicies/$($response.Id)/assign"
- }
- }
- $dgObjects.ItemsSource = @(Get-CompliancePolicyObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/ConditionalAccess.psm1 b/Extensions/ConditionalAccess.psm1
deleted file mode 100644
index e285d1c..0000000
--- a/Extensions/ConditionalAccess.psm1
+++ /dev/null
@@ -1,291 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-ConditionalAccessName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-ConditionalAccess}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-ConditionalAccessName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all conditional access policies"
- Import-AllConditionalAccessObjects (Join-Path $rootFolder (Get-ConditionalAccessFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-ConditionalAccessName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all conditional access policies"
- Get-ConditionalAccessObjects | ForEach-Object { Export-SingleConditionalAccess $PSItem.Object (Join-Path $rootFolder (Get-ConditionalAccessFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-ConditionalAccessFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-ConditionalAccessName
-{
- return "Conditional Access"
-}
-
-function Get-ConditionalAccessFolderName
-{
- return "ConditionalAccess"
-}
-
-function Get-ConditionalAccess
-{
- Write-Status "Loading conditional access objects"
- $dgObjects.ItemsSource = @(Get-ConditionalAccessObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllConditionalAccess $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedConditionalAccess $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllConditionalAccessObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-ConditionalAccessObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -ViewFullObject ([scriptblock]{Get-ConditionalAccessObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-ConditionalAccessObjects
-{
- #https://main.iam.ad.ext.azure.com/api/Policies/Policies?top=10&nextLink=null&appId=&includeBaseline=true
- Get-AzureNativeObjects "Policies/Policies?top=10&appId=&includeBaseline=true" -property @('policyName') -allowPaging
-}
-
-function Get-ConditionalAccessObject
-{
- param($object, $additional = "")
-
- if(-not $Object.policyId) { return }
-
- if($Object.baselineType -eq 0)
- {
- Invoke-AzureNativeRequest "Policies/$($Object.policyId)$additional"
- }
- else
- {
- Invoke-AzureNativeRequest "BaselinePolicies/$($Object.policyId)$additional"
- }
-}
-
-function Export-AllConditionalAccess
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleConditionalAccess $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedConditionalAccess
-{
- param($path = "$env:Temp")
-
- Export-SingleConditionalAccess $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleConditionalAccess
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-ConditionalAccessFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.policyName)"
-
- if($psObj.baselineType -eq 0)
- {
- $obj = Invoke-AzureNativeRequest "Policies/$($psObj.policyId)"
- }
- else
- {
- $obj = Invoke-AzureNativeRequest "BaselinePolicies/$($psObj.policyId)"
- }
-
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $psObj.policyName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
- }
-
- if($jsonObj.usersV2.included.groupIds)
- {
- $jsonObj.usersV2.included.groupIds | ForEach-Object { Add-GroupMigrationObject $PSItem }
- }
-
- if($jsonObj.usersV2.excluded.groupIds)
- {
- $jsonObj.usersV2.excluded.groupIds | ForEach-Object { Add-GroupMigrationObject $PSItem }
- }
-
- if($jsonObj.usersV2.included.userIds -or $jsonObj.usersV2.excluded.userIds)
- {
- Write-Log "Users are specified in $($psObj.policyName). User are not supported in this version. This conditional access policy might not be imported" 2
- }
-
- if($jsonObj.usersV2.included.roleIds -or $jsonObj.usersV2.excluded.roleIds)
- {
- Write-Log "Roles are specified in $($psObj.policyName). Roles are not supported in this version. This conditional access policy might not be imported" 2
- }
-
- if($jsonObj.conditions.namedNetworks.includedNetworkIds -or $jsonObj.conditions.namedNetworks.excludedNetworkIds)
- {
- Write-Log "Networks are specified in $($psObj.policyName). Named networks are not supported in this version. This conditional access policy might not be imported" 2
- }
-
- # There might be a lot more to check here...
-
- $global:exportedObjects++
- }
-}
-
-function Import-ConditionalAccess
-{
- param($obj)
-
- Start-PreImport $obj
-
- $json = Update-JsonForEnvironment $json
-
- if($obj.baselineType -eq 0)
- {
- $obj.policyId = ""
- $obj.isAllProtocolsEnabled = $true
- $json = ConvertTo-Json $obj -Depth 10
- $json = Update-JsonForEnvironment $json
-
- if((Invoke-AzureNativeRequest "Policies/Validate" -Method POST -Body $json) -eq 11)
- {
- Invoke-AzureNativeRequest "Policies" -Method POST -Body $json | Out-Null
- }
- else
- {
- Write-Log "Policy validation of json data failed" 3
- }
- }
- else
- {
- Write-Log "Conditional Access Baseline Policies does not support import"
- #Invoke-AzureNativeRequest "BaselinePolicies/$($obj.id)" -Method PUT -Body (ConvertTo-Json $obj -Depth 5) | Out-Null
- }
-}
-
-function Import-AllConditionalAccessObjects
-{
- param($path = "$env:Temp")
-
- Import-ConditionalAccessObjects (Get-JsonFileObjects $path)
-}
-
-function Import-ConditionalAccessObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import conditional access policies"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import Conditional Access: $($obj.Object.policyName)"
-
- $response = Import-ConditionalAccess $obj.Object
-
- if($response)
- {
- $global:importedObjects++
- }
- # No additionl assignments on conditional access policies
- }
- $dgObjects.ItemsSource = @(Get-ConditionalAccessObjects)
- Write-Status ""
-}
-
-<#
- # Get all networks
- Get-AzureNativeObjects "NamedNetworksV2"
-
- # Network example
- #{"networkName":"Australia","cidrIpRanges":[],"categories":[],"applyToUnknownCountry":false,"countryIsoCodes":["AU"],"isTrustedLocation":false,"namedLocationsType":2}
-
- Get-AzureNativeObjects "NamedNetworksV2" -Method POST -Body $json | Out-Nul
-
- # Get all contry codes
- NamedNetworksV2/CountryCodes
-#>
\ No newline at end of file
diff --git a/Extensions/ConfigurationItems.psm1 b/Extensions/ConfigurationItems.psm1
deleted file mode 100644
index 7443aa0..0000000
--- a/Extensions/ConfigurationItems.psm1
+++ /dev/null
@@ -1,251 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-DeviceConfigurationName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-DeviceConfigurations}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-DeviceConfigurationName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all device configuration objects"
- Import-AllDeviceConfigurationObjects (Join-Path $rootFolder (Get-DeviceConfigurationFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-DeviceConfigurationName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all device configuration objects"
- Get-DeviceConfigurationObjects | ForEach-Object { Export-SingleDeviceConfiguration $PSItem.Object (Join-Path $rootFolder (Get-DeviceConfigurationFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-DeviceConfigurationFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-DeviceConfigurationName
-{
- return "Device Configurations"
-}
-
-function Get-DeviceConfigurationFolderName
-{
- return "DeviceConfigurations"
-}
-
-function Get-DeviceConfigurations
-{
- Write-Status "Loading device configurations"
- $dgObjects.ItemsSource = @(Get-DeviceConfigurationObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllDeviceConfigurations $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedDeviceConfiguration $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllDeviceConfigurationObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-DeviceConfigurationObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-DeviceConfiguration}) -ViewFullObject ([scriptblock]{Get-DeviceConfigurationObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-DeviceConfigurationObjects
-{
- Get-GraphObjects -Url "/deviceManagement/deviceConfigurations"#,"/deviceManagement/groupPolicyConfigurations"
-}
-
-function Get-DeviceConfigurationObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceConfigurations/$($Object.id)$additional"
-}
-
-function Export-AllDeviceConfigurations
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleDeviceConfiguration $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedDeviceConfiguration
-{
- param($path = "$env:Temp")
-
- Export-SingleDeviceConfiguration $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleDeviceConfiguration
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-DeviceConfigurationFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "/deviceManagement/deviceConfigurations/$($psObj.id)?`$expand=assignments"
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
- if($script:chkExportScript.IsChecked)
- {
- $fileName = "$path\$($obj.FileName)"
- [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($obj.scriptContent)) | Out-File $fileName -Force
- }
-
- Add-MigrationInfo $obj.assignments
-
- $global:exportedObjects++
- }
- }
-}
-
-function Copy-DeviceConfiguration
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect device configuration item you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy device configuration" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-DeviceConfiguration $obj | Out-Null
-
- $dgObjects.ItemsSource = @(Get-DeviceConfigurationObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-DeviceConfiguration
-{
- param($obj)
-
- Write-Status "Import $($obj.displayName)"
-
- Start-PreImport $obj
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceConfigurations" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
-}
-
-function Import-AllDeviceConfigurationObjects
-{
- param($path = "$env:Temp")
-
- Import-DeviceConfigurationObjects (Get-JsonFileObjects $path)
-}
-
-function Import-DeviceConfigurationObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import device configuration profiles"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import device configuration policy: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-DeviceConfiguration $obj.Object
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments $assignments "assignments" "/deviceManagement/deviceConfigurations/$($response.Id)/assign"
- }
- }
- $dgObjects.ItemsSource = @(Get-DeviceConfigurationObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/EndpointManager.psm1 b/Extensions/EndpointManager.psm1
new file mode 100644
index 0000000..4175424
--- /dev/null
+++ b/Extensions/EndpointManager.psm1
@@ -0,0 +1,1595 @@
+<#
+.SYNOPSIS
+Module for managing Intune objects
+
+.DESCRIPTION
+This module is for the Endpoint Manager/Intune View. It manages Export/Import/Copy of Intune objects
+
+.NOTES
+ Author: Mikael Karlsson
+#>
+function Get-ModuleVersion
+{
+ '3.0.0'
+}
+
+function Invoke-InitializeModule
+{
+ #Add settings
+ $global:appSettingSections += (New-Object PSObject -Property @{
+ Title = "Endpoint Manager/Intune"
+ Id = "EndpointManager"
+ Values = @()
+ Priority = 10
+ })
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Application"
+ Key = "EMAzureApp"
+ Type = "List"
+ ItemsSource = $global:MSGraphGlobalApps
+ DefaultValue = ""
+ SubPath = "EndpointManager"
+ }) "EndpointManager"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Application Id"
+ Key = "EMCustomAppId"
+ Type = "String"
+ DefaultValue = ""
+ SubPath = "EndpointManager"
+ }) "EndpointManager"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Redirect URL"
+ Key = "EMCustomAppRedirect"
+ Type = "String"
+ DefaultValue = ""
+ SubPath = "EndpointManager"
+ }) "EndpointManager"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Tenant Id"
+ Key = "EMCustomTenantId"
+ Type = "String"
+ DefaultValue = ""
+ SubPath = "EndpointManager"
+ }) "EndpointManager"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Authority"
+ Key = "EMCustomAuthority"
+ Type = "String"
+ DefaultValue = ""
+ SubPath = "EndpointManager"
+ }) "EndpointManager"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "App packages folder"
+ Key = "EMIntuneAppPackages"
+ Type = "Folder"
+ Description = "Root folder where intune app packages are located"
+ SubPath = "EndpointManager"
+ }) "EndpointManager"
+
+ $viewPanel = Get-XamlObject ($global:AppRootFolder + "\Xaml\EndpointManagerPanel.xaml") -AddVariables
+
+ Set-EMViewPanel $viewPanel
+
+ #Add menu group and items
+ $global:EMViewObject = (New-Object PSObject -Property @{
+ Title = "Intune Manager"
+ Description = "Manages Intune environments. This view can be used for copying objects in an Intune environment. It can also be used for backing up an entire Intune environment and cloning the Intune environment into another tenant."
+ ID="IntuneGraphAPI"
+ ViewPanel = $viewPanel
+ ItemChanged = { Show-GraphObjects; Write-Status ""}
+ Deactivating = { Invoke-EMDeactivateView }
+ Activating = { Invoke-EMActivatingView }
+ Authentication = (Get-MSALAuthenticationObject)
+ Authenticate = { Invoke-EMAuthenticateToMSAL }
+ AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547")
+ SaveSettings = { Invoke-EMSaveSettings }
+ })
+
+ Add-ViewObject $global:EMViewObject
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Device Configuration"
+ Id = "DeviceConfiguration"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/deviceConfigurations"
+ QUERYLIST = "`$filter=not%20isof(%27microsoft.graph.windowsUpdateForBusinessConfiguration%27)%20and%20not%20isof(%27microsoft.graph.iosUpdateConfiguration%27)"
+ #ExportFullObject = $false
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Conditional Access"
+ Id = "ConditionalAccess"
+ ViewID = "IntuneGraphAPI"
+ API = "/identity/conditionalAccess/policies"
+ Permissons=@("Policy.Read.All","Policy.ReadWrite.ConditionalAccess","Application.Read.All")
+ Dependencies = @("NamedLocations","Applications")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Named Locations"
+ Id = "NamedLocations"
+ ViewID = "IntuneGraphAPI"
+ API = "/identity/conditionalAccess/namedLocations"
+ Permissons=@("Policy.ReadWrite.ConditionalAccess")
+ ImportOrder = 50
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Endpoint Security"
+ Id = "EndpointSecurity"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/intents"
+ PropertiesToRemove = @('Settings','@OData.Type')
+ PreImportCommand = { Start-PreImportEndpointSecurity @args }
+ PostListCommand = { Start-PostListEndpointSecurity @args }
+ PostExportCommand = { Start-PostExportEndpointSecurity @args }
+ PostFileImportCommand = { Start-PostFileImportEndpointSecurity @args }
+ #PreCopyCommand = { Start-PreCopyEndpointSecurity @args }
+ PostCopyCommand = { Start-PostCopyEndpointSecurity @args }
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Compliance Policies"
+ Id = "CompliancePolicies"
+ ViewID = "IntuneGraphAPI"
+ Expand = "scheduledActionsForRule(`$expand=scheduledActionConfigurations)"
+ API = "/deviceManagement/deviceCompliancePolicies"
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ Dependencies = @("Locations","Notifications")
+ PostExportCommand = { Start-PostExportCompliancePolicies @args }
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Intune Branding"
+ Id = "IntuneBranding"
+ API = "/deviceManagement/intuneBrandingProfiles"
+ ViewID = "IntuneGraphAPI"
+ NameProperty = "profileName"
+ ViewProperties = @("profileName", "displayName", "description", "id","isDefaultProfile")
+ PreImportCommand = { Start-PreImportIntuneBranding @args }
+ PostImportCommand = { Start-PostImportIntuneBranding @args }
+ PostGetCommand = { Start-PostGetIntuneBranding @args }
+ PostExportCommand = { Start-PostExportIntuneBranding @args }
+ Permissons=@("DeviceManagementApps.ReadWrite.All")
+ Icon = "Branding"
+ SkipRemoveProperties = @('Id') # Id is removed by PreImport. Required for default profile
+ })
+
+ <#
+ # BUG in Graph? Cannot create default branding. Can only create it when importing another object
+ # Header required Accept-Language: sv-SE
+ # Documentation says to use Content-Language but that doesn't work
+
+ # Could work with https://main.iam.ad.ext.azure.com/api/LoginTenantBrandings
+
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Azure Branding"
+ Id = "AzureBranding"
+ API = "/organization/%OrganizationId%/branding/localizations"
+ ViewID = "IntuneGraphAPI"
+ ViewProperties = @("Id")
+ PreImportCommand = { Start-PreImportAzureBranding @args }
+ PostListCommand = { Start-PostListAzureBranding @args }
+ NameProperty = "Id"
+ Permissons=@("Organization.ReadWrite.All")
+ Icon = "Branding"
+ SkipRemoveProperties = @('Id')
+ })
+ #>
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Enrollment Status Page"
+ Id = "EnrollmentStatusPage"
+ API = "/deviceManagement/deviceEnrollmentConfigurations"
+ ViewID = "IntuneGraphAPI"
+ PreImportCommand = { Start-PreImportESP @args }
+ PostExportCommand = { Start-PostExportESP @args }
+ QUERYLIST = "`$filter=endsWith(id,'Windows10EnrollmentCompletionPageConfiguration')"
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ SkipRemoveProperties = @('Id')
+ AssignmentsType = "enrollmentConfigurationAssignments"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Enrollment Restrictions"
+ Id = "EnrollmentRestrictions"
+ API = "/deviceManagement/deviceEnrollmentConfigurations"
+ ViewID = "IntuneGraphAPI"
+ QUERYLIST = "`$filter=not endsWith(id,'Windows10EnrollmentCompletionPageConfiguration')"
+ PostExportCommand = { Start-PostExportEnrollmentRestrictions @args }
+ PreImportCommand = { Start-PreImportEnrollmentRestrictions @args }
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ SkipRemoveProperties = @('Id')
+ AssignmentsType = "enrollmentConfigurationAssignments"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Administrative Templates"
+ Id = "AdministrativeTemplates"
+ API = "/deviceManagement/groupPolicyConfigurations"
+ ViewID = "IntuneGraphAPI"
+ PostExportCommand = { Start-PostExportAdministrativeTemplate @args }
+ PostCopyCommand = { Start-PostCopyAdministrativeTemplate @args }
+ PostFileImportCommand = { Start-PostFileImportAdministrativeTemplate @args }
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ Icon="DeviceConfiguration"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Scripts"
+ Id = "Scripts"
+ API = "/deviceManagement/deviceManagementScripts"
+ ViewID = "IntuneGraphAPI"
+ DetailExtension = { Add-ScriptExtensions @args }
+ ExportExtension = { Add-ScriptExportExtensions @args }
+ PostExportCommand = { Start-PostExportScripts @args }
+ Permissons=@("DeviceManagementManagedDevices.ReadWrite.All")
+ AssignmentsType = "deviceManagementScriptAssignments"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Terms and Conditions"
+ Id = "TermsAndConditions"
+ API = "/deviceManagement/termsAndConditions"
+ ViewID = "IntuneGraphAPI"
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ ExpandAssignments = $false # Not supported for this object type
+ PostExportCommand = { Start-PostExportTermsAndConditions @args }
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsTermsAndConditions @args }
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "App Protection"
+ Id = "AppProtection"
+ API = "/deviceAppManagement/managedAppPolicies"
+ ViewID = "IntuneGraphAPI"
+ PreGetCommand = { Start-GetAppProtection @args }
+ PostListCommand = { Start-PostListAppProtection @args }
+ PreImportCommand = { Start-PreImportAppProtection @args }
+ PostImportCommand = { Start-PostImportAppProtection @args }
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsAppProtection @args }
+ ExportFullObject = $true
+ Permissons=@("DeviceManagementApps.ReadWrite.All")
+ Dependencies = @("Applications")
+ })
+
+ # These are also included in the managedAppPolicies API
+ # So all custom commands will be handled by the same functions as App Protection
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "App Configuration (App)"
+ Id = "AppConfigurationManagedApp"
+ API = "/deviceAppManagement/targetedManagedAppConfigurations"
+ ViewID = "IntuneGraphAPI"
+ PreGetCommand = { Start-GetAppProtection @args }
+ PreImportCommand = { Start-PreImportAppProtection @args }
+ PostImportCommand = { Start-PostImportAppProtection @args }
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsAppProtection @args }
+ Permissons=@("DeviceManagementApps.ReadWrite.All")
+ Dependencies = @("Applications")
+ Icon = "AppConfiguration"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "App Configuration (Device)"
+ Id = "AppConfigurationManagedDevice"
+ API = "/deviceAppManagement/mobileAppConfigurations"
+ QUERYLIST = "`$filter=microsoft.graph.androidManagedStoreAppConfiguration/appSupportsOemConfig%20eq%20false%20or%20isof(%27microsoft.graph.androidManagedStoreAppConfiguration%27)%20eq%20false"
+ ViewID = "IntuneGraphAPI"
+ Permissons=@("DeviceManagementApps.ReadWrite.All")
+ Dependencies = @("Applications")
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsAppConfiguration @args }
+ #PostExportCommand = { Start-PostExportAppConfiguration @args }
+ Icon = "AppConfiguration"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Applications"
+ Id = "Applications"
+ API = "/deviceAppManagement/mobileApps"
+ ViewID = "IntuneGraphAPI"
+ PropertiesToRemove = @('uploadState','publishingState','isAssigned','dependentAppCount','supersedingAppCount','supersededAppCount','committedContentVersion','isFeatured','size')
+ QUERYLIST = "`$filter=(microsoft.graph.managedApp/appAvailability%20eq%20null%20or%20microsoft.graph.managedApp/appAvailability%20eq%20%27lineOfBusiness%27%20or%20isAssigned%20eq%20true)&`$orderby=displayName"
+ Permissons=@("DeviceManagementApps.ReadWrite.All")
+ AssignmentsType="mobileAppAssignments"
+ AssignmentProperties = @("@odata.type","target","settings","intent")
+ AssignmentTargetProperties = @("@odata.type","groupId","deviceAndAppManagementAssignmentFilterId","deviceAndAppManagementAssignmentFilterType")
+ ImportOrder = 60
+ PostFileImportCommand = { Start-PostFileImportApplications @args }
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "AutoPilot"
+ Id = "AutoPilot"
+ API = "/deviceManagement/windowsAutopilotDeploymentProfiles"
+ ViewID = "IntuneGraphAPI"
+ CopyDefaultName = "%displayName% Copy" # '-' is not allowed in the name
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsAutoPilot @args }
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Policy Sets"
+ Id = "PolicySets"
+ API = "/deviceAppManagement/policySets"
+ ViewID = "IntuneGraphAPI"
+ Expand = "Items"
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsPolicySets @args }
+ PreImportCommand = { Start-PreImportPolicySets @args }
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ ImportOrder = 2000 # Policy Sets reference other objects so make sure it is imported last
+ Dependencies = @("Applications","AppConfiguration","AppProtection","AutoPilot","EnrollmentRestrictions","EnrollmentStatusPage","DeviceConfiguration","AdministrativeTemplates","SettingsCatalog","CompliancePolicies")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Update Policies"
+ Id = "UpdatePolicies"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/deviceConfigurations"
+ QUERYLIST = "`$filter=isof(%27microsoft.graph.windowsUpdateForBusinessConfiguration%27)%20or%20isof(%27microsoft.graph.iosUpdateConfiguration%27)"
+ #ExportFullObject = $false
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Feature Updates"
+ Id = "FeatureUpdates"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/windowsFeatureUpdateProfiles"
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ })
+
+ # Locations are not FULLY supported
+ # They will be imported but Compliance Policies will not be updated with new Location object after import
+ # ToDo: Add support Export/Import Location Settings
+ # Location object - Only used by Android Device Admins Compliance Policies
+ # - These should probably be migrated to Android Enterprise anyway. That is the recommendation by Google
+ # Property that needs to be updated on the Compliance Policy
+ # deviceManagement/managementConditionStatements/$obj.conditionStatementId
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Locations"
+ Id = "Locations"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/managementConditions"
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ PreImportCommand = { Start-PreImportLocations @args }
+ ImportOrder = 30
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Settings Catalog"
+ Id = "SettingsCatalog"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/configurationPolicies"
+ PropertiesToRemove = @('settingCount')
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ NameProperty = "Name"
+ ViewProperties = @("name","description","Id")
+ Expand="Settings"
+ Icon="DeviceConfiguration"
+ PostExportCommand = { Start-PostExportSettingsCatalog @args }
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Role Definitions"
+ Id = "RoleDefinitions"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/roleDefinitions"
+ QUERYLIST = "`$filter=isBuiltIn%20eq%20false"
+ PostExportCommand = { Start-PostExportRoleDefinitions @args }
+ PreImportCommand = { Start-PreImportRoleDefinitions @args }
+ PostFileImportCommand = { Start-PostFileImportRoleDefinitions @args }
+ Permissons=@("DeviceManagementRBAC.ReadWrite.All")
+ ImportOrder = 20
+ #expand=roleassignments
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Scope (Tags)"
+ Id = "ScopeTags"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/roleScopeTags"
+ QUERYLIST = "`$filter=isBuiltIn%20eq%20false"
+ Permissons=@("DeviceManagementRBAC.ReadWrite.All")
+ PostExportCommand = { Start-PostExportScopeTags @args }
+ ImportOrder = 10
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Notifications"
+ Id = "Notifications"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/notificationMessageTemplates"
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ ImportOrder = 40
+ Expand = "localizedNotificationMessages"
+ PreImportCommand = { Start-PreImportNotifications @args }
+ PostFileImportCommand = { Start-PostFileImportNotifications @args }
+ PostCopyCommand = { Start-PostCopyNotifications @args }
+
+ })
+
+ # This has some pre-reqs for working!
+ # Import is tested and verified in a tenant with Googple Play connection configured
+ # And the OEM app was dpwnloaded e.g. Knox Service Plugin
+ # Import failed in a tenant where Google Play was NOT configured
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Android OEM Config"
+ Id = "AndroidOEMConfig"
+ ViewID = "IntuneGraphAPI"
+ QUERYLIST = "`$filter=microsoft.graph.androidManagedStoreAppConfiguration/appSupportsOemConfig%20eq%20true"
+ API = "/deviceAppManagement/mobileAppConfigurations"
+ PreImportAssignmentsCommand = { Start-PreImportAssignmentsAppConfiguration @args }
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ Icon="DeviceConfiguration"
+ Dependencies = @("Applications")
+ })
+
+ # Copy/Export/Import not verified!
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Apple Enrollment Types"
+ Id = "AppleEnrollmentTypes"
+ ViewID = "IntuneGraphAPI"
+ API = "/deviceManagement/appleUserInitiatedEnrollmentProfiles"
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ })
+}
+
+function Invoke-EMAuthenticateToMSAL
+{
+ $global:EMViewObject.AppInfo = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
+ Set-MSALCurrentApp $global:EMViewObject.AppInfo
+ & $global:msalAuthenticator.Login -Account (?? $global:MSALToken.Account.UserName (Get-Setting "" "LastLoggedOnUser"))
+}
+
+function Invoke-EMDeactivateView
+{
+ $tmp = $mnuMain.Items | Where Name -eq "EMBulk"
+ if($tmp) { $mnuMain.Items.Remove($tmp) }
+}
+
+function Invoke-EMActivatingView
+{
+ Show-MSALError
+
+ # Refresh values in case they have changed
+ $global:EMViewObject.AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547")
+ if(-not $global:EMViewObject.Authentication)
+ {
+ $global:EMViewObject.Authentication = Get-MSALAuthenticationObject
+ }
+
+ # Add View specific menus
+ Add-GraphBulkMenu
+}
+
+function Invoke-EMSaveSettings
+{
+ $tmpApp = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
+
+ if($global:appObj.ClientID -ne $tmpApp.ClientId -and $global:MSALToken)
+ {
+ # The app has changed. Need to authenticate to the new app
+ Write-Status "Logging in to $((?? $global:appObj.Name "selected application"))"
+ $global:EMViewObject.AppInfo = $tmpApp
+ Set-MSALCurrentApp $global:EMViewObject.AppInfo
+ Clear-MSALCurentUserVaiables
+ Connect-MSALUser -Account $global:MSALToken.Account.Username
+ Write-Status ""
+ }
+}
+
+function Set-EMViewPanel
+{
+ param($panel)
+ # ToDo: Create View specific pannel and move this to graph
+ Add-XamlEvent $panel "btnView" "Add_Click" -scriptBlock ([scriptblock]{
+ Show-GraphObjectInfo
+ })
+
+ Add-XamlEvent $panel "btnCopy" "Add_Click" -scriptBlock ([scriptblock]{
+ Copy-GraphObject
+ })
+
+ Add-XamlEvent $panel "btnExport" "Add_Click" -scriptBlock ([scriptblock]{
+ Show-GraphExportForm
+ })
+
+ Add-XamlEvent $panel "btnImport" "Add_Click" -scriptBlock ([scriptblock]{
+ Show-GraphImportForm
+ })
+
+ Add-XamlEvent $panel "chkSelectAll" "Add_Click" -scriptBlock ([scriptblock]{
+ foreach($item in $global:dgObjects.ItemsSource)
+ {
+ $item.IsSelected = $this.IsChecked
+ }
+ $global:dgObjects.Items.Refresh()
+ })
+
+
+ Add-XamlEvent $panel "txtFilter" "Add_LostFocus" ({ #param($obj, $e)
+ Invoke-FiterBoxChanged $this
+ #$e.Handled = $true
+ })
+
+ Add-XamlEvent $panel "txtFilter" "Add_GotFocus" ({
+ if($this.Tag -eq "1" -and $this.Text -eq "Filter") { $this.Text = "" }
+ Invoke-FiterBoxChanged $this
+ })
+
+ Add-XamlEvent $panel "txtFilter" "Add_TextChanged" ({
+ Invoke-FiterBoxChanged $this
+ })
+
+ Invoke-FiterBoxChanged ($panel.FindName("txtFilter"))
+
+
+ $global:dgObjects.add_selectionChanged({
+ Set-XamlProperty $this.Parent "btnView" "IsEnabled" (?: ($global:dgObjects.SelectedItem -eq $null) $false $true)
+ Set-XamlProperty $this.Parent "btnCopy" "IsEnabled" (?: ($global:dgObjects.SelectedItem -eq $null) $false $true)
+ })
+
+ # ToDo: Move this to the view object
+ $dpd = [System.ComponentModel.DependencyPropertyDescriptor]::FromProperty([System.Windows.Controls.ItemsControl]::ItemsSourceProperty, [System.Windows.Controls.DataGrid])
+ if($dpd)
+ {
+ $dpd.AddValueChanged($global:dgObjects, {
+ Set-XamlProperty $global:dgObjects.Parent "txtFilter" "Text" ""
+ $enabled = (?: ($this.ItemsSource -eq $null -or ($this.ItemsSource | measure).Count -eq 0) $false $true)
+ Set-XamlProperty $global:dgObjects.Parent "btnImport" "IsEnabled" $true # Always all Import if ObjectType allows it
+ Set-XamlProperty $global:dgObjects.Parent "btnExport" "IsEnabled" $enabled
+ Set-XamlProperty $global:dgObjects.Parent "chkSelectAll" "IsEnabled" $enabled
+ Set-XamlProperty $global:dgObjects.Parent "chkSelectAll" "IsChecked" $false
+ })
+ }
+
+ $btnRefresh = Get-XamlObject ($global:AppRootFolder + "\Xaml\RefreshButton.xaml")
+ if($btnRefresh)
+ {
+ $btnRefresh.SetValue([System.Windows.Controls.Grid]::ColumnProperty,$grdTitle.ColumnDefinitions.Count - 1)
+ $btnRefresh.Margin = "0,0,5,3"
+ $btnRefresh.Cursor = "Hand"
+ $btnRefresh.Focusable = $false
+ $grdTitle.Children.Add($btnRefresh) | Out-Null
+
+ $tooltip = [System.Windows.Controls.ToolTip]::new()
+ $tooltip.Content = "Refresh"
+ [System.Windows.Controls.ToolTipService]::SetToolTip($btnRefresh, $tooltip)
+
+ $btnRefresh.Add_Click({
+ # ToDo: Move this to view view object
+ $txtFilter = $this.Parent.FindName("txtFilter")
+ if($txtFilter) { $txtFilter.Text = "" }
+ Show-GraphObjects
+ Write-Status ""
+ })
+ }
+}
+
+function Invoke-FiterBoxChanged
+{
+ param($txtBox)
+
+ $filter = $null
+
+ if($txtBox.Text.Trim() -eq "" -and $txtBox.IsFocused -eq $false)
+ {
+ $txtBox.FontStyle = "Italic"
+ $txtBox.Tag = 1
+ $txtBox.Text = "Filter"
+ $txtBox.Foreground="Lightgray"
+ }
+ else
+ {
+ if($txtBox.Tag -eq "1" -and $txtBox.Text -eq "Filter" -and $txtBox.IsFocused -eq $false) { return }
+ $txtBox.FontStyle = "Normal"
+ $txtBox.Tag = $null
+ $txtBox.Foreground="Black"
+ $txtBox.Background="White"
+
+ if($txtBox.Text)
+ {
+ $filter = {
+ param ($item)
+ foreach($prop in ($item.PSObject.Properties | Where {$_.Name -notin @("IsSelected","Object")}))
+ {
+ if($prop.Value -match $txtBox.Text) { return $true }
+ }
+ $false
+ }
+ }
+ }
+
+ if($dgObjects.ItemsSource -is [System.Windows.Data.ListCollectionView])
+ {
+ # This causes odd behaviour with focus e.g. and item has to be clicked twice to be selected
+ $dgObjects.ItemsSource.Filter = $filter
+ $dgObjects.ItemsSource.Refresh()
+ }
+}
+#region Endpoint Security (Intents) functions
+
+function Start-PreImportEndpointSecurity
+{
+ param($obj, $objectType)
+
+ @{
+ "API"="deviceManagement/templates/$($obj.templateId)/createInstance"
+ }
+}
+
+function Start-PostListEndpointSecurity
+{
+ param($objList, $objectType)
+
+ if(-not $script:baseLineTemplates)
+ {
+ $script:baseLineTemplates = (Invoke-GraphRequest -Url "/deviceManagement/templates").Value
+ }
+ if(-not $script:baseLineTemplates) { return }
+
+ foreach($obj in $objList)
+ {
+ if(-not $obj.Object.templateId) { continue }
+ if($obj.Object.templateId -ne $baseLineTepmlate.Id)
+ {
+ $baseLineTepmlate = $script:baseLineTemplates | Where Id -eq $obj.Object.templateId
+ }
+ if($baseLineTepmlate)
+ {
+ $obj | Add-Member -MemberType NoteProperty -Name "Type" -Value $baseLineTepmlate.displayName
+ $obj | Add-Member -MemberType NoteProperty -Name "Category" -Value (?: ($baseLineTepmlate.templateSubtype -eq "none") $baseLineTepmlate.templateType $baseLineTepmlate.templateSubtype)
+ }
+ }
+ $objList
+}
+
+function Start-PostExportEndpointSecurity
+{
+ param($obj, $objectType, $path)
+
+ $settings = Invoke-GraphRequest -Url "$($objectType.API)/$($obj.id)/settings"
+ $settingsJson = "{ `"settings`": $((ConvertTo-Json $settings.value -Depth 10 ))`n}"
+ $settingsJson | Out-File "$path\$((Get-GraphObjectName $obj $objectType))_Settings.json" -Force
+}
+
+function Start-PostFileImportEndpointSecurity
+{
+ param($obj, $objectType, $file)
+
+ $settings = Get-EMSettingsObject $obj $objectType $file
+ if($settings)
+ {
+ Start-GraphPreImport $settings
+ Invoke-GraphRequest -Url "$($objectType.API)/$($obj.id)/updateSettings" -Body ($settings | ConvertTo-Json -Depth 10) -Method "POST"
+ }
+}
+
+function Start-PreCopyEndpointSecurity
+{
+ param($obj, $objectType, $newName)
+
+ $false
+
+ # Intents has a createCopy method. Use "manual" copy to have one standard and making sure Copy works the same as Export/Import
+ # These objects supports duplicate in the portal
+ # Keep for reference
+ #
+ # $objData = "{`"displayName`":`"$($newName)`"}"
+ #
+ #Invoke-GraphRequest -Url "/deviceManagement/intents/$($obj.Id)/createCopy" -Content $objData -HttpMethod "POST" | Out-Null
+ #$true
+}
+
+function Start-PostCopyEndpointSecurity
+{
+ param($objCopyFrom, $objNew, $objectType)
+
+ $settings = Invoke-GraphRequest -Url "$($objectType.API)/$($objCopyFrom.id)/settings" -ODataMetadata "Skip"
+ if($settings)
+ {
+ $settingsObj = New-object PSObject @{ "Settings" = $settings.Value }
+ Invoke-GraphRequest -Url "$($objectType.API)/$($objNew.id)/updateSettings" -Body ($settingsObj | ConvertTo-Json -Depth 10) -Method "POST"
+ }
+}
+
+#endregion
+
+#region Compliance Policy
+function Start-PostExportCompliancePolicies
+{
+ param($obj, $objectType, $exportPath)
+
+ foreach($scheduledActionsForRule in $obj.scheduledActionsForRule)
+ {
+ foreach($scheduledActionConfiguration in $scheduledActionsForRule.scheduledActionConfigurations)
+ {
+ foreach($notificationMessageCCGroup in $scheduledActionConfiguration.notificationMessageCCList)
+ {
+ Add-GroupMigrationObject $notificationMessageCCGroup
+ }
+ }
+ }
+}
+#endregion
+
+#region Intune Branding functions
+function Start-PreImportIntuneBranding
+{
+ param($obj, $objectType)
+
+ $ret = @{}
+ $global:brandingClone = $null
+
+ if($obj.isDefaultProfile)
+ {
+
+ # Looks like the ID is the same for all tenants so skip this for now
+ <#
+ $defObj = (Invoke-GraphRequest -Url "/deviceManagement/intuneBrandingProfiles?`$filter=isDefaultProfile eq true&`$select=id,displayName").Value[0]
+ if($defObj)
+ {
+ $obj.Id = $defObj.Id
+ }
+ #>
+
+ $ret.Add("API",($objectType.API + "/" + $obj.Id))
+ $ret.Add("Method","PATCH") # Default profile always exists so update it
+
+ foreach($prop in @("profileName","isDefaultProfile","disableClientTelemetry","profileDescription"))
+ {
+ Remove-Property $obj $prop
+ }
+
+ $ret
+ }
+ else
+ {
+ # Create new Branding profile does not support images data in the json
+ # Workaround: (as done by the portal)
+ # Create a new profile with basic info
+ # Patch the profile with all the info
+
+ $global:brandingClone = $obj | ConvertTo-Json -Depth 10 | ConvertFrom-Json
+
+ foreach($prop in ($obj.PSObject.Properties | Where {$_.Name -notin @("profileName","profileDescription","roleScopeTagIds")})) #"customPrivacyMessage"
+ {
+ Remove-Property $obj $prop.Name
+ }
+ }
+ Remove-Property $obj "Id"
+}
+
+function Start-PostImportIntuneBranding
+{
+ param($obj, $objectType)
+
+ if($obj.isDefaultProfile -or -not $global:brandingClone) { return }
+
+ foreach($prop in @("Id","isDefaultProfile","customPrivacyMessage","disableClientTelemetry")) #"isDefaultProfile","disableClientTelemetry"
+ {
+ Remove-Property $global:brandingClone $prop
+ }
+ $json = ($global:brandingClone | ConvertTo-Json -Depth 10)
+ $ret = Invoke-GraphRequest -Url "$($objectType.API)/$($obj.Id)" -Body $json -Method "PATCH"
+}
+
+function Start-PostGetIntuneBranding
+{
+ param($obj, $objectType)
+
+ foreach($imgType in @("themeColorLogo","lightBackgroundLogo","landingPageCustomizedImage"))
+ {
+ Write-LogDebug "Get $imgType for $($obj.profileName)"
+ $imgJson = Invoke-GraphRequest -Url "$($objectType.API)/$($obj.Id)/$imgType"
+ if($imgJson.Value)
+ {
+ $obj.Object.$imgType = $imgJson
+ }
+ }
+}
+
+function Start-PostExportIntuneBranding
+{
+ param($obj, $objectType, $path)
+
+ foreach($imgType in @("themeColorLogo","lightBackgroundLogo","landingPageCustomizedImage"))
+ {
+ if($obj.$imgType.Value)
+ {
+ $fileName = "$path\$((Remove-InvalidFileNameChars (Get-GraphObjectName $obj $objectType)))_$imgType.jpg"
+ [IO.File]::WriteAllBytes($fileName, [System.Convert]::FromBase64String($obj.$imgType.Value))
+ }
+ }
+}
+
+
+#endregion
+
+#region Azure Branding functions
+function Start-PreImportAzureBranding
+{
+ param($obj, $objectType)
+
+ Remove-Property $obj "@odata.Type"
+
+ $ret = @{}
+ if($obj.Id -eq "0")
+ {
+ #$ret.Add("Method","PATCH") # Default profile always exists so update it
+ #$ret.Add("API",($objectType.API + "/0"))
+ }
+
+ $ret.Add("API",($objectType.API + "/$($global:Organization.Id)/branding/localizations"))
+
+ # This is NOT wat the documentation says
+ # Documentation says to use Content-Language
+ # Any place the documentation states to use Accept-Language is for Get operation
+ # https://docs.microsoft.com/en-us/graph/api/organizationalbrandingproperties-get?view=graph-rest-beta&tabs=http#request-headers
+ $ret.Add("AdditionalHeaders", @{ "Accept-Language" = $obj.Id })
+
+ $ret
+}
+
+function Start-PostListAzureBranding
+{
+ param($objList, $objectType)
+
+ foreach($obj in $objList)
+ {
+ if(-not $obj.Object.id) { continue }
+ try
+ {
+ if($obj.Object.id -eq "0")
+ {
+ $language = "Default"
+ }
+ else
+ {
+ $language = ([cultureinfo]::GetCultureInfo($obj.Object.id)).DisplayName
+ }
+
+ $obj | Add-Member -MemberType NoteProperty -Name "Language" -Value $language
+ }
+ catch{}
+ }
+ $objList
+}
+
+#endregion
+
+#region Script functions
+function Add-ScriptExtensions
+{
+ param($form, $buttonPanel, $index = 0)
+
+ $btnDownload = New-Object System.Windows.Controls.Button
+ $btnDownload.Content = 'Download'
+ $btnDownload.Name = 'btnDownload'
+ $btnDownload.Margin = "0,0,5,0"
+ $btnDownload.Width = "100"
+
+ $btnDownload.Add_Click({
+ Invoke-DownloadScript
+ })
+
+ $tmp = $form.FindName($buttonPanel)
+ if($tmp)
+ {
+ $tmp.Children.Insert($index, $btnDownload)
+ }
+}
+
+function Add-ScriptExportExtensions
+{
+ param($form, $buttonPanel, $index = 0)
+
+ $xaml = @"
+
+
+
+
+"@
+ $label = [Windows.Markup.XamlReader]::Parse($xaml)
+
+ $global:chkExportScript = [System.Windows.Controls.CheckBox]::new()
+ $global:chkExportScript.IsChecked = $true
+ $global:chkExportScript.VerticalAlignment = "Center"
+
+ @($label, $global:chkExportScript)
+}
+
+function Start-PostExportScripts
+{
+ param($obj, $objectType, $exportPath)
+
+ if($obj.scriptContent -and $global:chkExportScript.IsChecked)
+ {
+ Write-Log "Export script $($obj.FileName)"
+ $fileName = [IO.Path]::Combine($exportPath, $obj.FileName)
+ [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($obj.scriptContent)) | Out-File $fileName -Force
+ }
+}
+
+function Invoke-DownloadScript
+{
+ if(-not $global:dgObjects.SelectedItem.Object.id) { return }
+
+ $obj = (Get-GraphObject $global:dgObjects.SelectedItem $global:curObjectType).Object
+ Write-Status ""
+
+ if($obj.scriptContent)
+ {
+ Write-Log "Download PowerShell script '$($obj.FileName)' from $($obj.displayName)"
+
+ $dlgSave = New-Object -Typename System.Windows.Forms.SaveFileDialog
+ $dlgSave.InitialDirectory = Get-SettingValue "IntuneRootFolder" $env:Temp
+ $dlgSave.FileName = $obj.FileName
+ if($dlgSave.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK -and $dlgSave.Filename)
+ {
+ [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($obj.scriptContent)) | Out-File $dlgSave.Filename -Force
+ }
+ }
+}
+
+#endregion
+
+#region Terms and Conditions
+function Start-PostExportTermsAndConditions
+{
+ param($obj, $objectType, $path)
+
+ Add-EMAssignmentsToExportFile $obj $objectType $path
+}
+
+function Start-PreImportAssignmentsTermsAndConditions
+{
+ param($obj, $objectType, $file, $assignments)
+
+ Add-EMAssignmentsToObject $obj $objectType $file $assignments
+}
+#endregion
+
+#region App Protection functions
+
+function Start-GetAppProtection
+{
+ param($obj, $objectType)
+
+ if(-not $obj."@odata.type") { return }
+
+ Get-GraphMetaData
+
+ $objectClass = $null
+ if($global:metaDataXML)
+ {
+ try
+ {
+ $tmp = $obj."@odata.type".Split('.')[-1]
+ $objectClass = Get-GraphObjectClassName $tmp
+ }
+ catch
+ {
+
+ }
+
+ if($objectClass)
+ {
+ @{"API"="/deviceAppManagement/$objectClass/$($obj.Id)"}
+ }
+ }
+}
+
+function Start-PostListAppProtection
+{
+ param($objList, $objectType)
+
+ # App Configurations for Managed Apps are included in App Protections e.g. the /deviceAppManagement/managedAppPolicies API
+ # For some reason, the some $filter options is not supported to filter out these objects
+ # e.g. not isof(...) to excluded the type, not startsWith(id, 'A_') to exlude based on Id
+ # These filters generates a request error so fiter them out manually in this function instead
+ # The portal is probably doing the same thing since these are included in the return but not in the UI
+ $objList | Where { $_.Object.'@OData.Type' -ne '#microsoft.graph.targetedManagedAppConfiguration' }
+}
+
+function Start-PreImportAppProtection
+{
+ param($obj, $objectType)
+
+ if(($obj.Apps | measure).Count -gt 0)
+ {
+ $global:ImportObjectInfo = @{ Apps=$obj.Apps }
+ }
+ else
+ {
+ $global:ImportObjectInfo = $null
+ }
+
+ $global:ImportObjectClass = $null
+ if($obj."@odata.type")
+ {
+ try
+ {
+ $global:ImportObjectClass = Get-GraphObjectClassName ($obj."@odata.type".Split('.')[-1])
+ }
+ catch {}
+ }
+
+ Remove-Property $obj "apps"
+ Remove-Property $obj "apps@odata.context"
+
+ try
+ {
+ $tmp = $obj."@odata.type".Split('.')[-1]
+ $objectClass = Get-GraphObjectClassName $tmp
+ if($objectClass)
+ {
+ @{"API"="/deviceAppManagement/$objectClass"}
+ }
+ }
+ catch {}
+}
+
+function Start-PostImportAppProtection
+{
+ param($obj, $objectType, $file)
+
+ if($global:ImportObjectInfo.Apps)
+ {
+ # No "@odata.type" on the created object so reload new object
+ #$newObject = (Invoke-GraphRequest "$($objectType.API)?`$filter=id eq '$($obj.Id)'").Value
+ $newObject = Invoke-GraphRequest "$($objectType.API)/$($obj.Id)"
+ if($newObject)
+ {
+ try
+ {
+ $tmp = $newObject."@odata.type".Split('.')[-1]
+ $objectClass = Get-GraphObjectClassName $tmp
+
+ $response = Invoke-GraphRequest -Url "/deviceAppManagement/$objectClass/$($obj.Id)/targetApps" -Content "{ apps: $(ConvertTo-Json $global:ImportObjectInfo.Apps -Depth 10)}" -HttpMethod POST
+ }
+ catch {}
+ }
+ }
+ $global:ImportObjectInfo = $null
+}
+
+function Start-PreImportAssignmentsAppProtection
+{
+ param($obj, $objectType, $file, $assignments)
+
+ if($global:ImportObjectClass)
+ {
+ @{"API"="/deviceAppManagement/$($global:ImportObjectClass)/$($obj.Id)/assign"}
+ }
+}
+#endregion
+
+#region App Configuration
+function Start-PostExportAppConfiguration
+{
+ param($obj, $objectType, $path)
+
+ Add-EMAssignmentsToExportFile $obj $objectType $path
+}
+
+function Start-PreImportAssignmentsAppConfiguration
+{
+ param($obj, $objectType, $file, $assignments)
+
+ @{"API"="/deviceAppManagement/mobileAppConfigurations/$($obj.Id)/microsoft.graph.managedDeviceMobileAppConfiguration/assign"}
+}
+#endregon
+
+#region Applications
+function Start-PostFileImportApplications
+{
+ param($obj, $objectType, $file)
+
+ $tmpObj = Get-Content $file | ConvertFrom-Json
+
+ if(-not $tmpObj.'@odata.type') { return }
+
+ $pkgPath = Get-SettingValue "EMIntuneAppPackages"
+
+ if(-not $pkgPath -or [IO.Directory]::Exists($pkgPath) -eq $false)
+ {
+ Write-LogDebug "Package source directory is either missing or does not exist" 2
+ return
+ }
+
+ $packageFile = "$($pkgPath)\$($obj.fileName)"
+
+ if([IO.File]::Exists($packageFile) -eq $false)
+ {
+ Write-LogDebug "Package source file $packageFile not found" 2
+ return
+ }
+
+ Write-Status "Import appliction package file $($obj.fileName)"
+ Write-Log "Import application file '$($packageFile)' for $($obj.displayName)"
+
+ if(-not ($obj.PSObject.Properties | Where Name -eq '@odata.type'))
+ {
+ # Add @odata.type property if it is missing. Required by app package import
+ $obj | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value $tmpObj.'@odata.type'
+ }
+
+ $appType = $tmpObj.'@odata.type'.Trim('#')
+
+ if($appType -eq "microsoft.graph.win32LobApp")
+ {
+ Copy-Win32LOBPackage $packageFile $obj
+ }
+ elseif($appType -eq "microsoft.graph.windowsMobileMSI")
+ {
+ Copy-MSILOB $packageFile $obj
+ }
+ elseif($appType -eq "microsoft.graph.iosLOBApp")
+ {
+ Copy-iOSLOB $packageFile $obj
+ }
+ elseif($appType -eq "microsoft.graph.androidLOBApp")
+ {
+ Copy-AndroidLOB $packageFile $obj
+ }
+ else
+ {
+ Write-Log "Unsupported application type $appType. File will not be uploaded" 2
+ }
+}
+#endregion
+
+#region Group Policy/Administrative Template functions
+function Get-GPOObjectSettings
+{
+ param($GPOObj)
+
+ $gpoSettings = @()
+
+ # Get all configured policies in the Administrative Templates profile
+ $GPODefinitionValues = Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($GPOObj.id)/definitionValues?`$expand=definition" -ODataMetadata "skip"
+ foreach($definitionValue in $GPODefinitionValues.value)
+ {
+ # Get presentation values for the current settings (with presentation object included)
+ $presentationValues = Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($GPOObj.id)/definitionValues/$($definitionValue.id)/presentationValues?`$expand=presentation" -ODataMetadata "skip"
+
+ # Set base policy settings
+ $obj = @{
+ "enabled" = $definitionValue.enabled
+ "definition@odata.bind" = "$($global:graphURL)/deviceManagement/groupPolicyDefinitions('$($definitionValue.definition.id)')"
+ }
+
+ if($presentationValues.value)
+ {
+ # Policy presentation values set e.g. a drop down list, check box, text box etc.
+ $obj.presentationValues = @()
+
+ foreach ($presentationValue in $presentationValues.value)
+ {
+ # Add presentation@odata.bind property that links the value to the presentation object
+ $presentationValue | Add-Member -MemberType NoteProperty -Name "presentation@odata.bind" -Value "$($global:graphURL)/deviceManagement/groupPolicyDefinitions('$($definitionValue.definition.id)')/presentations('$($presentationValue.presentation.id)')"
+
+ #Remove presentation object so it is not included in the export
+ Remove-ObjectProperty $presentationValue "presentation"
+
+ #Optional removes. Import will igonre them
+ Remove-ObjectProperty $presentationValue "id"
+ Remove-ObjectProperty $presentationValue "lastModifiedDateTime"
+ Remove-ObjectProperty $presentationValue "createdDateTime"
+
+ # Add presentation value to the list
+ $obj.presentationValues += $presentationValue
+ }
+ }
+ $gpoSettings += $obj
+ }
+ $gpoSettings
+}
+
+function Import-GPOSetting
+{
+ param($obj, $settings)
+
+ if($obj)
+ {
+ Write-Status "Import settings for $($obj.displayName)"
+
+ foreach($setting in $settings)
+ {
+ Start-GraphPreImport $setting
+
+ # Import each setting for the Administrative Template profile
+ Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($obj.id)/definitionValues" -Content (ConvertTo-Json $setting -Depth 10) -HttpMethod POST | Out-Null
+ }
+ }
+}
+
+function Start-PostExportAdministrativeTemplate
+{
+ param($obj, $objectType, $path)
+
+ # Collect and save all the settings of the Administrative Templates profile
+ $settings = Get-GPOObjectSettings $obj
+ ConvertTo-Json $settings -Depth 10 | Out-File "$path\$((Get-GraphObjectName $obj $objectType))_Settings.json" -Force
+}
+
+function Start-PostCopyAdministrativeTemplate
+{
+ param($objCopyFrom, $objNew, $objectType)
+
+ $settings = Get-GPOObjectSettings $objCopyFrom
+ if($settings)
+ {
+ Import-GPOSetting $objNew $settings
+ }
+}
+
+function Start-PostFileImportAdministrativeTemplate
+{
+ param($obj, $objectType, $file)
+
+ $settings = Get-EMSettingsObject $obj $objectType $file
+ if($settings)
+ {
+ Import-GPOSetting $obj $settings
+ }
+}
+
+#endregion
+
+#region Policy Sets function
+
+function Start-PreImportAssignmentsPolicySets
+{
+ param($obj, $objectType, $file, $assignments)
+
+ @{"API"="$($objectType.API)/$($obj.Id)/Update"}
+}
+
+function Start-PreImportPolicySets
+{
+ param($obj, $objectType)
+
+ @("items@odata.context","status","errorCode") | foreach { Remove-Property $obj $_ }
+
+ # Properties to keep for items
+ $keepProperties = @("@odata.type","payloadId","intent","settings")
+ foreach($item in $obj.Items)
+ {
+ foreach($prop in ($item.PSObject.Properties | Where {$_.Name -notin $keepProperties}))
+ {
+ #if($prop.Name -in $keepProperties) { continue }
+ Remove-Property $item $prop.Name
+ }
+ #@("itemType","displayName","status","errorCode") | foreach { Remove-Property $item $_ }
+ }
+}
+#endregion
+
+#endregion Locations
+function Start-PreImportLocations
+{
+ param($obj, $objectType)
+
+ if($obj.uniqueName)
+ {
+ $arr = $obj.uniqueName.Split('_')
+ if($arr.Length -ge 3)
+ {
+ # Locations requires a unique name so generate a new guid and change the uniqueName property
+ $obj.uniqueName = ($obj.uniqueName.Substring(0,$obj.uniqueName.Length-$arr[-1].Length) + [Guid]::NewGuid().Tostring("n"))
+ }
+ }
+}
+#endregion
+
+#region RoleDefinitions
+function Start-PostExportRoleDefinitions
+{
+ param($obj, $objectType, $path)
+
+ $fileName = "$path\$((Get-GraphObjectName $obj $objectType)).json"
+ $tmpObj = Get-Content $fileName | ConvertFrom-Json
+
+ if(($tmpObj.RoleAssignments | measure).Count -gt 0)
+ {
+ $roleAssignmentsArr = @()
+ foreach($roleAssignment in $tmpObj.RoleAssignments)
+ {
+ $raObj = Invoke-GraphRequest -Url "/deviceManagement/roleAssignments/$($roleAssignment.Id)?`$expand=microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags" -ODataMetadata "Minimal"
+ if($raObj)
+ {
+ foreach($groupId in $raObj.resourceScopes) { Add-GroupMigrationObject $groupId }
+ foreach($groupId in $raObj.members) { Add-GroupMigrationObject $groupId }
+ $roleAssignmentsArr += $raObj
+ }
+ }
+
+ if($roleAssignmentsArr.Count -gt 0)
+ {
+ $tmpObj.RoleAssignments = $roleAssignmentsArr
+ $tmpObj | ConvertTo-Json -Depth 10 | Out-File $fileName
+ }
+ }
+}
+
+function Start-PreImportRoleDefinitions
+{
+ param($obj, $objectType)
+
+ Remove-Property $obj "RoleAssignments"
+ Remove-Property $obj "RoleAssignments@odata.context"
+}
+
+function Start-PostFileImportRoleDefinitions
+{
+ param($obj, $objectType, $file)
+
+ $tmpObj = Get-Content $file | ConvertFrom-Json
+
+ $loadedScopeTags = $global:LoadedDependencyObjects["ScopeTags"]
+ if(($tmpObj.RoleAssignments | measure).Count -gt 0 -and ($loadedScopeTags | measure).Count -gt 0)
+ {
+ # Documentation way did not work so use the same way as the portal
+ # Should be created with /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments
+ foreach($roleAssignment in $tmpObj.RoleAssignments)
+ {
+ $roleAssignmentObj = New-object PSObject @{
+ "description" = $roleAssignment.Description
+ "displayName"= $roleAssignment.DisplayName
+ "members" = $roleAssignment.members
+ "resourceScopes" = $roleAssignment.resourceScopes
+ "roleDefinition@odata.bind" = "https://graph.microsoft.com/beta/deviceManagement/roleDefinitions('$($obj.Id)')"
+ "roleScopeTags@odata.bind" = @()
+ }
+
+ foreach($scopeTag in $roleAssignment.roleScopeTags)
+ {
+ $scopeMigObj = $loadedScopeTags | Where OriginalId -eq $scopeTag.Id
+ if(-not $scopeMigObj.Id) { continue }
+ $roleAssignmentObj."roleScopeTags@odata.bind" += "https://graph.microsoft.com/beta/deviceManagement/roleScopeTags('$($scopeMigObj.Id)')"
+ }
+
+ # This will update GroupIds
+ $json = Update-JsonForEnvironment (ConvertTo-Json $roleAssignmentObj -Depth 10)
+
+ Write-Log "Import Role Assignments"
+ Invoke-GraphRequest -Url "/deviceManagement/roleAssignments" -Body $json -Method "POST"
+ }
+ }
+}
+#endregion
+
+#region SettingsCatalog
+function Start-PostExportSettingsCatalog
+{
+ param($obj, $objectType, $path)
+
+ Add-EMAssignmentsToExportFile $obj $objectType $path
+}
+
+#endregion
+
+#region Notification functions
+function Start-PreImportNotifications
+{
+ param($obj, $objectType)
+
+ Remove-Property $obj "defaultLocale"
+ Remove-Property $obj "localizedNotificationMessages"
+ Remove-Property $obj "localizedNotificationMessages@odata.context"
+}
+
+function Start-PostFileImportNotifications
+{
+ param($obj, $objectType, $file)
+
+ $tmpObj = Get-Content $file | ConvertFrom-Json
+
+ foreach($localizedNotificationMessage in $tmpObj.localizedNotificationMessages)
+ {
+ Start-GraphPreImport $localizedNotificationMessage $objectType
+ Invoke-GraphRequest -Url "$($objectType.API)/$($obj.id)/localizedNotificationMessages" -Body ($localizedNotificationMessage | ConvertTo-Json -Depth 10) -Method "POST"
+ }
+}
+
+function Start-PostCopyNotifications
+{
+ param($objCopyFrom, $objNew, $objectType)
+
+ foreach($localizedNotificationMessage in $objCopyFrom.localizedNotificationMessages)
+ {
+ Start-GraphPreImport $localizedNotificationMessage $objectType
+ Invoke-GraphRequest -Url "$($objectType.API)/$($objNew.id)/localizedNotificationMessages" -Body ($localizedNotificationMessage | ConvertTo-Json -Depth 10) -Method "POST"
+ }
+}
+#endregion
+
+#region Enrollment Status Page functions
+function Start-PreImportESP
+{
+ param($obj, $objectType)
+
+ if($obj.Priority -eq 0)
+ {
+ $ret = @{}
+ $ret.Add("API","$($objectType.API)/$($obj.Id)")
+ $ret.Add("Method","PATCH") # Default profile always exists so update them
+ $ret
+ }
+ else
+ {
+ Remove-Property $obj "Id"
+ }
+}
+
+function Start-PostExportESP
+{
+ param($obj, $objectType, $path)
+
+ if($obj.Priority -eq 0)
+ {
+ Save-EMDefaultPolicy $obj $objectType $path
+ }
+}
+#endregion
+
+#region Enrollment Restriction functions
+
+function Start-PostExportEnrollmentRestrictions
+{
+ param($obj, $objectType, $path)
+
+ if($obj.Priority -eq 0)
+ {
+ Save-EMDefaultPolicy $obj $objectType $path
+ }
+}
+
+function Start-PreImportEnrollmentRestrictions
+{
+ param($obj, $objectType)
+
+ if($obj.Priority -eq 0)
+ {
+ $ret = @{}
+ $ret.Add("API","$($objectType.API)/$($obj.Id)")
+ $ret.Add("Method","PATCH") # Default profile always exists so update them
+ $ret
+ }
+ else
+ {
+ Remove-Property $obj "Id"
+ }
+}
+#endregion
+
+#region ScopeTags
+function Start-PostExportScopeTags
+{
+ param($obj, $objectType, $path)
+
+ Add-EMAssignmentsToExportFile $obj $objectType $path
+}
+#endregion
+
+#region AutoPilot
+function Start-PreImportAssignmentsAutoPilot
+{
+ param($obj, $objectType, $file, $assignments)
+
+ Add-EMAssignmentsToObject $obj $objectType $file $assignments
+}
+#endregion
+
+#region Generic functions
+
+function Save-EMDefaultPolicy
+{
+ param($obj, $objectType, $path)
+
+ if($obj.Priority -eq 0)
+ {
+ try
+ {
+ $fileName = $obj.Id.Split('_')[1]
+
+ if($fileName)
+ {
+ $oldFile = "$path\$((Get-GraphObjectName $obj $objectType)).json"
+ try { [IO.File]::Delete($oldFile) | Out-Null } Catch {}
+
+ $obj | ConvertTo-Json -Depth 10 | Out-File "$path\$fileName.json"
+ }
+ }
+ catch {}
+ }
+}
+function Get-EMSettingsObject
+{
+ param($obj, $objectType, $file)
+
+ $fi = [IO.FileInfo]$file
+ $settingsFile = $fi.DirectoryName + "\" + $fi.BaseName + "_Settings.json"
+ $fiSettings = [IO.FileInfo]$settingsFile
+ if($fiSettings.Exists -eq $false)
+ {
+ Write-Log "Settings file '$($fiSettings.FullName)' was not found" 2
+ return
+ }
+
+ (Get-Content $fiSettings.FullName) | ConvertFrom-Json
+}
+
+function Add-EMAssignmentsToExportFile
+{
+ param($obj, $objectType, $path, $Url = "")
+
+ $fileName = "$path\$((Get-GraphObjectName $obj $objectType)).json"
+ $tmpObj = Get-Content $fileName | ConvertFrom-Json
+
+ if(-not $url)
+ {
+ $url = "$($objectType.API)/$($obj.id)/assignments"
+ }
+ $assignments = (Invoke-GraphRequest -Url $url -ODataMetadata "Minimal").Value
+ if($assignments)
+ {
+ if(-not ($tmpObj.PSObject.Properties | Where Name -eq "assignments"))
+ {
+ $tmpObj | Add-Member -MemberType NoteProperty -Name "assignments" -Value $assignments
+ }
+ else
+ {
+ $tmpObj.Assignments = $assignments
+ }
+ ConvertTo-Json $tmpObj -Depth 10 | Out-File $fileName -Force
+ }
+}
+
+function Add-EMAssignmentsToObject
+{
+ param($obj, $objectType, $file, $assignments)
+
+ # AutoPilot and TaC are using assignments and not assign like other object types
+ $api = "$($objectType.API)/$($obj.Id)/assignments"
+
+ # These profiles don't support importing of multiple assignments with { "assignment" [...]}
+ # Each assignment must be imported separately
+
+ foreach($assignment in $assignments)
+ {
+ if($assignment.Source -and $assignment.Source -ne "direct") { continue }
+
+ foreach($prop in $assignment.PSObject.Properties)
+ {
+ if($prop.Name -in @("Target")) { continue }
+ Remove-Property $assignment $prop.Name
+ }
+
+ foreach($prop in $assignment.target.PSObject.Properties)
+ {
+ if($prop.Name -in @("@odata.type","groupId")) { continue }
+ Remove-Property $assignment.target $prop.Name
+ }
+
+ $json = Update-JsonForEnvironment ($assignment | ConvertTo-Json -Depth 10)
+ Invoke-GraphRequest -Url $api -Body $json -Method "POST" | Out-Null
+ }
+ @{"Import"=$false}
+}
+
+#endregion
+
+Export-ModuleMember -alias * -function *
\ No newline at end of file
diff --git a/Extensions/EndpointManagerInfo.psm1 b/Extensions/EndpointManagerInfo.psm1
new file mode 100644
index 0000000..7b8ccc8
--- /dev/null
+++ b/Extensions/EndpointManagerInfo.psm1
@@ -0,0 +1,104 @@
+<#
+.SYNOPSIS
+Module for read-only Intune objects
+
+.DESCRIPTION
+This module is for the Endpoint Info View. It shows read-only objects in Intune
+
+.NOTES
+ Author: Mikael Karlsson
+#>
+function Get-ModuleVersion
+{
+ '3.0.0'
+}
+
+function Invoke-InitializeModule
+{
+ #Add menu group and items
+ $global:EMInfoViewObject = (New-Object PSObject -Property @{
+ Title = "Intune Info"
+ Description = "Displays read-only information in Intune."
+ ID = "EMInfoGraphAPI"
+ ViewPanel = $viewPanel
+ ItemChanged = { Show-GraphObjects; Write-Status ""}
+ Activating = { Invoke-EMInfoActivatingView }
+ Authentication = (Get-MSALAuthenticationObject)
+ Authenticate = { Invoke-EMInfoAuthenticateToMSAL }
+ AppInfo = (Get-GraphAppInfo "EM" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547")
+ SaveSettings = { Invoke-EMSaveSettings }
+ })
+
+ Add-ViewObject $global:EMInfoViewObject
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Baseline Templates"
+ Id = "BaselineTemplates"
+ ViewID = "EMInfoGraphAPI"
+ API = "/deviceManagement/templates"
+ ShowButtons = @("View")
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ Icon="EndpointSecurity"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Android Google Play"
+ Id = "AndroidGooglePlay"
+ ViewID = "EMInfoGraphAPI"
+ ViewProperties = @("bindStatus", "lastAppSyncDateTime", "ownerUserPrincipalName")
+ API = "/deviceManagement/androidManagedStoreAccountEnterpriseSettings"
+ ShowButtons = @("View")
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Android Enrolment Profiles"
+ Id = "AndroidEnrolmentProfiles"
+ ViewID = "EMInfoGraphAPI"
+ API = "deviceManagement/androidDeviceOwnerEnrollmentProfiles"
+ ShowButtons = @("View")
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ Icon = "AndroidCOWP"
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Apple VPP Tokens"
+ Id = "AppleVPPTokens"
+ ViewID = "EMInfoGraphAPI"
+ ViewProperties = @("appleId", "state", "appleId", "id")
+ API = "/deviceAppManagement/vppTokens"
+ ShowButtons = @("View")
+ Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
+ })
+
+ Add-ViewItem (New-Object PSObject -Property @{
+ Title = "Apple Enrollment Tokens"
+ Id = "AppleEnrollmentTokens"
+ ViewID = "EMInfoGraphAPI"
+ ViewProperties = @("tokenName", "appleIdentifier", "tokenExpirationDateTime", "id")
+ API = "/deviceManagement/depOnboardingSettings/?`$top=100"
+ ShowButtons = @("View")
+ Permissons=@("DeviceManagementServiceConfig.ReadWrite.All")
+ })
+
+}
+
+function Invoke-EMInfoActivatingView
+{
+ if(-not $global:EMInfoViewObject.ViewPanel)
+ {
+ # Use the same view panel as Intune Manager
+ $global:EMInfoViewObject.ViewPanel = $global:EMViewObject.ViewPanel
+ }
+}
+
+function Invoke-EMInfoAuthenticateToMSAL
+{
+ $global:EMInfoViewObject.AppInfo = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
+ Set-MSALCurrentApp $global:EMInfoViewObject.AppInfo
+ $usr = (?? $global:MSALToken.Account.UserName (Get-Setting "" "LastLoggedOnUser"))
+ if($usr)
+ {
+ & $global:msalAuthenticator.Login -Account $usr
+ }
+}
\ No newline at end of file
diff --git a/Extensions/EnrollmentStatusPage.psm1 b/Extensions/EnrollmentStatusPage.psm1
deleted file mode 100644
index 0c85d51..0000000
--- a/Extensions/EnrollmentStatusPage.psm1
+++ /dev/null
@@ -1,288 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-ESPName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-ESPs}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-ESPName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all enrollment status page settings"
- Import-AllESPObjects (Join-Path $rootFolder (Get-ESPFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-ESPName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all enrollment status page settings"
- Get-ESPObjects | ForEach-Object { Export-SingleESP $PSItem.Object (Join-Path $rootFolder (Get-ESPFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-ESPFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-ESPName
-{
- return "Enrollment Status Page"
-}
-
-
-function Get-ESPFolderName
-{
- return "EnrollmentStatusPage"
-}
-
-function Get-ESPs
-{
- Write-Status "Loading enrollment status page objects"
- $dgObjects.ItemsSource = @(Get-ESPObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllESPs $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedESP $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllESPObjects $global:txtExportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-ESPObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-ESP}) -ViewFullObject ([scriptblock]{Get-ESPObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-ESPObjects
-{
- Get-GraphObjects -Url "/deviceManagement/deviceEnrollmentConfigurations"
-}
-
-function Get-ESPObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations/$($Object.id)$additional"
-}
-
-function Export-AllESPs
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleESP $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedESP
-{
- param($path = "$env:Temp")
-
- Export-SingleESP $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleESP
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-ESPFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations/$($psObj.id)" #?`$expand=assignments"
- if($obj)
- {
- if($obj.id -like "*_default*")
- {
- $idx = $obj.id.ToLower().IndexOf("_default")
- $baseName = "Default_" + $obj.id.SubString($idx + "_default".Length)
- }
- else
- {
- # ?`$expand=assignments is not working so get assignments
- $assignments = Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations/$($obj.id)/assignments"
- if($assignments.value)
- {
- $obj | Add-Member -NotePropertyName "assignments" -NotePropertyValue $assignments.value
- }
- $baseName = Remove-InvalidFileNameChars $obj.displayName
- }
- $fileName = "$path\$baseName.json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-ESP
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect enrollment status page item you want to copy", "Error", "OK", "Error") | Out-Null
- return
- }
-
- if($dgObjects.SelectedItem.Object.id -like "*_default*")
- {
- [System.Windows.MessageBox]::Show("You cannot copy default items`n`nSelect custom entrollment status page item", "Error", "OK", "Error") | Out-Null
- return
- }
-
- $ret = Show-InputDialog "Copy enrollment status page" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-ESP $obj | Out-Null
-
- $dgObjects.ItemsSource = @(Get-ESPObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-ESP
-{
- param($obj)
-
- Start-PreImport $obj
-
- if($obj.id -like "*_default*")
- {
- Write-Status "Update $($obj.displayName)"
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations/$($obj.id)" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod PATCH
- }
- else
- {
- Write-Status "Import $($obj.displayName)"
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
- }
-}
-
-function Import-AllESPObjects
-{
- param($path = "$env:Temp")
-
- Import-ESPObjects (Get-JsonFileObjects $path)
-}
-
-function Import-ESPObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import enrollment status page"
-
- foreach($obj in $Objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- if($obj.Object.id -like "*_default*")
- {
- $idx = $obj.Object.id.ToLower().IndexOf("_default")
- $extInfo = " ($($obj.Object.id.SubString($idx + "_default".Length)))"
- }
- else
- {
- $extInfo = ""
- }
-
- Write-Log "Import Enrollment Status Page: $($obj.Object.displayName)$extInfo"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-ESP $obj.Object
-
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments $assignments "enrollmentConfigurationAssignments" "/deviceManagement/deviceEnrollmentConfigurations/$($response.Id)/assign"
- }
- }
-
- $dgObjects.ItemsSource = @(Get-ESPObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/GroupPolicy.psm1 b/Extensions/GroupPolicy.psm1
deleted file mode 100644
index 5211b1a..0000000
--- a/Extensions/GroupPolicy.psm1
+++ /dev/null
@@ -1,335 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-GPOSettingName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-GPOSettings}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-GPOSettingName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all administrative templates"
- Import-AllGPOSettingObjects (Join-Path $rootFolder (Get-GPOSettingFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-GPOSettingName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all administrative templates"
- Get-GPOSettingObjects | ForEach-Object { Export-SingleGPOSetting $PSItem.Object (Join-Path $rootFolder (Get-GPOSettingFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-GPOSettingFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-GPOSettingName
-{
- return "Administrative Templates"
-}
-
-
-function Get-GPOSettingFolderName
-{
- return "AdministrativeTemplates"
-}
-
-function Get-GPOSettings
-{
- Write-Status "Loading administrative templates"
- $dgObjects.ItemsSource = @(Get-GPOSettingObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllGPOSettings $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedGPOSetting $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllGPOSettingObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-GPOSettingObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-GPOSetting}) -ViewFullObject ([scriptblock]{Get-GPOSettingObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-GPOSettingObjects
-{
- Get-GraphObjects -Url "/deviceManagement/groupPolicyConfigurations"
-}
-
-function Get-GPOSettingObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- @((Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($Object.id)$additional"),(Get-GPOObjectSettings $Object))
-}
-
-function Export-AllGPOSettings
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleGPOSetting $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedGPOSetting
-{
- param($path = "$env:Temp")
-
- Export-SingleGPOSetting $global:dgObjects.SelectedItem.Object $path
-}
-
-function Get-GPOObjectSettings
-{
- param($GPOObj)
-
- $gpoSettings = @()
-
- # Get all configured policies in the Administrative Templates profile
- $GPODefinitionValues = Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($GPOObj.id)/definitionValues?`$expand=definition"
- foreach($definitionValue in $GPODefinitionValues.value)
- {
- # Get presentation values for the current settings (with presentation object included)
- $presentationValues = Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($GPOObj.id)/definitionValues/$($definitionValue.id)/presentationValues?`$expand=presentation"
-
- # Set base policy settings
- $obj = @{
- "enabled" = $definitionValue.enabled
- "definition@odata.bind" = "$($global:graphURL)/deviceManagement/groupPolicyDefinitions('$($definitionValue.definition.id)')"
- }
-
- if($presentationValues.value)
- {
- # Policy presentation values set e.g. a drop down list, check box, text box etc.
- $obj.presentationValues = @()
-
- $presentations = $null
- foreach ($presentationValue in $presentationValues.value)
- {
- # Add presentation@odata.bind property that links the value to the presentation object
- $presentationValue | Add-Member -MemberType NoteProperty -Name "presentation@odata.bind" -Value "$($global:graphURL)/deviceManagement/groupPolicyDefinitions('$($definitionValue.definition.id)')/presentations('$($presentationValue.presentation.id)')"
-
- #Remove presentation object so it is not included in the export
- Remove-ObjectProperty $presentationValue "presentation"
-
- #Optional removes. Import will igonre them
- Remove-ObjectProperty $presentationValue "id"
- Remove-ObjectProperty $presentationValue "lastModifiedDateTime"
- Remove-ObjectProperty $presentationValue "createdDateTime"
-
- # Add presentation value to the list
- $obj.presentationValues += $presentationValue
- }
- }
- $gpoSettings += $obj
- }
- $gpoSettings
-}
-
-function Export-SingleGPOSetting
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-GPOSettingFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "deviceManagement/groupPolicyConfigurations/$($psObj.Id)?`$expand=assignments"
-
- if($obj)
- {
- # Save Administrative Templates profile
- ConvertTo-Json $obj -Depth 5 | Out-File "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json" -Force
-
- # Collect and save all the settings of the Administrative Templates profile
- $gpoSettings = Get-GPOObjectSettings $obj
- ConvertTo-Json $gpoSettings -Depth 5 | Out-File "$path\$($obj.displayName)_Settings.json" -Force
-
- # Export assignment info
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-GPOSetting
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect administrative templates profile you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy administrative template" "Select name for the new profile" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- if($obj)
- {
- # Get the settings of the profile
- $gpoSettings = Get-GPOObjectSettings $obj
-
- # Import the new profile
- $obj.displayName = $ret
- Import-GPOSetting $obj $gpoSettings | Out-Null
-
- #Reload objects
- $dgObjects.ItemsSource = @(Get-GPOSettingObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-GPOSetting
-{
- param($obj, $settings)
-
- Write-Status "Import $($obj.displayName)"
-
- Start-PreImport $obj
-
- # Import Administrative Template profile
- $response = Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
-
- if($response)
- {
- foreach($setting in $settings)
- {
- Start-PreImport $setting
-
- # Import each setting for the Administrative Template profile
- $response2 = Invoke-GraphRequest -Url "/deviceManagement/groupPolicyConfigurations/$($response.id)/definitionValues" -Content (ConvertTo-Json $setting -Depth 5) -HttpMethod POST
- }
- }
-
- $response
-}
-
-function Import-AllGPOSettingObjects
-{
- param($path = "$env:Temp")
-
- # Read json files and import all objects
- # Note: Each json file must match the object type being imported
- Import-GPOSettingObjects (Get-JsonFileObjects $path)
-}
-
-function Import-GPOSettingObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import administrative template profile"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import Administrative Template: $($obj.Object.displayName)"
-
- $gpoSettings = $null
-
- # Load settings from the _settings.json file
- $settingsFile = ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_settings.json")
- if(Test-Path $settingsFile)
- {
- $gpoSettings = (ConvertFrom-Json (Get-Content $settingsFile -Raw))
- }
-
- # Get assignment settings
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- # Import Administrative Template object
- $response = Import-GPOSetting $obj.Object $gpoSettings
-
- if($response)
- {
- $global:importedObjects++
- # Import assignments
- Import-GraphAssignments $assignments "assignments" "/deviceManagement/groupPolicyConfigurations/$($response.Id)/assign"
- }
- }
-
- #Reload list of objects
- $dgObjects.ItemsSource = @(Get-GPOSettingObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/Apps.psm1 b/Extensions/IntuneAppManagement.psm1
similarity index 59%
rename from Extensions/Apps.psm1
rename to Extensions/IntuneAppManagement.psm1
index 52b15b1..340b716 100644
--- a/Extensions/Apps.psm1
+++ b/Extensions/IntuneAppManagement.psm1
@@ -1,923 +1,576 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-ApplicationName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-Applications}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-ApplicationName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all applications"
- Import-AllApplicationObjects (Join-Path $rootFolder (Get-ApplicationFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-ApplicationName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all applications"
- Get-ApplicationObjects | ForEach-Object { Export-SingleApplication $PSItem.Object (Join-Path $rootFolder (Get-ApplicationFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-ApplicationFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-ApplicationName
-{
- (Get-ApplicationFolderName)
-}
-
-function Get-ApplicationFolderName
-{
- "Applications"
-}
-
-function Get-Applications
-{
- Write-Status "Loading applications"
- $dgObjects.ItemsSource = @(Get-ApplicationObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllApplications $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedApplication $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllApplicationObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-ApplicationObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- $importExtension = (New-Object PSObject -Property @{
- Xaml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
- Script = [ScriptBlock]{
- param($form)
- $script:txtPackagePath = $form.FindName("txtPackagePath")
- $btnBrowsePackagePath = $form.FindName("btnBrowsePackagePath")
- $script:txtPackagePath.Text = Get-SettingValue "IntuneAppPackages"
-
- $btnBrowsePackagePath.Tag = $script:txtPackagePath
- $btnBrowsePackagePath.Add_Click({
- $folder = Get-Folder $this.Tag.Text
- if($folder) { $this.Tag.Text = $folder }
- })
- }
- })
-
- $script:importParams = @{}
- $script:importParams.Add("Extension", $importExtension)
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles @script:importParams}) -ViewFullObject ([scriptblock]{Get-ApplicationObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-ApplicationObjects
-{
- Get-GraphObjects -Url "/deviceAppManagement/mobileApps?`$filter=(microsoft.graph.managedApp/appAvailability%20eq%20null%20or%20microsoft.graph.managedApp/appAvailability%20eq%20%27lineOfBusiness%27%20or%20isAssigned%20eq%20true)&`$orderby=displayName"
-}
-
-function Get-ApplicationObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$($Object.id)$additional"
-}
-
-function Export-AllApplications
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleApplication $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedApplication
-{
- param($path = "$env:Temp")
-
- Export-SingleApplication $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleApplication
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-ApplicationFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$($psObj.id)?`$expand=assignments"
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-Application
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect application item you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy application" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Convert to Json and back to clone the object
- $obj = ConvertTo-Json $dgObjects.SelectedItem.Object -Depth 5 | ConvertFrom-Json
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-Application $obj | Out-Null
-
- $dgObjects.ItemsSource = @(Get-ApplicationObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-Application
-{
- param($obj)
-
- Start-PreImport $obj -RemoveProperties @("uploadState","publishingState","isAssigned","roleScopeTagIds","dependentAppCount","committedContentVersion","id","isFeatured","size")
-
- Write-Status "Import $($obj.displayName)"
-
- Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
-}
-
-function Import-AllApplicationObjects
-{
- param($path = "$env:Temp")
-
- Import-ApplicationObjects (Get-JsonFileObjects $path)
-}
-
-function Import-ApplicationObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import applications"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- if($global:runningBulkImport)
- {
- $pkgPath = Get-SettingValue "IntuneAppPackages"
- }
- else
- {
- $pkgPath = $script:txtPackagePath.Text
- }
- $appFile = "$($pkgPath)\$($obj.Object.fileName)"
-
- if(Test-Path $appFile)
- {
- Write-Log "Import Application: $($obj.Object.displayName) ($($obj.Object."@odata.type"))"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
- $response = Import-Application $obj.Object
-
- if($response)
- {
- $global:importedObjects++
- Copy-AppPackageToIntune $appFile $response
-
- Import-GraphAssignments $assignments "mobileAppAssignments" "/deviceAppManagement/mobileApps/$($response.Id)/assign" "#microsoft.graph.mobileAppAssignment"
- }
- }
- else
- {
- Write-Log "Application file $appFile not found. Skipping app $($obj.Object.displayName)" 3
- }
- }
- $dgObjects.ItemsSource = @(Get-ApplicationObjects)
- Write-Status ""
-}
-
-function Start-DownloadAppContent
-{
- param($obj, $path)
- # Not use but kept for reference. File can be download but it will be encrypted
-
- $appId = $obj.Id
-
- $appId = "b2b79110-31f7-40bd-923b-228415c92cdb"
-
- $appInfo = Invoke-GraphRequest -Url "$($global:graphURL)/deviceAppManagement/mobileApps/$appId"
-
- $appType = $appInfo.'@odata.type'.Trim('#')
-
- $contentVersions = Invoke-GraphRequest -Url "$($global:graphURL)/deviceAppManagement/mobileApps/$appId/$appType/contentVersions"
-
- $contentVerId = $contentVersions.Value[0].id
-
- $contentFiles = Invoke-GraphRequest "$($global:graphURL)/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVerId/files"
-
- foreach($tmpFile in $contentFiles)
- {
- $contentFile = Invoke-GraphRequest -Url "$($global:graphURL)/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVerId/files/$($tmpFile.Id)"
- $downloadUrl = $contentFile.azureStorageUri
- }
-}
-
-function Copy-AppPackageToIntune
-{
- param($packageFile, $appObj)
-
- $appType = $appObj.'@odata.type'.Trim('#')
-
- if($appType -eq "microsoft.graph.win32LobApp")
- {
- Copy-Win32LOBPackage $packageFile $appObj
- }
- elseif($appType -eq "microsoft.graph.windowsMobileMSI")
- {
- Copy-MSILOB $packageFile $appObj
- }
- elseif($appType -eq "microsoft.graph.iosLOBApp")
- {
- Copy-iOSLOB $packageFile $appObj
- }
- elseif($appType -eq "microsoft.graph.androidLOBApp")
- {
- Copy-AndroidLOB $packageFile $appObj
- }
-}
-
-#########################################################################################
-#
-# Upload file functions are based on the following scripts
-# https://github.com/microsoftgraph/powershell-intune-samples/tree/master/LOB_Application
-#
-#########################################################################################
-
-function Export-IntunewinFileObject
-{
- param($intunewinFile, $objectName, $toFile)
-
- Add-Type -Assembly System.IO.Compression.FileSystem
-
- $zip = [IO.Compression.ZipFile]::OpenRead($intunewinFile)
-
- $zip.Entries | where { $_.Name -like $objectName } | foreach {
-
- [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $toFile, $true)
- }
-
- $zip.Dispose()
-}
-
-function Get-MSIFileInformation
-{
- param($MSIFile, $Properties)
-
- $values = @{}
-
- try
- {
- $wiObj = New-Object -ComObject WindowsInstaller.Installer
- $MSIDb = $wiObj.GetType().InvokeMember("OpenDatabase", "InvokeMethod", $null, $wiObj, @($MSIFile, 0))
-
- foreach($prop in $Properties)
- {
- $Query = "SELECT Value FROM Property WHERE Property = '$($prop)'"
- $View = $MSIDb.GetType().InvokeMember("OpenView", "InvokeMethod", $null, $MSIDb, ($Query))
- $View.GetType().InvokeMember("Execute", "InvokeMethod", $null, $View, $null) | Out-Null
- $Record = $View.GetType().InvokeMember("Fetch", "InvokeMethod", $null, $View, $null)
- $values.Add($prop, $Record.GetType().InvokeMember("StringData", "GetProperty", $null, $Record, 1).ToString().Trim())
- }
-
- $MSIDb.GetType().InvokeMember("Commit", "InvokeMethod", $null, $MSIDb, $null) | Out-Null
- $View.GetType().InvokeMember("Close", "InvokeMethod", $null, $View, $null) | Out-Null
- $MSIDb = $null
- $View = $null
- }
- catch
- {
- Write-Log "Failed to get MSI info from $MSIFile. $($_.Exception.Message)" 3
- }
- finally
- {
- [System.Runtime.Interopservices.Marshal]::ReleaseComObject($wiObj) | Out-Null
- [System.GC]::Collect() | Out-Null
- }
-
- $values
-}
-
-function Copy-MSILOB
-{
- param($msiFile, $appObj)
-
- if(-not $msiFile -or (Test-Path $msiFile) -eq $false)
- {
- return
- }
-
- $appId = $appObj.Id
- $appType = $appObj.'@odata.type'.Trim('#')
-
- $tmpFile = [IO.Path]::GetTempFileName()
-
- $msiInfo = Get-MSIFileInformation $msiFile @("ProductName", "ProductCode", "ProductVersion", "ProductLanguage")
-
- if(-not $msiInfo) { return }
-
- $fileEncryptionInfo = New-IntuneEncryptedFile $msiFile $tmpFile
-
- [xml]$manifestXML = ''
- $manifestXML.MobileMsiData.MsiUpgradeCode = $msiInfo["ProductCode"]
-
- $appFileBody = @{
- "@odata.type" = "#microsoft.graph.mobileAppContentFile"
- name = [IO.Path]::GetFileName($msiFile)
- size = (Get-Item $msiFile).Length
- sizeEncrypted = (Get-Item $tmpFile).Length
- manifest = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($manifestXML.OuterXml))
- }
-
- Add-FileToIntuneApp $appId $appType $tmpFile $appFileBody
-
- Remove-Item $tmpFile -Force
-}
-
-function Copy-iOSLOB
-{
- param($pkgFile, $appObj)
-
- if(-not $pkgFile -or (Test-Path $pkgFile) -eq $false)
- {
- return
- }
-
- $appId = $appObj.Id
- $appType = $appObj.'@odata.type'.Trim('#')
-
- $tmpFile = [IO.Path]::GetTempFileName()
-
- $fileEncryptionInfo = New-IntuneEncryptedFile $pkgFile $tmpFile
-
- [string]$manifestStr = 'itemsassetskindsoftware-packageurl{UrlPlaceHolder}metadataAppRestrictionPolicyTemplatehttp://management.microsoft.com/PolicyTemplates/AppRestrictions/iOS/v1AppRestrictionTechnologyWindows Intune Application Restrictions Technology for iOSIntuneMAMVersionCFBundleSupportedPlatformsiPhoneOSMinimumOSVersion9.0bundle-identifierbundleidbundle-versionbundleversionkindsoftwaresubtitleLaunchMeSubtitletitlebundletitle'
-
- $manifestStr = $manifestStr.replace("bundleid", $appObj.bundleId)
- $manifestStr = $manifestStr.replace("bundleversion",$appObj.identityVersion)
- $manifestStr = $manifestStr.replace("bundletitle",$appObj.$displayName)
-
- $appFileBody = @{
- "@odata.type" = "#microsoft.graph.mobileAppContentFile"
- name = [IO.Path]::GetFileName($pkgFile)
- size = (Get-Item $pkgFile).Length
- sizeEncrypted = (Get-Item $tmpFile).Length
- manifest = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($manifestStr))
- }
-
- Add-FileToIntuneApp $appId $appType $tmpFile $appFileBody
-
- Remove-Item $tmpFile -Force
-}
-
-function Copy-AndroidLOB
-{
- param($pkgFile, $appObj)
-
- if(-not $pkgFile -or (Test-Path $pkgFile) -eq $false)
- {
- return
- }
-
- $appId = $appObj.Id
- $appType = $appObj.'@odata.type'.Trim('#')
-
- $tmpFile = [IO.Path]::GetTempFileName()
-
- $fileEncryptionInfo = New-IntuneEncryptedFile $pkgFile $tmpFile
-
- [xml]$manifestXML = 'com.leadapps.android.radio.ncp101.0.5.4A_Online_Radio_1.0.5.4.apk3'
-
- $manifestXML.AndroidManifestProperties.Package = $appObj.identityName
- $manifestXML.AndroidManifestProperties.PackageVersionCode = $appObj.versionCode
- $manifestXML.AndroidManifestProperties.PackageVersionName = $appObj.versionName
- $manifestXML.AndroidManifestProperties.ApplicationName = [IO.Path]::GetFileName($pkgFile)
-
- $appFileBody = @{
- "@odata.type" = "#microsoft.graph.mobileAppContentFile"
- name = [IO.Path]::GetFileName($pkgFile)
- size = (Get-Item $pkgFile).Length
- sizeEncrypted = (Get-Item $tmpFile).Length
- manifest = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($manifestXML.OuterXml))
- }
-
- Add-FileToIntuneApp $appId $appType $tmpFile $appFileBody
-
- Remove-Item $tmpFile -Force
-}
-
-function Copy-Win32LOBPackage
-{
- param($intunewinFile, $appObj)
-
- if(-not $intunewinFile -or (Test-Path $intunewinFile) -eq $false)
- {
- return
- }
-
- $appId = $appObj.Id
- $appType = $appObj.'@odata.type'.Trim('#')
-
- #Extract the detection.xml from the intunewin file
-
- $tmpFile = [IO.Path]::GetTempFileName()
-
- Export-IntunewinFileObject $intunewinFile "detection.xml" $tmpFile
-
- [xml]$DetectionXML = Get-Content $tmpFile
-
- Remove-Item -Path $tmpFile
-
- # Get encryption info from detection.xml and build encryptionInfo object
-
- $encryptionInfo = @{}
- $encryptionInfo.encryptionKey = $DetectionXML.ApplicationInfo.EncryptionInfo.EncryptionKey
- $encryptionInfo.macKey = $DetectionXML.ApplicationInfo.EncryptionInfo.macKey
- $encryptionInfo.initializationVector = $DetectionXML.ApplicationInfo.EncryptionInfo.initializationVector
- $encryptionInfo.mac = $DetectionXML.ApplicationInfo.EncryptionInfo.mac
- $encryptionInfo.profileIdentifier = "ProfileVersion1"
- $encryptionInfo.fileDigest = $DetectionXML.ApplicationInfo.EncryptionInfo.fileDigest
- $encryptionInfo.fileDigestAlgorithm = $DetectionXML.ApplicationInfo.EncryptionInfo.fileDigestAlgorithm
-
- $tmpIntunewinPath = ([IO.Path]::GetTempPath() + [Guid]::NewGuid().ToString("n"))
- mkdir $tmpIntunewinPath | Out-Null
- $tmpIntunewinFile = $tmpIntunewinPath + "\" + $DetectionXML.ApplicationInfo.FileName
-
- # Extract the encrypted file from the intunewin file
- Export-IntunewinFileObject $intunewinFile $DetectionXML.ApplicationInfo.FileName $tmpIntunewinFile
-
- # Create mobileAppContentFile object for the file
- $fileEncryptionInfo = @{}
- $fileEncryptionInfo.fileEncryptionInfo = $encryptionInfo
-
- $fileBody = @{
- "@odata.type" = "#microsoft.graph.mobileAppContentFile"
- name = $DetectionXML.ApplicationInfo.FileName
- size = [int64]$DetectionXML.ApplicationInfo.UnencryptedContentSize
- sizeEncrypted = (Get-Item $tmpIntunewinFile).Length
- manifest = $null
- isDependency = $false
- }
-
- Add-FileToIntuneApp $appId $appType $tmpIntunewinFile $fileBody
-
- # Remove extracted inintunewin file
- Remove-Item $tmpIntunewinPath -Force -Recurse
-}
-
-function Add-FileToIntuneApp
-{
- param($appId, $appType, $appFile, $fileBody)
-
- $contentVersion = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions"
- $contentVersionId = $contentVersion.value[0].id
- $fileObj = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files" -HttpMethod POST -Content (ConvertTo-Json $fileBody -Depth 5)
-
- if(-not $fileObj)
- {
- return
- }
-
- # Wait for Azure storage URI
- $fileObj = Wait-IntuneFileState "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)" "AzureStorageUriRequest"
- if(-not $fileObj)
- {
- return
- }
-
- # Upload file
- Send-IntuneFileToAzureStorage $fileObj.azureStorageUri $appFile "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)"
-
- # Commit the file
- $reponse = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)/commit" -HttpMethod POST -Content (ConvertTo-Json $fileEncryptionInfo -Depth 5)
-
- Wait-IntuneFileState "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)" "CommitFile"
-
- # Commit the content version
- $commitAppBody = @{
- "@odata.type" = "#$appType"
- committedContentVersion = $contentVersionId
- }
-
- $reponse = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId" -HttpMethod PATCH -Content (ConvertTo-Json $commitAppBody -Depth 5)
-}
-
-function Wait-IntuneFileState
-{
- param($fileUri, $state, $maxWait = 60)
-
- Write-Status "Wait for state $state"
-
- $endWait = (Get-Date).AddMinutes($maxWait)
-
- $successState = "$($state)Success"
- $pendingState = "$($state)Pending"
- $failedState = "$($state)Failed"
- $timedOutState = "$($state)TimedOut"
-
- $file = $null
- $succes = $false
-
- while ((Get-Date) -lt $endWait)
- {
- $file = Invoke-GraphRequest -Url $fileUri
-
- if ($file.uploadState -eq $successState)
- {
- $succes = $true
- break
- }
- elseif ($file.uploadState -ne $pendingState)
- {
- Write-Log "Failed to upload file. State: $($file.uploadState)" 3
- return
- }
-
- Start-Sleep -s 5
- }
-
- if($succes -eq $false)
- {
- Write-Log "Wait for state operation timed out" 3
- return
- }
-
- $file
-}
-
-function Send-IntuneFileToAzureStorage
-{
- param($sasUri, $filepath, $fileUri)
-
- try
- {
- $chunkSizeInBytes = 5MB
-
- # Start the timer for SAS URI renewal.
- $sasRenewalTimer = [System.Diagnostics.Stopwatch]::StartNew()
-
- # Find the file size and open the file.
- $fileSize = (Get-Item $filepath).length
- $chunks = [Math]::Ceiling($fileSize / $chunkSizeInBytes)
- $reader = New-Object System.IO.BinaryReader([System.IO.File]::Open($filepath, [System.IO.FileMode]::Open))
- $position = $reader.BaseStream.Seek(0, [System.IO.SeekOrigin]::Begin)
-
- # Upload each chunk. Check whether a SAS URI renewal is required after each chunk is uploaded and renew if needed.
- $ids = @()
-
- for ($chunk = 0; $chunk -lt $chunks; $chunk++)
- {
-
- $id = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($chunk.ToString("0000")))
- $ids += $id
-
- $start = $chunk * $chunkSizeInBytes
- $length = [Math]::Min($chunkSizeInBytes, $fileSize - $start)
- $bytes = $reader.ReadBytes($length)
-
- $currentChunk = $chunk + 1
-
- Write-Status "Uploading file to Azure Storage`n`nUploading chunk $currentChunk of $chunks ($(($currentChunk / $chunks*100))%)"
-
- Write-AzureStorageChunk $sasUri $id $bytes
-
- if ($currentChunk -lt $chunks -and $sasRenewalTimer.ElapsedMilliseconds -ge 450000)
- {
- Request-RenewAzureStorageUpload $fileUri
- $sasRenewalTimer.Restart()
- }
- }
- $reader.Close()
- }
- finally
- {
- if ($reader -ne $null) { $reader.Dispose() }
- }
-
- # Finalize the upload.
- $uploadResponse = Set-FinalizeAzureStorageUpload $sasUri $ids
-}
-
-function Request-RenewAzureStorageUpload
-{
- param($fileUri)
-
- $fileObj = Invoke-GraphRequest -Url "$fileUri/renewUpload" -HttpMethod POST
-
- $file = Wait-IntuneFileState $fileUri "AzureStorageUriRenewal" $azureStorageRenewSasUriBackOffTimeInSeconds
-}
-
-function Set-FinalizeAzureStorageUpload
-{
- param($sasUri, $ids)
-
- $uri = "$sasUri&comp=blocklist"
-
- if(($uri -notmatch "^http://|^https://"))
- {
- $uri = $global:graphURL + "/" + $uri.TrimStart('/')
- }
-
- $request = "PUT $uri"
-
- $xml = ''
- foreach ($id in $ids)
- {
- $xml += "$id"
- }
- $xml += ''
-
- try
- {
- Invoke-RestMethod $uri -Method Put -Body $xml
- }
- catch
- {
- Write-Log "Failed to finilize upload. $($_.Exception.Message)" 3
- }
-}
-
-function Write-AzureStorageChunk
-{
- param($sasUri, $id, $body)
-
- $uri = "$sasUri&comp=block&blockid=$id"
-
- if(($uri -notmatch "^http://|^https://"))
- {
- $uri = $global:graphURL + "/" + $uri.TrimStart('/')
- }
-
- $request = "PUT $uri"
-
- $iso = [System.Text.Encoding]::GetEncoding("iso-8859-1")
- $encodedBody = $iso.GetString($body)
- $headers = @{
- "x-ms-blob-type" = "BlockBlob"
- }
-
- try
- {
- $response = Invoke-WebRequest $uri -Method Put -Headers $headers -Body $encodedBody
- }
- catch
- {
- Write-Log "Failed to upload file chunk. $($_.Exception.Message)" 3
- }
-}
-
-function Get-IntuneKey
-{
- try
- {
- $aes = [System.Security.Cryptography.Aes]::Create()
- $aesProvider = New-Object System.Security.Cryptography.AesCryptoServiceProvider
- $aesProvider.GenerateKey()
- $aesProvider.Key
- }
- finally
- {
- if ($aesProvider -ne $null) { $aesProvider.Dispose() }
- if ($aes -ne $null) { $aes.Dispose() }
- }
-}
-
-function Get-IntuneKeyIV
-{
-
- try
- {
- $aes = [System.Security.Cryptography.Aes]::Create()
- $aes.IV
- }
- finally
- {
- if ($aes -ne $null) { $aes.Dispose() }
- }
-}
-
-function Start-EncryptFileWithIV
-{
- param($sourceFile, $targetFile, $encryptionKey, $hmacKey, $initializationVector)
-
- $bufferBlockSize = 1024 * 4
- $computedMac = $null
-
- try
- {
- $aes = [System.Security.Cryptography.Aes]::Create()
- $hmacSha256 = New-Object System.Security.Cryptography.HMACSHA256
- $hmacSha256.Key = $hmacKey
- $hmacLength = $hmacSha256.HashSize / 8
-
- $buffer = New-Object byte[] $bufferBlockSize
- $bytesRead = 0
-
- $targetStream = [System.IO.File]::Open($targetFile, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write, [System.IO.FileShare]::Read)
- $targetStream.Write($buffer, 0, $hmacLength + $initializationVector.Length)
-
- try
- {
- $encryptor = $aes.CreateEncryptor($encryptionKey, $initializationVector)
- $sourceStream = [System.IO.File]::Open($sourceFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read)
- $cryptoStream = New-Object System.Security.Cryptography.CryptoStream -ArgumentList @($targetStream, $encryptor, [System.Security.Cryptography.CryptoStreamMode]::Write)
-
- $targetStream = $null
- while (($bytesRead = $sourceStream.Read($buffer, 0, $bufferBlockSize)) -gt 0)
- {
- $cryptoStream.Write($buffer, 0, $bytesRead)
- $cryptoStream.Flush()
- }
- $cryptoStream.FlushFinalBlock()
- }
- finally
- {
- if ($cryptoStream -ne $null) { $cryptoStream.Dispose() }
- if ($sourceStream -ne $null) { $sourceStream.Dispose() }
- if ($encryptor -ne $null) { $encryptor.Dispose() }
- }
-
- try
- {
- $finalStream = [System.IO.File]::Open($targetFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::ReadWrite, [System.IO.FileShare]::Read)
-
- $finalStream.Seek($hmacLength, [System.IO.SeekOrigin]::Begin) > $null
- $finalStream.Write($initializationVector, 0, $initializationVector.Length)
- $finalStream.Seek($hmacLength, [System.IO.SeekOrigin]::Begin) > $null
-
- $hmac = $hmacSha256.ComputeHash($finalStream)
- $computedMac = $hmac
-
- $finalStream.Seek(0, [System.IO.SeekOrigin]::Begin) > $null
- $finalStream.Write($hmac, 0, $hmac.Length)
- }
- finally
- {
- if ($finalStream -ne $null) { $finalStream.Dispose() }
- }
- }
- finally
- {
- if ($targetStream -ne $null) { $targetStream.Dispose() }
- if ($aes -ne $null) { $aes.Dispose() }
- }
-
- $computedMac
-}
-
-function New-IntuneEncryptedFile
-{
- param($sourceFile, $targetFile)
-
- $encryptionKey = Get-IntuneKey
- $hmacKey = Get-IntuneKey
- $initializationVector = Get-IntuneKeyIV
-
- # Create the encrypted target file and compute the HMAC value.
- $mac = Start-EncryptFileWithIV $sourceFile $targetFile $encryptionKey $hmacKey $initializationVector
-
- # Compute the SHA256 hash of the source file and convert the result to bytes.
- $fileDigest = (Get-FileHash $sourceFile -Algorithm SHA256).Hash
- $fileDigestBytes = New-Object byte[] ($fileDigest.Length / 2)
- for ($i = 0; $i -lt $fileDigest.Length; $i += 2)
- {
- $fileDigestBytes[$i / 2] = [System.Convert]::ToByte($fileDigest.Substring($i, 2), 16)
- }
-
- # Return an object that will serialize correctly to the file commit Graph API.
- $encryptionInfo = @{}
- $encryptionInfo.encryptionKey = [System.Convert]::ToBase64String($encryptionKey)
- $encryptionInfo.macKey = [System.Convert]::ToBase64String($hmacKey)
- $encryptionInfo.initializationVector = [System.Convert]::ToBase64String($initializationVector)
- $encryptionInfo.mac = [System.Convert]::ToBase64String($mac)
- $encryptionInfo.profileIdentifier = "ProfileVersion1"
- $encryptionInfo.fileDigest = [System.Convert]::ToBase64String($fileDigestBytes)
- $encryptionInfo.fileDigestAlgorithm = "SHA256"
-
- $fileEncryptionInfo = @{}
- $fileEncryptionInfo.fileEncryptionInfo = $encryptionInfo
-
- $fileEncryptionInfo
+<#
+.SYNOPSIS
+Module for Intune Applications
+
+.DESCRIPTION
+This module manages Application objects in Intune e.g. uploading application files
+
+.NOTES
+ Author: Mikael Karlsson
+#>
+function Get-ModuleVersion
+{
+ '3.0.0'
+}
+
+#########################################################################################
+#
+# Upload file functions are based on the following scripts
+# https://github.com/microsoftgraph/powershell-intune-samples/tree/master/LOB_Application
+#
+#########################################################################################
+
+function Export-IntunewinFileObject
+{
+ param($intunewinFile, $objectName, $toFile)
+
+ Add-Type -Assembly System.IO.Compression.FileSystem
+
+ $zip = [IO.Compression.ZipFile]::OpenRead($intunewinFile)
+
+ $zip.Entries | where { $_.Name -like $objectName } | foreach {
+
+ [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $toFile, $true)
+ }
+
+ $zip.Dispose()
+}
+
+function Get-MSIFileInformation
+{
+ param($MSIFile, $Properties)
+
+ $values = @{}
+
+ try
+ {
+ $wiObj = New-Object -ComObject WindowsInstaller.Installer
+ $MSIDb = $wiObj.GetType().InvokeMember("OpenDatabase", "InvokeMethod", $null, $wiObj, @($MSIFile, 0))
+
+ foreach($prop in $Properties)
+ {
+ $Query = "SELECT Value FROM Property WHERE Property = '$($prop)'"
+ $View = $MSIDb.GetType().InvokeMember("OpenView", "InvokeMethod", $null, $MSIDb, ($Query))
+ $View.GetType().InvokeMember("Execute", "InvokeMethod", $null, $View, $null) | Out-Null
+ $Record = $View.GetType().InvokeMember("Fetch", "InvokeMethod", $null, $View, $null)
+ $values.Add($prop, $Record.GetType().InvokeMember("StringData", "GetProperty", $null, $Record, 1).ToString().Trim())
+ }
+
+ $MSIDb.GetType().InvokeMember("Commit", "InvokeMethod", $null, $MSIDb, $null) | Out-Null
+ $View.GetType().InvokeMember("Close", "InvokeMethod", $null, $View, $null) | Out-Null
+ $MSIDb = $null
+ $View = $null
+ }
+ catch
+ {
+ Write-Log "Failed to get MSI info from $MSIFile. $($_.Exception.Message)" 3
+ }
+ finally
+ {
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($wiObj) | Out-Null
+ [System.GC]::Collect() | Out-Null
+ }
+
+ $values
+}
+
+function Copy-MSILOB
+{
+ param($msiFile, $appObj)
+
+ if(-not $msiFile -or (Test-Path $msiFile) -eq $false)
+ {
+ return
+ }
+
+ $appId = $appObj.Id
+ $appType = $appObj.'@odata.type'.Trim('#')
+
+ $tmpFile = [IO.Path]::GetTempFileName()
+
+ $msiInfo = Get-MSIFileInformation $msiFile @("ProductName", "ProductCode", "ProductVersion", "ProductLanguage")
+
+ if(-not $msiInfo) { return }
+
+ $fileEncryptionInfo = New-IntuneEncryptedFile $msiFile $tmpFile
+
+ [xml]$manifestXML = ''
+ $manifestXML.MobileMsiData.MsiUpgradeCode = $msiInfo["ProductCode"]
+
+ $appFileBody = @{
+ "@odata.type" = "#microsoft.graph.mobileAppContentFile"
+ name = [IO.Path]::GetFileName($msiFile)
+ size = (Get-Item $msiFile).Length
+ sizeEncrypted = (Get-Item $tmpFile).Length
+ manifest = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($manifestXML.OuterXml))
+ }
+
+ Add-FileToIntuneApp $appId $appType $tmpFile $appFileBody
+
+ Remove-Item $tmpFile -Force
+}
+
+function Copy-iOSLOB
+{
+ param($pkgFile, $appObj)
+
+ if(-not $pkgFile -or (Test-Path $pkgFile) -eq $false)
+ {
+ return
+ }
+
+ $appId = $appObj.Id
+ $appType = $appObj.'@odata.type'.Trim('#')
+
+ $tmpFile = [IO.Path]::GetTempFileName()
+
+ $fileEncryptionInfo = New-IntuneEncryptedFile $pkgFile $tmpFile
+
+ [string]$manifestStr = 'itemsassetskindsoftware-packageurl{UrlPlaceHolder}metadataAppRestrictionPolicyTemplatehttp://management.microsoft.com/PolicyTemplates/AppRestrictions/iOS/v1AppRestrictionTechnologyWindows Intune Application Restrictions Technology for iOSIntuneMAMVersionCFBundleSupportedPlatformsiPhoneOSMinimumOSVersion9.0bundle-identifierbundleidbundle-versionbundleversionkindsoftwaresubtitleLaunchMeSubtitletitlebundletitle'
+
+ $manifestStr = $manifestStr.replace("bundleid", $appObj.bundleId)
+ $manifestStr = $manifestStr.replace("bundleversion",$appObj.identityVersion)
+ $manifestStr = $manifestStr.replace("bundletitle",$appObj.$displayName)
+
+ $appFileBody = @{
+ "@odata.type" = "#microsoft.graph.mobileAppContentFile"
+ name = [IO.Path]::GetFileName($pkgFile)
+ size = (Get-Item $pkgFile).Length
+ sizeEncrypted = (Get-Item $tmpFile).Length
+ manifest = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($manifestStr))
+ }
+
+ Add-FileToIntuneApp $appId $appType $tmpFile $appFileBody
+
+ Remove-Item $tmpFile -Force
+}
+
+function Copy-AndroidLOB
+{
+ param($pkgFile, $appObj)
+
+ if(-not $pkgFile -or (Test-Path $pkgFile) -eq $false)
+ {
+ return
+ }
+
+ $appId = $appObj.Id
+ $appType = $appObj.'@odata.type'.Trim('#')
+
+ $tmpFile = [IO.Path]::GetTempFileName()
+
+ $fileEncryptionInfo = New-IntuneEncryptedFile $pkgFile $tmpFile
+
+ [xml]$manifestXML = 'com.leadapps.android.radio.ncp101.0.5.4A_Online_Radio_1.0.5.4.apk3'
+
+ $manifestXML.AndroidManifestProperties.Package = $appObj.identityName
+ $manifestXML.AndroidManifestProperties.PackageVersionCode = $appObj.versionCode
+ $manifestXML.AndroidManifestProperties.PackageVersionName = $appObj.versionName
+ $manifestXML.AndroidManifestProperties.ApplicationName = [IO.Path]::GetFileName($pkgFile)
+
+ $appFileBody = @{
+ "@odata.type" = "#microsoft.graph.mobileAppContentFile"
+ name = [IO.Path]::GetFileName($pkgFile)
+ size = (Get-Item $pkgFile).Length
+ sizeEncrypted = (Get-Item $tmpFile).Length
+ manifest = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($manifestXML.OuterXml))
+ }
+
+ Add-FileToIntuneApp $appId $appType $tmpFile $appFileBody
+
+ Remove-Item $tmpFile -Force
+}
+
+function Copy-Win32LOBPackage
+{
+ param($intunewinFile, $appObj)
+
+ if(-not $intunewinFile -or (Test-Path $intunewinFile) -eq $false)
+ {
+ return
+ }
+
+ $appId = $appObj.Id
+ $appType = $appObj.'@odata.type'.Trim('#')
+
+ #Extract the detection.xml from the intunewin file
+
+ $tmpFile = [IO.Path]::GetTempFileName()
+
+ Export-IntunewinFileObject $intunewinFile "detection.xml" $tmpFile
+
+ [xml]$DetectionXML = Get-Content $tmpFile
+
+ Remove-Item -Path $tmpFile
+
+ # Get encryption info from detection.xml and build encryptionInfo object
+
+ $encryptionInfo = @{}
+ $encryptionInfo.encryptionKey = $DetectionXML.ApplicationInfo.EncryptionInfo.EncryptionKey
+ $encryptionInfo.macKey = $DetectionXML.ApplicationInfo.EncryptionInfo.macKey
+ $encryptionInfo.initializationVector = $DetectionXML.ApplicationInfo.EncryptionInfo.initializationVector
+ $encryptionInfo.mac = $DetectionXML.ApplicationInfo.EncryptionInfo.mac
+ $encryptionInfo.profileIdentifier = "ProfileVersion1"
+ $encryptionInfo.fileDigest = $DetectionXML.ApplicationInfo.EncryptionInfo.fileDigest
+ $encryptionInfo.fileDigestAlgorithm = $DetectionXML.ApplicationInfo.EncryptionInfo.fileDigestAlgorithm
+
+ $tmpIntunewinPath = ([IO.Path]::GetTempPath() + [Guid]::NewGuid().ToString("n"))
+ mkdir $tmpIntunewinPath | Out-Null
+ $tmpIntunewinFile = $tmpIntunewinPath + "\" + $DetectionXML.ApplicationInfo.FileName
+
+ # Extract the encrypted file from the intunewin file
+ Export-IntunewinFileObject $intunewinFile $DetectionXML.ApplicationInfo.FileName $tmpIntunewinFile
+
+ # Create mobileAppContentFile object for the file
+ $fileEncryptionInfo = @{}
+ $fileEncryptionInfo.fileEncryptionInfo = $encryptionInfo
+
+ $fileBody = @{
+ "@odata.type" = "#microsoft.graph.mobileAppContentFile"
+ name = $DetectionXML.ApplicationInfo.FileName
+ size = [int64]$DetectionXML.ApplicationInfo.UnencryptedContentSize
+ sizeEncrypted = (Get-Item $tmpIntunewinFile).Length
+ manifest = $null
+ isDependency = $false
+ }
+
+ Add-FileToIntuneApp $appId $appType $tmpIntunewinFile $fileBody
+
+ # Remove extracted inintunewin file
+ Remove-Item $tmpIntunewinPath -Force -Recurse
+}
+
+function Add-FileToIntuneApp
+{
+ param($appId, $appType, $appFile, $fileBody)
+
+ $contentVersion = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions"
+ $contentVersionId = $contentVersion.value[0].id
+ $fileObj = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files" -HttpMethod POST -Content (ConvertTo-Json $fileBody -Depth 5)
+
+ if(-not $fileObj)
+ {
+ return
+ }
+
+ # Wait for Azure storage URI
+ $fileObj = Wait-IntuneFileState "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)" "AzureStorageUriRequest"
+ if(-not $fileObj)
+ {
+ return
+ }
+
+ # Upload file
+ Send-IntuneFileToAzureStorage $fileObj.azureStorageUri $appFile "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)"
+
+ # Commit the file
+ $reponse = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)/commit" -HttpMethod POST -Content (ConvertTo-Json $fileEncryptionInfo -Depth 5)
+
+ Wait-IntuneFileState "/deviceAppManagement/mobileApps/$appId/$appType/contentVersions/$contentVersionId/files/$($fileObj.Id)" "CommitFile"
+
+ # Commit the content version
+ $commitAppBody = @{
+ "@odata.type" = "#$appType"
+ committedContentVersion = $contentVersionId
+ }
+
+ $reponse = Invoke-GraphRequest -Url "/deviceAppManagement/mobileApps/$appId" -HttpMethod PATCH -Content (ConvertTo-Json $commitAppBody -Depth 5)
+}
+
+function Wait-IntuneFileState
+{
+ param($fileUri, $state, $maxWait = 60)
+
+ Write-Status "Wait for state $state"
+
+ $endWait = (Get-Date).AddMinutes($maxWait)
+
+ $successState = "$($state)Success"
+ $pendingState = "$($state)Pending"
+ $failedState = "$($state)Failed"
+ $timedOutState = "$($state)TimedOut"
+
+ $file = $null
+ $succes = $false
+
+ while ((Get-Date) -lt $endWait)
+ {
+ $file = Invoke-GraphRequest -Url $fileUri
+
+ if ($file.uploadState -eq $successState)
+ {
+ $succes = $true
+ break
+ }
+ elseif ($file.uploadState -ne $pendingState)
+ {
+ Write-Log "Failed to upload file. State: $($file.uploadState)" 3
+ return
+ }
+
+ Start-Sleep -s 5
+ }
+
+ if($succes -eq $false)
+ {
+ Write-Log "Wait for state operation timed out" 3
+ return
+ }
+
+ $file
+}
+
+function Send-IntuneFileToAzureStorage
+{
+ param($sasUri, $filepath, $fileUri)
+
+ try
+ {
+ $chunkSizeInBytes = 5MB
+
+ # Start the timer for SAS URI renewal.
+ $sasRenewalTimer = [System.Diagnostics.Stopwatch]::StartNew()
+
+ # Find the file size and open the file.
+ $fileSize = (Get-Item $filepath).length
+ $chunks = [Math]::Ceiling($fileSize / $chunkSizeInBytes)
+ $reader = New-Object System.IO.BinaryReader([System.IO.File]::Open($filepath, [System.IO.FileMode]::Open))
+ $position = $reader.BaseStream.Seek(0, [System.IO.SeekOrigin]::Begin)
+
+ # Upload each chunk. Check whether a SAS URI renewal is required after each chunk is uploaded and renew if needed.
+ $ids = @()
+
+ for ($chunk = 0; $chunk -lt $chunks; $chunk++)
+ {
+
+ $id = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($chunk.ToString("0000")))
+ $ids += $id
+
+ $start = $chunk * $chunkSizeInBytes
+ $length = [Math]::Min($chunkSizeInBytes, $fileSize - $start)
+ $bytes = $reader.ReadBytes($length)
+
+ $currentChunk = $chunk + 1
+
+ Write-Status "Uploading file to Azure Storage`n`nUploading chunk $currentChunk of $chunks ($(($currentChunk / $chunks*100))%)"
+
+ Write-AzureStorageChunk $sasUri $id $bytes
+
+ if ($currentChunk -lt $chunks -and $sasRenewalTimer.ElapsedMilliseconds -ge 450000)
+ {
+ Request-RenewAzureStorageUpload $fileUri
+ $sasRenewalTimer.Restart()
+ }
+ }
+ $reader.Close()
+ }
+ finally
+ {
+ if ($reader -ne $null) { $reader.Dispose() }
+ }
+
+ # Finalize the upload.
+ $uploadResponse = Set-FinalizeAzureStorageUpload $sasUri $ids
+}
+
+function Request-RenewAzureStorageUpload
+{
+ param($fileUri)
+
+ $fileObj = Invoke-GraphRequest -Url "$fileUri/renewUpload" -HttpMethod POST
+
+ $file = Wait-IntuneFileState $fileUri "AzureStorageUriRenewal" $azureStorageRenewSasUriBackOffTimeInSeconds
+}
+
+function Set-FinalizeAzureStorageUpload
+{
+ param($sasUri, $ids)
+
+ $uri = "$sasUri&comp=blocklist"
+
+ if(($uri -notmatch "^http://|^https://"))
+ {
+ $uri = $global:graphURL + "/" + $uri.TrimStart('/')
+ }
+
+ $request = "PUT $uri"
+
+ $xml = ''
+ foreach ($id in $ids)
+ {
+ $xml += "$id"
+ }
+ $xml += ''
+
+ try
+ {
+ Invoke-RestMethod $uri -Method Put -Body $xml
+ }
+ catch
+ {
+ Write-Log "Failed to finilize upload. $($_.Exception.Message)" 3
+ }
+}
+
+function Write-AzureStorageChunk
+{
+ param($sasUri, $id, $body)
+
+ $uri = "$sasUri&comp=block&blockid=$id"
+
+ if(($uri -notmatch "^http://|^https://"))
+ {
+ $uri = $global:graphURL + "/" + $uri.TrimStart('/')
+ }
+
+ $request = "PUT $uri"
+
+ $iso = [System.Text.Encoding]::GetEncoding("iso-8859-1")
+ $encodedBody = $iso.GetString($body)
+ $headers = @{
+ "x-ms-blob-type" = "BlockBlob"
+ }
+
+ try
+ {
+ $response = Invoke-WebRequest $uri -Method Put -Headers $headers -Body $encodedBody
+ }
+ catch
+ {
+ Write-Log "Failed to upload file chunk. $($_.Exception.Message)" 3
+ }
+}
+
+function Get-IntuneKey
+{
+ try
+ {
+ $aes = [System.Security.Cryptography.Aes]::Create()
+ $aesProvider = New-Object System.Security.Cryptography.AesCryptoServiceProvider
+ $aesProvider.GenerateKey()
+ $aesProvider.Key
+ }
+ finally
+ {
+ if ($aesProvider -ne $null) { $aesProvider.Dispose() }
+ if ($aes -ne $null) { $aes.Dispose() }
+ }
+}
+
+function Get-IntuneKeyIV
+{
+
+ try
+ {
+ $aes = [System.Security.Cryptography.Aes]::Create()
+ $aes.IV
+ }
+ finally
+ {
+ if ($aes -ne $null) { $aes.Dispose() }
+ }
+}
+
+function Start-EncryptFileWithIV
+{
+ param($sourceFile, $targetFile, $encryptionKey, $hmacKey, $initializationVector)
+
+ $bufferBlockSize = 1024 * 4
+ $computedMac = $null
+
+ try
+ {
+ $aes = [System.Security.Cryptography.Aes]::Create()
+ $hmacSha256 = New-Object System.Security.Cryptography.HMACSHA256
+ $hmacSha256.Key = $hmacKey
+ $hmacLength = $hmacSha256.HashSize / 8
+
+ $buffer = New-Object byte[] $bufferBlockSize
+ $bytesRead = 0
+
+ $targetStream = [System.IO.File]::Open($targetFile, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write, [System.IO.FileShare]::Read)
+ $targetStream.Write($buffer, 0, $hmacLength + $initializationVector.Length)
+
+ try
+ {
+ $encryptor = $aes.CreateEncryptor($encryptionKey, $initializationVector)
+ $sourceStream = [System.IO.File]::Open($sourceFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::Read)
+ $cryptoStream = New-Object System.Security.Cryptography.CryptoStream -ArgumentList @($targetStream, $encryptor, [System.Security.Cryptography.CryptoStreamMode]::Write)
+
+ $targetStream = $null
+ while (($bytesRead = $sourceStream.Read($buffer, 0, $bufferBlockSize)) -gt 0)
+ {
+ $cryptoStream.Write($buffer, 0, $bytesRead)
+ $cryptoStream.Flush()
+ }
+ $cryptoStream.FlushFinalBlock()
+ }
+ finally
+ {
+ if ($cryptoStream -ne $null) { $cryptoStream.Dispose() }
+ if ($sourceStream -ne $null) { $sourceStream.Dispose() }
+ if ($encryptor -ne $null) { $encryptor.Dispose() }
+ }
+
+ try
+ {
+ $finalStream = [System.IO.File]::Open($targetFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::ReadWrite, [System.IO.FileShare]::Read)
+
+ $finalStream.Seek($hmacLength, [System.IO.SeekOrigin]::Begin) > $null
+ $finalStream.Write($initializationVector, 0, $initializationVector.Length)
+ $finalStream.Seek($hmacLength, [System.IO.SeekOrigin]::Begin) > $null
+
+ $hmac = $hmacSha256.ComputeHash($finalStream)
+ $computedMac = $hmac
+
+ $finalStream.Seek(0, [System.IO.SeekOrigin]::Begin) > $null
+ $finalStream.Write($hmac, 0, $hmac.Length)
+ }
+ finally
+ {
+ if ($finalStream -ne $null) { $finalStream.Dispose() }
+ }
+ }
+ finally
+ {
+ if ($targetStream -ne $null) { $targetStream.Dispose() }
+ if ($aes -ne $null) { $aes.Dispose() }
+ }
+
+ $computedMac
+}
+
+function New-IntuneEncryptedFile
+{
+ param($sourceFile, $targetFile)
+
+ $encryptionKey = Get-IntuneKey
+ $hmacKey = Get-IntuneKey
+ $initializationVector = Get-IntuneKeyIV
+
+ # Create the encrypted target file and compute the HMAC value.
+ $mac = Start-EncryptFileWithIV $sourceFile $targetFile $encryptionKey $hmacKey $initializationVector
+
+ # Compute the SHA256 hash of the source file and convert the result to bytes.
+ $fileDigest = (Get-FileHash $sourceFile -Algorithm SHA256).Hash
+ $fileDigestBytes = New-Object byte[] ($fileDigest.Length / 2)
+ for ($i = 0; $i -lt $fileDigest.Length; $i += 2)
+ {
+ $fileDigestBytes[$i / 2] = [System.Convert]::ToByte($fileDigest.Substring($i, 2), 16)
+ }
+
+ # Return an object that will serialize correctly to the file commit Graph API.
+ $encryptionInfo = @{}
+ $encryptionInfo.encryptionKey = [System.Convert]::ToBase64String($encryptionKey)
+ $encryptionInfo.macKey = [System.Convert]::ToBase64String($hmacKey)
+ $encryptionInfo.initializationVector = [System.Convert]::ToBase64String($initializationVector)
+ $encryptionInfo.mac = [System.Convert]::ToBase64String($mac)
+ $encryptionInfo.profileIdentifier = "ProfileVersion1"
+ $encryptionInfo.fileDigest = [System.Convert]::ToBase64String($fileDigestBytes)
+ $encryptionInfo.fileDigestAlgorithm = "SHA256"
+
+ $fileEncryptionInfo = @{}
+ $fileEncryptionInfo.fileEncryptionInfo = $encryptionInfo
+
+ $fileEncryptionInfo
}
\ No newline at end of file
diff --git a/Extensions/MDM_MAM.psm1 b/Extensions/MDM_MAM.psm1
deleted file mode 100644
index 37b4701..0000000
--- a/Extensions/MDM_MAM.psm1
+++ /dev/null
@@ -1,224 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-MDMMAMName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-MDMMAM}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-MDMMAMName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all MDM/MAM setting"
- Import-AllMDMMAMObjects (Join-Path $rootFolder (Get-MDMMAMFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-MDMMAMName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all MDM/MAM settings"
- Get-MDMMAMObjects | ForEach-Object { Export-SingleMDMMAM $PSItem.Object (Join-Path $rootFolder (Get-MDMMAMFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-MDMMAMFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-MDMMAMName
-{
- return "MDM/MAM"
-}
-
-function Get-MDMMAMFolderName
-{
- return "MDMMAM"
-}
-
-function Get-MDMMAM
-{
- Write-Status "Loading MDM/MAM object"
- $dgObjects.ItemsSource = @(Get-MDMMAMObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllMDMMAM $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedMDMMAM $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllMDMMAMObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-MDMMAMObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -ViewFullObject ([scriptblock]{Get-MDMMAMObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-MDMMAMObjects
-{
- Get-AzureNativeObjects "MdmApplications" -property @('appDisplayName')
-}
-
-function Get-MDMMAMObject
-{
- param($object, $additional = "")
-
- if(-not $Object.objectId) { return }
-
- Invoke-AzureNativeRequest "/MdmApplications/$($Object.objectId)$additional"
-}
-
-function Export-AllMDMMAM
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleMDMMAM $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedMDMMAM
-{
- param($path = "$env:Temp")
-
- Export-SingleMDMMAM $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleMDMMAM
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-MDMMAMFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.appDisplayName)"
-
- $obj = Invoke-AzureNativeRequest "MdmApplications/$($psObj.objectId)"
-
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.appDisplayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
- }
-
- if($obj.mdmAppliesToGroups)
- {
- $obj.mdmAppliesToGroups | ForEach-Object { Add-GroupMigrationObject $PSItem.objectId }
- }
-
- if($obj.mamAppliesToGroups)
- {
- $obj.mamAppliesToGroups | ForEach-Object { Add-GroupMigrationObject $PSItem.objectId }
- }
-
- $global:exportedObjects++
- }
-}
-
-function Import-MDMMAM
-{
- param($obj)
-
- $argStr = "?"
- if($obj.enrollmentUrl) { $argStr += "mdmAppliesToChanged=true" }
- else{ $argStr += "mdmAppliesToChanged=false" }
- if($obj.mamEnrollmentUrl) { $argStr += "&mamAppliesToChanged=true" }
- else{ $argStr += "&mamAppliesToChanged=false" }
-
- $response = Invoke-AzureNativeRequest "MdmApplications/$($obj.objectId)$argStr" -Method PUT -Body (Update-JsonForEnvironment (ConvertTo-Json $obj -Depth 5))
-}
-
-function Import-AllMDMMAMObjects
-{
- param($path = "$env:Temp")
-
- Import-MDMMAMObjects (Get-JsonFileObjects $path)
-}
-
-function Import-MDMMAMObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import MDM/MAM settings"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import MDM/MAM app settings: $($obj.Object.appDisplayName)"
-
- Import-MDMMAM $obj.Object
-
- # No assignments for MDM/MAM
- }
- $dgObjects.ItemsSource = @(Get-MDMMAMObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Extensions/MSALAuthentication.psm1 b/Extensions/MSALAuthentication.psm1
new file mode 100644
index 0000000..6295e15
--- /dev/null
+++ b/Extensions/MSALAuthentication.psm1
@@ -0,0 +1,1361 @@
+<#
+.SYNOPSIS
+Module for Authentication
+
+.DESCRIPTION
+This module manages Authentication for the application with MSAL. It is also responsible for displaying the Profile Picture control of he logged in user.
+
+.NOTES
+ Author: Mikael Karlsson
+#>
+function Get-ModuleVersion
+{
+ '3.0.0'
+}
+
+$global:msalAuthenticator = $null
+function Invoke-InitializeModule
+{
+ $script:MSALAllApps = @()
+ $global:MSALToken = $null
+ $global:MSALAuthority = $null
+ $script:AccessableTenants = $null
+
+ $global:appSettingSections += (New-Object PSObject -Property @{
+ Title = "MSAL"
+ Id = "MSAL"
+ Values = @()
+ Priority = 8
+ })
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "MSAL Library File"
+ Key = "MSALDLL"
+ Type = "File"
+ Description = "Full path to the Microsoft.Identity.Client.dll file"
+ }) "MSAL"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Remember Login"
+ Key = "CacheMSALToken"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Store the MSAL token in an encrypted file an automatically log on at next logon. Store in the users profile and can only be decrypted by the user that created it. Note: Requires restart"
+ }) "MSAL"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Get Tenant List"
+ Key = "GetTenantList"
+ Type = "Boolean"
+ DefaultValue = $false
+ Description = "Get a list of all tenants the current user has access to. Only used when the user has access to multiple tenants. This may cause duplicate login/consent prompts first time"
+ }) "MSAL"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Use Default Permissions"
+ Key = "UseDefaultPermissions"
+ Type = "Boolean"
+ DefaultValue = $false
+ Description = "Default permissions of the selected app will be used when logging on. Some objects might not be accessable"
+ }) "MSAL"
+
+ Add-MSALPrereq
+
+ #$script:MSALDLLMissing = $true #!!!!
+}
+
+function Get-MSALAuthenticationObject
+{
+ if(-not $global:msalAuthenticator)
+ {
+ $global:msalAuthenticator = New-Object PSObject -Property @{
+ Title = "MSAL"
+ SilentLogin = { Connect-MSALUser -Silent @args; }
+ Login = { Connect-MSALUser @args }
+ Logout = { Disconnect-MSALUser }
+ ProfilePicture = { Get-MSALProfileEllipse @args }
+ ShowErrors = { Show-MSALError }
+ }
+ }
+
+ $global:msalAuthenticator
+}
+
+function Clear-MSALCurentUserVaiables
+{
+ $global:MSALAuthority = $null
+}
+
+function Get-MSALCurrentApp
+{
+ $global:appObj
+}
+
+function Set-MSALCurrentApp
+{
+ param($appInfoObj)
+
+ $global:appObj = $appInfoObj
+}
+
+function Get-MSALUserInfo
+{
+ if($global:MSALToken)
+ {
+ Write-Log "Get current user"
+ $tmpMe = MSGraph\Invoke-GraphRequest -Url "ME" -SkipAuthentication
+ if($tmpMe.creationType -ne "Invitation")
+ {
+ ### Only get user info from home tenant
+ $global:Me = $tmpMe
+ Write-Log "Get profile picture"
+ $global:profilePhoto = "$($env:LOCALAPPDATA)\CloudAPIPowerShellManagement\$($global:Me.Id).jpeg"
+ MSGraph\Invoke-GraphRequest "me/photos/48x48/`$value" -OutFile $global:profilePhoto -SkipAuthentication | Out-Null
+ }
+
+ Write-Log "Get organization info"
+ $global:Organization = (MSGraph\Invoke-GraphRequest -Url "Organization" -SkipAuthentication).Value
+ }
+ else
+ {
+ $global:Me = $null
+ $global:profilePhoto = $null
+ $global:Organization = $null
+ }
+ Show-AuthenticationInfo
+}
+
+function Show-MSALError
+{
+ if($script:MSALDLLMissing -ne $true) { return }
+
+ $script:msalPreReqForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\MSALPreReqForm.xaml") -AddVariables
+
+ $isAdmin = Get-IsAdmin
+
+ if($isAdmin)
+ {
+ Set-XamlProperty $script:msalPreReqForm "chkCurrentUser" "IsChecked" $false
+ }
+
+ $powerShellGet = Get-Module "PowerShellGet" -ListAvailable -ErrorAction SilentlyContinue | Sort -Property Version -Descending | Select -First 1
+
+ if($powerShellGet -and $powerShellGet.Version -gt [Version]"2.0.0")
+ {
+ $global:installPowerShellGet = $false
+ Write-Log "PowerShellGet $($powerShellGet.Version) detected. No need to install package"
+ Set-XamlProperty $script:msalPreReqForm "spPowerShellGet" "Visibility" "Collapsed"
+ }
+ else
+ {
+ if($powerShellGet)
+ {
+ Write-Log "PowerShellGet $($powerShellGet.Version) detected. Module needs to be updated" 2
+ }
+ else
+ {
+ Write-Log "PowerShellGet is missing. It needs to be installed" 2
+ }
+
+ $global:installPowerShellGet = $true
+ }
+
+ $pkgNuGet = Get-PackageProvider | Where Name -eq "NuGet"
+
+ if($pkgNuGet -and $pkgNuGet.Version -ge [Version]"2.8.5.201")
+ {
+ Write-Log "NuGet $($pkgNuGet.Version) detected. No need to install package"
+ Set-XamlProperty $script:msalPreReqForm "spNuGet" "Visibility" "Collapsed"
+ $global:installNuGet = $false
+ }
+ else
+ {
+ $global:installNuGet = $true
+
+ if($isAdmin)
+ {
+ Set-XamlProperty $script:msalPreReqForm "txtNotAdmin" "Visibility" "Collapsed"
+ }
+ else
+ {
+ Set-XamlProperty $script:msalPreReqForm "chkInstallNuGet" "Visibility" "Collapsed"
+ Set-XamlProperty $script:msalPreReqForm "btnInstallMSALPS" "IsEnabled" $false
+ Set-XamlProperty $script:msalPreReqForm "btnInstallAz" "IsEnabled" $false
+ }
+
+ if($pkgNuGet)
+ {
+ Write-Log "NuGet $($pkgNuGet.Version) detected. Pakage needs to be updated" 2
+ }
+ else
+ {
+ Write-Log "NuGet is missing. It needs to be installed" 2
+ }
+ }
+
+ Add-XamlEvent $script:msalPreReqForm "btnInstallMSALPS" "add_click" {
+ Install-MSALDependencyModule "MSAL.PS" $this
+ }
+
+ Add-XamlEvent $script:msalPreReqForm "btnInstallAz" "add_click" {
+ Install-MSALDependencyModule "Az" $this
+ }
+ Show-ModalForm "MSAL Errors" $script:msalPreReqForm
+}
+
+function Install-MSALDependencyModule
+{
+ param($moduleToInstall, $button)
+
+ $forceUserInstallation = $false
+
+ if($global:chkCurrentUser.IsChecked -eq $false -and (Get-IsAdmin) -eq $false)
+ {
+ if([System.Windows.MessageBox]::Show("Module will be install for system but current user is not Admin`n`nDo you want to install modules as user instead?`n`nNo will abort the installation", "Not admin!", "YesNo", "Warning") -eq "Yes")
+ {
+ $forceUserInstallation = $true
+ }
+ else
+ {
+ return
+ }
+
+ }
+
+ $installExtra = ""
+ if($global:installNuGet)
+ {
+ $installExtra += "`nNuGet will also be installed"
+ }
+
+ if($global:installPowerShellGet)
+ {
+ $installExtra += "`nPowerShellGet module will also be installed"
+ }
+ if($installExtra) { $installExtra = "`nAdditional installs:`n$($installExtra)" }
+
+ if([System.Windows.MessageBox]::Show("Are you sure you want to install the $moduleToInstall module?$($installExtra)", "Install module?", "YesNo", "Question") -ne "Yes") { return }
+
+ # Force TLS 1.2
+ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+ if($global:installNuGet)
+ {
+ Write-Status "Install NuGet package provider"
+ try
+ {
+ Install-PackageProvider -Name NuGet -Force #-MinimumVersion 2.8.5.201
+ if($? -eq $false)
+ {
+ throw $global:error[0]
+ }
+ }
+ catch
+ {
+ Write-Log "Failed to install package provider NuGet. Error: $($_.Exception.Message)" 3
+ [System.Windows.MessageBox]::Show("Failed to install Nuget`n`nThe $moduleToInstall module cannot be installed.`n`nTry installing the module manually and then restart the appliaction.", "Failed!", "OK", "Error") | Out-Null
+ return
+ }
+ }
+
+ if($global:installPowerShellGet)
+ {
+ Write-Status "Install PowerShellGet module"
+ try
+ {
+ $params = @{}
+ if($global:chkCurrentUser.IsChecked -or $forceUserInstallation) { $params.Add("Scope", "CurrentUser") }
+
+ Install-Module -Name PowerShellGet -Force -AllowClobber @params #-MinimumVersion 2.8.5.201
+
+ if($? -eq $false)
+ {
+ throw $global:error[0]
+ }
+ }
+ catch
+ {
+ Write-Log "Failed to install PowerShellGet module. Error: $($_.Exception.Message)" 3
+ [System.Windows.MessageBox]::Show("Failed to install PowerShellGet module`n`nThe $moduleToInstall module cannot be installed.`n`nTry installing the module manually and then restart the appliaction.", "Failed!", "OK", "Error") | Out-Null
+ return
+ }
+ }
+
+ $params = @{}
+ $params.Add("Name", $moduleToInstall)
+ $params.Add("Force", $true)
+
+ if($global:chkAllowClobber.IsChecked) { $params.Add("AllowClobber", $true) }
+ if($global:chkCurrentUser.IsChecked -or $forceUserInstallation) { $params.Add("Scope", "CurrentUser") }
+ if($global:chkSkipPublisherCheck.IsChecked) { $params.Add("SkipPublisherCheck", $true) }
+ #if($global:chkAcceptLicense.IsChecked) { $params.Add("AcceptLicense", $true) }
+ $installError = ""
+ Write-Status "Install module $moduleToInstall"
+ try
+ {
+ $mod = Install-Module @params -ErrorAction SilentlyContinue #-PassThru
+ if($? -eq $false)
+ {
+ throw $global:error[0]
+ }
+ }
+ catch
+ {
+ $installError = "Error: $($_.Exception.Message)`n`n"
+ Write-Log "Failed to install module. Error: $($_.Exception.Message)" 3
+ }
+
+ $checkModule = ?: ($moduleToInstall -eq "Az") "Az.Accounts" $moduleToInstall
+
+ if(-not $mod) { $mod = Get-Module $checkModule -ListAvailable }
+
+ Write-Status ""
+
+ if($mod)
+ {
+ $script:MSALDLLMissing = $false
+ Add-MSALPrereq
+ }
+
+ if(-not $mod)
+ {
+ [System.Windows.MessageBox]::Show("Failed to install the $moduleToInstall module`n`n$($installError)Try installing the module manually and then restart the appliaction.", "Failed!", "OK", "Error") | Out-Null
+ }
+ elseif($mod -and $script:MSALDLLMissing)
+ {
+ [System.Windows.MessageBox]::Show("The $moduleToInstall module was installed successfully`n`nBut the app failed to load the MSAL DLL.`n`nPlease reastart the app and try again", "Failed!", "OK", "Warning") | Out-Null
+ }
+ else
+ {
+ [System.Windows.MessageBox]::Show("The $moduleToInstall was installed successfully!`n", "Success!", "OK", "Info") | Out-Null
+ }
+ Show-ModalObject
+}
+
+function Add-MSALPrereq
+{
+ $msalPath = ""
+
+ # Path stored in settings
+ $msalPath = (Get-SettingValue "MSALDLL")
+ if($msalPath -and ([IO.File]::Exists($msalPath)) -eq $false -and ([IO.Path]::GetFileName($msalPath)) -ne "Microsoft.Identity.Client.dll")
+ {
+ Write-Log "Microsoft.Identity.Client.dll file is either missing or pointing to the wrong file name"
+ $msalPath = ""
+ }
+
+ # Check if located in app folder
+ $tmpPath = "$($global:AppRootFolder)\Microsoft.Identity.Client.dll"
+ if(-not $msalPath -and ([IO.File]::Exists($tmpPath)))
+ {
+ $msalPath = $tmpPath
+ }
+
+ # Check Az module
+ if(-not $msalPath)
+ {
+ $module = Get-Module Az.Accounts -ListAvailable
+ if($module)
+ {
+ # Use the latest version and first path in case it is install for both the user and device
+ $module = $module | Sort -Property Version -Descending | Select -First 1
+ $tmpPath = (([IO.Path]::GetDirectoryName(($module.Path | Select -First 1 ))) + "\PreloadAssemblies\Microsoft.Identity.Client.dll")
+ if(([IO.File]::Exists($tmpPath)))
+ {
+ $msalPath = $tmpPath
+ }
+ }
+ }
+
+ # Check MSAL.PS module
+ if(-not $msalPath)
+ {
+ $module = Get-Module MSAL.PS -ListAvailable
+ $module = $module | Sort -Property Version -Descending | Select -First 1
+ $folderMSAL = Get-ChildItem -Path ([IO.Path]::GetDirectoryName($module.Path)) -Filter "Microsoft.Identity.Client*" | ?{ $_.PSIsContainer } | Sort -Property Version -Descending | Select -First 1
+ if([IO.File]::Exists(($folderMSAL.FullName + "\net45\Microsoft.Identity.Client.dll")))
+ {
+ $msalPath = ($folderMSAL.FullName + "\net45\Microsoft.Identity.Client.dll")
+ }
+ }
+
+ if(-not $msalPath)
+ {
+ $script:MSALDLLMissing = $true
+ Write-Log "Could not find Microsoft.Identity.Client.dll. Install the latest Az or MSAL.PS module or download MSAL library" 3
+ return
+ }
+
+ $fi = [IO.FileInfo]$msalPath
+ [void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
+ Write-Log "Using MSAL file $msalPath. Version: $($fi.VersionInfo.FileVersion)"
+ [void][System.Reflection.Assembly]::LoadFile($msalPath)
+
+ [System.Collections.Generic.List[string]] $RequiredAssemblies = New-Object System.Collections.Generic.List[string]
+ $RequiredAssemblies.Add($msalPath)
+ $RequiredAssemblies.Add('System.Security.dll')
+
+ Add-Type -Path ($global:AppRootFolder + "\CS\TokenCacheHelperEx.cs") -ReferencedAssemblies $RequiredAssemblies
+}
+
+function Get-MsalAuthenticationToken
+{
+ param($aquireTokenObj)
+
+ $script:authenticationFailure = $null
+ $script:errorInfo = $null
+ $authResult = $null
+ try
+ {
+ $tokenSource = New-Object System.Threading.CancellationTokenSource
+ $taskAuthenticationResult = $aquireTokenObj.ExecuteAsync($tokenSource.Token)
+ try
+ {
+ while (!$taskAuthenticationResult.IsCompleted)
+ {
+ # Login hung on rare occations
+ # Workaround: Added DoEvents
+ [System.Windows.Forms.Application]::DoEvents()
+ Start-Sleep -Seconds 1
+ }
+ }
+ finally
+ {
+ if (-not $taskAuthenticationResult.IsCompleted)
+ {
+ $tokenSource.Cancel()
+ }
+ $tokenSource.Dispose()
+ }
+
+ ## Parse task results
+ if ($taskAuthenticationResult.IsFaulted)
+ {
+ # ToDo Check if: $taskAuthenticationResult.Exception.InnerException -is [Microsoft.Identity.Client.MsalUiRequiredException]
+ if($taskAuthenticationResult.Exception.InnerException.ResponseBody)
+ {
+ try
+ {
+ $script:errorInfo = $taskAuthenticationResult.Exception.InnerException.ResponseBody | ConvertFrom-Json
+ }
+ catch { }
+ }
+ $script:authenticationFailure = ?? $taskAuthenticationResult.Exception.InnerException $taskAuthenticationResult.Exception
+ if($script:errorInfo.error_description)
+ {
+ Write-LogError "Failed to login. Error: $($script:errorInfo.error). Description: $($script:errorInfo.error_description)" 3
+ }
+ else
+ {
+ Write-LogError "Failed to login" (?? $taskAuthenticationResult.Exception.InnerException $taskAuthenticationResult.Exception)
+ }
+ }
+ if ($taskAuthenticationResult.IsCanceled)
+ {
+ Write-Log "The login was canceled" 2
+ }
+ else
+ {
+ $authResult = $taskAuthenticationResult.Result
+ }
+ }
+ catch
+ {
+ $script:authenticationFailure = ?? $_.Exception.InnerException $_.Exception
+ Write-LogError "Failed to authenticate" (?? $_.Exception.InnerException $_.Exception)
+ }
+ $authResult
+}
+
+function Get-MSALApp
+{
+ param($appInfo)
+
+ $msalApp = $script:MSALAllApps | Where { $_.ClientId -eq $appInfo.ClientID -and (-not $appInfo.RedirectUri -or $_.AppConfig.RedirectUri -eq $appInfo.RedirectUri)}
+
+ if(-not $msalApp)
+ {
+ Write-Log "Add MSAL App $($appInfo.ClientID) $((?? $appInfo.TenantId $appInfo.Authority))"
+ $appBuilder = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($appInfo.ClientID)
+
+ if($appInfo.TenantId) { [void]$appBuilder.WithAuthority("https://login.microsoftonline.com/$($appInfo.TenantId)/") }
+ elseif ($appInfo.Authority) { [void]$appBuilder.WithAuthority($appInfo.Authority) }
+ if($appInfo.RedirectUri) { [void]$appBuilder.WithRedirectUri($appInfo.RedirectUri) }
+
+ [void] $appBuilder.WithClientName("CloudAPIPowerShellManagement")
+ [void] $appBuilder.WithClientVersion($PSVersionTable.PSVersion)
+
+ $msalApp = $appBuilder.Build()
+
+ if((Get-SettingValue "CacheMSALToken"))
+ {
+ [TokenCacheHelperEx]::EnableSerialization($msalApp.UserTokenCache, "%LOCALAPPDATA%\CloudAPIPowerShellManagement\msalcahce.bin3")
+ }
+ $script:MSALAllApps += $msalApp
+ }
+ return $msalApp
+}
+
+function Connect-MSALUser
+{
+ param(
+ #[Parameter(Mandatory = $false, ParameterSetName = 'Silent')]
+ [switch]
+ $Silent,
+
+ #[Parameter(Mandatory = $false, ParameterSetName = 'Silent')]
+ [switch]
+ $ForceRefresh,
+
+ #[Parameter(Mandatory = $false, ParameterSetName = 'Interactive')]
+ [switch]
+ $Interactive,
+
+ $Account
+ )
+
+ # No login during first time the app is started
+ if($global:FirstTimeRunning -and $global:MainAppStarted -eq $false) { return }
+
+ Write-LogDebug "Authenticate"
+
+ if(-not $global:appObj.ClientId)
+ {
+ Write-Log "Application id is missing. Cannot authenticate" 3
+ return
+ }
+
+ if(-not $global:appObj.TenantId -and -not $global:appObj.Authority)
+ {
+ Write-Log "Tenant id/Authority is missing. Cannot authenticate" 3
+ return
+ }
+
+ if (-not ("TokenCacheHelperEx" -as [type]))
+ {
+ Add-MSALPrereq
+ }
+
+ if (-not ("TokenCacheHelperEx" -as [type]))
+ {
+ Write-Log "Failed to compile TokenCacheHelperEx class"
+ return
+ }
+
+ $curTicks = $global:MSALToken.ExpiresOn.LocalDateTime.Ticks
+
+ $currentLoggedInUserApp = ($global:MSALToken.Account.HomeAccountId.Identifier + $global:MSALToken.TenantId + $global:MSALApp.ClientId)
+ $currentLoggedInUserId = $global:MSALToken.Account.HomeAccountId.Identifier
+ if($Interactive -eq $true)
+ {
+ Clear-MSALCurentUserVaiables
+ $global:MSALToken = $null
+ }
+
+ if((Get-SettingValue "UseDefaultPermissions") -eq $true)
+ {
+ [string[]] $Scopes = "https://graph.microsoft.com/.default"
+ $useDefaultPermissions = $true
+ }
+ else
+ {
+ $Scopes = [string[]]$global:PermissionScope
+ $useDefaultPermissions = $false
+ }
+
+ $global:MSALApp = Get-MSALApp $global:appObj
+ $loginHint = ""
+
+ $global:MSALAccounts = $global:MSALApp.GetAccountsAsync().GetAwaiter().GetResult()
+ if($Account)
+ {
+ $loginHint = $global:MSALAccounts | Where UserName -eq $Account
+ if($global:MSALToken -and $global:MSALToken.Account.UserName -ne $Account)
+ {
+ # We're logging in with someone else...
+ Clear-MSALCurentUserVaiables
+ }
+ }
+
+ # If we force interactive login the skip setting loginHint to force the user select account
+ if(-not $loginHint -and $Interactive -ne $true)
+ {
+ if($global:MSALAccounts)
+ {
+ if($global:MSALToken)
+ {
+ # Make sure we are logging in with the current user
+ $loginHint = $global:MSALAccounts | Where { $_.HomeAccountId.Identifier -eq $global:MSALToken.Account.HomeAccountId.Identifier }
+ }
+ else
+ {
+ $lastUser = Get-Setting "" "LastLoggedOnUser"
+ if($lastUser)
+ {
+ $loginHint = $global:MSALAccounts | Where { $_.HomeAccountId.Identifier -eq $lastUser }
+ }
+ if(-not $loginHint)
+ {
+ # Try with the first user in the list
+ $loginHint = $global:MSALAccounts | Select -First 1
+ }
+ }
+ }
+ }
+
+ $prompConsent = $false
+ $authResult = $null
+ $tenantId = $global:appObj.TenantId
+ $authority = ?? $global:MSALAuthority $global:appObj.Authority
+
+ try
+ {
+ #########################################################################################################
+ ### Silent Login
+ #########################################################################################################
+ if($loginHint -and $Interactive -ne $true)
+ {
+ $aquireTokenObj = $global:MSALApp.AcquireTokenSilent($Scopes, $loginHint)
+ if($ForceRefresh) { [void]$aquireTokenObj.WithForceRefresh($ForceRefresh) }
+ if ($tenantId) { [void] $aquireTokenObj.WithAuthority("https://login.microsoftonline.com/$($TenantId)/") }
+ if ($authority) { [void]$aquireTokenObj.WithAuthority($authority) }
+
+ $authResult = Get-MsalAuthenticationToken $aquireTokenObj
+
+ if($script:authenticationFailure -and $script:authenticationFailure -isnot [Microsoft.Identity.Client.MsalUiRequiredException])
+ {
+ Write-Log "Authentication failed but not with UI required. Skipping futher authentication"
+ # Force the user to click Login
+ # Is this the best way to handle this? Could happen when connection is lost etc.
+ $global:MSALToken = $null
+ Get-MSALUserInfo
+ Clear-MSALCurentUserVaiables
+ return
+ }
+
+ if($authResult -and $authResult.ExpiresOn.LocalDateTime.Ticks -ne $curTicks)
+ {
+ Write-Log "$($authResult.Account.UserName) authenticated successfully (Silent). CorrelationId: $($global:MSALToken.CorrelationId)"
+ }
+ else
+ {
+ Write-LogDebug "$($authResult.Account.UserName) authenticated successfully (Silent). CorrelationId: $($global:MSALToken.CorrelationId)"
+ }
+
+ #AADSTS65001
+ if($script:authenticationFailure.Classification -eq "ConsentRequired")
+ {
+ $Scopes = [string[]]$global:PermissionScope
+ }
+ else
+ {
+ if($useDefaultPermissions -eq $false -and $authResult -and ($global:PermissionScope | measure).Count -gt 0 -and $global:promptConsentRequested -notcontains $authResult.TenantId)
+ {
+ $missingScopes = @()
+ foreach($scope in $global:PermissionScope)
+ {
+ $tmpScope = $scope.Split('/')[-1]
+ if($tmpScope -eq ".default") { continue }
+ if($authResult.Scopes -contains $tmpScope) { continue }
+ $missingScopes += $tmpScope
+ Write-LogDebug "Adding missing scope $tmpScope"
+ }
+
+ if($missingScopes)
+ {
+ # This will prompt for consent for the missing scopes
+ $prompConsent = $true
+ $global:promptConsentRequested += $authResult.TenantId
+ $Scopes = $authResult.Scopes
+ $extraScopesToConsent = [string[]]$missingScopes
+ $loginHint = $authResult.Account
+ }
+ }
+ }
+ }
+ }
+ catch {}
+
+ # Interactive login is only allowed once the app has started. Skip if silent login failed during startup
+ if($global:MainAppStarted -and ((-not $authResult -and $Silent -ne $true) -or $prompConsent))
+ {
+ #########################################################################################################
+ ### Interactive Login
+ #########################################################################################################
+ Write-Log "Initiate interactive logon"
+ Write-Log "Scopes: $(($Scopes -join ","))"
+ $loginHintName = (?? $loginHint.Username $loginHint)
+
+ $aquireTokenObj = $global:MSALApp.AcquireTokenInteractive($Scopes)
+
+ if ($tenantId)
+ {
+ Write-Log "Tenant id: $tenantId"
+ [void] $aquireTokenObj.WithAuthority("https://login.microsoftonline.com/$tenantId)/")
+ }
+ elseif ($authority)
+ {
+ Write-Log "Authority: $authority"
+ [void]$aquireTokenObj.WithAuthority($authority)
+ }
+
+ if($loginHintName)
+ {
+ Write-Log "Login hint: $loginHintName"
+ [void]$AquireTokenObj.WithLoginHint($loginHintName)
+ }
+
+ if($script:authenticationFailure.Claims)
+ {
+ Write-Log "Login claims: $($script:authenticationFailure.Claims))"
+ [void]$AquireTokenObj.WithClaims($script:authenticationFailure.Claims)
+ }
+
+ [IntPtr]$ParentWindow = [System.Diagnostics.Process]::GetCurrentProcess().MainWindowHandle
+ if ($ParentWindow)
+ {
+ [void]$aquireTokenObj.WithParentActivityOrWindow($ParentWindow)
+ }
+
+ # If we need a consent (e.g. App is not approved in the environment), prompt for consent with all reqruied permissions
+ # Extra scopes to consent is only required when new perissions should be added
+ if ($script:authenticationFailure.Classification -eq "ConsentRequired")
+ {
+ Write-Log "Interactive login with Consent prompt"
+ [void]$aquireTokenObj.WithPrompt([Microsoft.Identity.Client.Prompt]::Consent)
+ }
+ elseif ($extraScopesToConsent)
+ {
+ Write-Log "Interactive login with extra scopes consent prompt: $(($extraScopesToConsent -join ","))"
+ [void] $aquireTokenObj.WithExtraScopesToConsent($extraScopesToConsent)
+ }
+
+ $authResult = Get-MsalAuthenticationToken $aquireTokenObj
+ if($authResult)
+ {
+ Write-Log "$($authResult.Account.UserName) authenticated successfully (Interactively). CorrelationId: $($authResult.CorrelationId)"
+ }
+ }
+
+ if($currentLoggedInUserId -ne $authResult.Account.HomeAccountId.Identifier)
+ {
+ $script:AccessableTenants = $null
+ if($authResult -and (Get-Setting "" "GetTenantList" $false) -eq $true)
+ {
+ #########################################################################################################
+ ### Get tenant list
+ #########################################################################################################
+ try
+ {
+ Write-Log "Get tennant list"
+
+ # Can we reuse the app used for login?
+ $appBuilder = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($global:appObj.ClientID)
+ if($tenantId) { [void]$appBuilder.WithAuthority("https://login.microsoftonline.com/$($tenantId)") }
+ elseif ($authority) { [void]$appBuilder.WithAuthority($authority) }
+ if($global:appObj.RedirectUri) { [void]$appBuilder.WithRedirectUri($global:appObj.RedirectUri) }
+ $app = $appBuilder.Build()
+
+ if((Get-SettingValue "CacheMSALToken"))
+ {
+ [TokenCacheHelperEx]::EnableSerialization($app.UserTokenCache, "%LOCALAPPDATA%\CloudAPIPowerShellManagement\msalcahce.bin3")
+ }
+
+ ### Silent login
+ $tmpScope = [string[]]"https://management.azure.com/user_impersonation"
+ $tmpResults = Get-MsalAuthenticationToken ($app.AcquireTokenSilent($tmpScope, $authResult.Account))
+ if(-not $tmpResults -and $global:MainAppStarted -and $script:authenticationFailure -and $script:authenticationFailure -is [Microsoft.Identity.Client.MsalUiRequiredException])
+ {
+ ### Interactive login
+ $AquireTokenObj = $app.AcquireTokenInteractive($tmpScope)
+ #[void]$AquireTokenObj.WithAccount($authResult.Account)
+ [void]$AquireTokenObj.WithLoginHint($authResult.Account.Username)
+ $tmpResults = Get-MsalAuthenticationToken $AquireTokenObj
+ }
+
+ if($tmpResults)
+ {
+ $Headers = @{
+ 'Content-Type' = 'application/json'
+ 'Authorization' = "Bearer " + $tmpResults.AccessToken
+ 'ExpiresOn' = $tmpResults.ExpiresOn
+ }
+
+ $ret = Invoke-RestMethod "https://management.azure.com/tenants?api-version=2020-01-01" -Headers $Headers
+ if($ret)
+ {
+ $script:AccessableTenants = $ret.Value
+ }
+ }
+ }
+ catch { }
+ }
+ }
+
+ Write-LogDebug "Authentication finished $($authResult.Account.UserName)"
+
+ $global:MSALToken = $authResult
+
+ if($currentLoggedInUserApp -ne ($global:MSALToken.Account.HomeAccountId.Identifier + $global:MSALToken.TenantId + $global:MSALApp.ClientId))
+ {
+ if($authResult)
+ {
+ Save-Setting "" "LastLoggedOnUser" $authResult.Account.UserName
+ }
+
+ Write-LogDebug "User, tenant or app has changed"
+ Get-MSALUserInfo
+ }
+}
+
+function Disconnect-MSALUser
+{
+ param($user, [switch]$force)
+
+ if(-not $user)
+ {
+ if(-not $global:MSALToken.Account) { return }
+ $user = $global:MSALToken.Account # Logout current user
+ $global:MSALToken = $null
+ Clear-MSALCurentUserVaiables # Only clear variables for current user
+ }
+
+ # ToDo: Clear browser cache
+
+ if($user -and $global:MSALApp -and (Get-SettingValue "CacheMSALToken"))
+ {
+ if($force -eq $true -or [System.Windows.MessageBox]::Show("Do you want to remove the token from the cache?", "Clear cache?", "YesNo", "Question") -eq "Yes")
+ {
+ try
+ {
+ [void]$global:MSALApp.RemoveAsync($user).GetAwaiter().GetResult()
+ }
+ catch
+ {
+ Write-LogError "Failed to remove token from cache" $_.Exception
+ }
+ }
+ }
+ Get-MSALUserInfo
+}
+
+function Get-MSALProfileEllipse
+{
+ param($size = 32, $fontSize = 20, $Color = "Blue", [Switch]$Popup, $AuthenticationProvider)
+
+ Write-LogDebug "Create Profile Ellipse"
+
+ if(-not $global:MSALToken -or -not $global:me)
+ {
+ #########################################################################################################
+ ### Build login button when no user is logged on
+ #########################################################################################################
+
+ Write-LogDebug "Add login button"
+ $grd = [System.Windows.Controls.Border]::new()
+ $icon = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\Logon.xaml")
+ $icon.Width = $size
+ $icon.Height = $size
+ $grd.Background = "#01000000"
+ $grd.Child = $icon
+
+ $lnkButton = [System.Windows.Controls.Button]::new()
+ $lnkButton.Content = $grd
+ $lnkButton.Cursor = "Hand"
+ $lnkButton.Style = $window.TryFindResource("ContentButton")
+ $lnkButton.add_Click({
+ if($script:MSALDLLMissing)
+ {
+ Show-MSALError
+ return
+ }
+ if(($global:MSALAccounts | measure).Count -eq 0)
+ {
+ Connect-MSALUser -Interactive
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ Write-Status ""
+ }
+ else
+ {
+ $xaml = Get-Content ($global:AppRootFolder + "\Xaml\LoginPanel.Xaml")
+ $loginPanel = [Windows.Markup.XamlReader]::Parse($xaml)
+ $otherLogins = $loginPanel.FindName("grdAccounts")
+ foreach($account in $global:MSALAccounts)
+ {
+ try
+ {
+ #########################################################################################################
+ ### Add cached users to the list of logins
+ #########################################################################################################
+ $grdAccount = [System.Windows.Controls.Grid]::new()
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $grdAccount.ColumnDefinitions.Add($cd)
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $cd.Width = [double]::NaN
+ $grdAccount.ColumnDefinitions.Add($cd)
+
+ $icon = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\LoggedOnUser.xaml")
+ $icon.Width = 24
+ $icon.Height = 24
+ $icon.Margin = "0,0,5,0"
+ $grdAccount.Children.Add($icon) | Out-Null
+
+ $lbObj = [Windows.Markup.XamlReader]::Parse("$($account.UserName)$($account.HomeAccountId.TenantId)")
+ $lbObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ $grdAccount.Children.Add($lbObj) | Out-Null
+
+ $lnkButton = [System.Windows.Controls.Button]::new()
+ $lnkButton.Content = $grdAccount
+ $lnkButton.Style = $window.TryFindResource("LinkButton")
+ $lnkButton.Margin = "0,5,0,0"
+ $lnkButton.Cursor = "Hand"
+ $lnkButton.Tag = $account
+ $lnkButton.add_Click({
+ Write-Status "Logging in with $($this.Tag.UserName)"
+ Hide-Popup
+ Clear-MSALCurentUserVaiables
+ Connect-MSALUser -Account $this.Tag.UserName
+
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ Write-Status ""
+ })
+
+ AddGridObject $otherLogins $lnkButton
+ }
+ catch {}
+ }
+
+ #########################################################################################################
+ ### Add login button
+ #########################################################################################################
+ $grdAccount = [System.Windows.Controls.Grid]::new()
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $grdAccount.ColumnDefinitions.Add($cd)
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $cd.Width = [double]::NaN
+ $grdAccount.ColumnDefinitions.Add($cd)
+
+ $icon = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\Logon.xaml")
+ $icon.Width = 24
+ $icon.Height = 24
+ $icon.Margin = "0,0,5,0"
+ $grdAccount.Children.Add($icon) | Out-Null
+
+ $lbObj = [Windows.Markup.XamlReader]::Parse("Sign in with a different account")
+ $lbObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ #$lbObj.Style = $window.TryFindResource("HoverUnderlineStyle")
+ $grdAccount.Children.Add($lbObj) | Out-Null
+
+ $lnkButton = [System.Windows.Controls.Button]::new()
+ $lnkButton.Content = $grdAccount
+ $lnkButton.Style = $window.TryFindResource("LinkButton")
+ $lnkButton.Margin = "0,5,0,0"
+ $lnkButton.Cursor = "Hand"
+ $lnkButton.add_Click({
+ Write-Status "Logging in..."
+ Hide-Popup
+ Connect-MSALUser -Interactive
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ Write-Status ""
+ })
+
+ AddGridObject $otherLogins $lnkButton
+
+ $loginPanel.Tag = $this.Content
+
+ $loginPanel.Add_Loaded({param($obj, $e)
+ $point = $obj.Tag.TransformToAncestor($window).Transform([System.Windows.Point]::new(0,0));
+ [System.Windows.Controls.Canvas]::SetLeft($obj,($point.X - $obj.ActualWidth + $obj.Tag.ActualWidth))
+ [System.Windows.Controls.Canvas]::SetTop($obj,($point.Y + $obj.Tag.ActualHeight))
+ })
+
+ Show-Popup $loginPanel
+ }
+ })
+
+ return $lnkButton
+ }
+
+ #########################################################################################################
+ ### Build the ellipse image for the Profile Info
+ #########################################################################################################
+
+ if($global:me.givenName -and $global:me.surname)
+ {
+ $initials = "$($global:me.givenName[0])$($global:me.surname[0])".ToUpper()
+ }
+ else
+ {
+ $initials = "$($global:me.userPrincipalName[0])".ToUpper()
+ }
+
+ $grd = [System.Windows.Controls.Grid]::new()
+
+ $ellipse = [System.Windows.Shapes.Ellipse]::new()
+ $ellipse.Width = $size
+ $ellipse.Height = $size
+ $ellipse.Fill = $Color
+ $ellipse.Stroke = "#FFFF00FF"
+ $ellipse.StrokeThickness = "0"
+
+ $grd.Children.Add($ellipse) | Out-Null
+
+ $tb = [System.Windows.Controls.TextBlock]::new()
+ $tb.FontSize = $fontSize
+ $tb.Foreground = "White"
+ #$tb.FontFamily=""
+ $tb.FontWeight = "Bold"
+ #$tb.TextLineBounds="Tight"
+ $tb.VerticalAlignment="Center"
+ $tb.HorizontalAlignment="Center"
+ #$tb.IsTextScaleFactorEnabled="False"
+ $tb.Text = $initials
+
+ $grd.Children.Add($tb) | Out-Null
+
+ if($global:profilePhoto -and [IO.File]::Exists($global:profilePhoto))
+ {
+ Write-LogDebug "Create image"
+ $img = [System.Windows.Media.Imaging.BitmapImage]::new()
+ $img.BeginInit()
+ $img.CacheOption = [System.Windows.Media.Imaging.BitmapCacheOption]::OnLoad
+ $img.UriSource = [System.Uri]::new($global:profilePhoto)
+ $img.EndInit()
+ $ib = [System.Windows.Media.ImageBrush]::new()
+ $ib.ImageSource = $img
+
+ $ellipse = [System.Windows.Shapes.Ellipse]::new()
+ $ellipse.Width = $size
+ $ellipse.Height = $size
+ $ellipse.FlowDirection="LeftToRight"
+ $ellipse.Fill = $ib
+ $grd.Children.Add($ellipse) | Out-Null
+ }
+
+ if($Popup)
+ {
+ # Hide the popup when mouse button is clicked anywhere
+ $grd.add_MouseLeftButtonDown(({param($obj, $e)
+ if(-not $global:grdProfileInfo) { return }
+ Show-Popup $global:grdProfileInfo
+ }))
+
+ try
+ {
+ #########################################################################################################
+ ### Build Profile Info forcurrent user
+ #########################################################################################################
+
+ $global:grdProfileInfo = $null
+ $xaml = Get-Content ($global:AppRootFolder + "\Xaml\ProfileInfo.Xaml")
+ $global:grdProfileInfo = [Windows.Markup.XamlReader]::Parse($xaml)
+ $global:grdProfileInfo.Tag = $grd
+ $grd.Tag = $global:grdProfileInfo
+ Set-XamlProperty $global:grdProfileInfo "txtOrganization" "Text" $global:Organization.displayName
+ Set-XamlProperty $global:grdProfileInfo "txtUsername" "Text" $global:me.displayName
+ Set-XamlProperty $global:grdProfileInfo "txtLogonName" "Text" $global:me.userPrincipalName
+
+ $global:tokenInfo = Get-JWTtoken $global:MSALToken.AccessToken
+ if($global:tokenInfo)
+ {
+ Write-LogDebug "App $($global:tokenInfo.Payload.app_displayname)"
+ Set-XamlProperty $global:grdProfileInfo "txtAppName" "Text" $global:tokenInfo.Payload.app_displayname
+ Set-XamlProperty $global:grdProfileInfo "txtAppId" "Text" $global:tokenInfo.Payload.appid
+ }
+
+ $tmpObj = Get-MSALProfileEllipse -size 64 -fontSize 32
+ $profileGrid = $global:grdProfileInfo.FindName("ProfileInfo")
+ if($tmpObj -and $profileGrid)
+ {
+ $tmpObj.SetValue([System.Windows.Controls.Grid]::RowProperty,1)
+ $tmpObj.SetValue([System.Windows.Controls.Grid]::RowSpanProperty,2)
+ }
+
+ if($tmpObj)
+ {
+ $profileGrid.Children.Add($tmpObj) | Out-Null
+ }
+
+ $global:grdProfileInfo.Add_Loaded({param($obj, $e)
+ $point = $obj.Tag.TransformToAncestor($window).Transform([System.Windows.Point]::new(0,0));
+ [System.Windows.Controls.Canvas]::SetLeft($obj,($point.X - $obj.ActualWidth + $obj.Tag.ActualWidth))
+ [System.Windows.Controls.Canvas]::SetTop($obj,($point.Y + $obj.Tag.ActualHeight))
+ })
+
+ $otherLogins = $global:grdProfileInfo.FindName("grdAccountsAndTenants")
+
+ #########################################################################################################
+ ### Add cached users
+ #########################################################################################################
+
+ foreach($account in $global:MSALAccounts)
+ {
+ # Skip current logged on user
+ if($global:MSALToken.Account.Username -eq $Account.Username) { continue }
+
+ try
+ {
+ $grdAccount = [System.Windows.Controls.Grid]::new()
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $grdAccount.ColumnDefinitions.Add($cd)
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $cd.Width = [double]::NaN
+ $grdAccount.ColumnDefinitions.Add($cd)
+
+ $icon = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\LoggedOnUser.xaml")
+ $icon.Width = 24
+ $icon.Height = 24
+ $icon.Margin = "0,0,5,0"
+ $grdAccount.Children.Add($icon) | Out-Null
+
+ $lbObj = [Windows.Markup.XamlReader]::Parse("$($account.UserName)$($account.HomeAccountId.TenantId)")
+ $lbObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ $grdAccount.Children.Add($lbObj) | Out-Null
+
+ # Forget user
+ # Cannot be added to Grid since that is for logging on with user
+ # Need to rebuild the
+ #$icon = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\Trash.xaml")
+ #$icon.Width = 24
+ #$icon.Height = 24
+ #$icon.Margin = "0,0,5,0"
+ #$icon.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ #$icon.HorizontalAlignment = "Right"
+ #$grdAccount.Children.Add($icon) | Out-Null
+
+ $lnkButton = [System.Windows.Controls.Button]::new()
+ $lnkButton.Content = $grdAccount
+ $lnkButton.Style = $window.TryFindResource("LinkButton")
+ $lnkButton.Margin = "0,5,0,0"
+ $lnkButton.Cursor = "Hand"
+ $lnkButton.Tag = $account
+ $lnkButton.add_Click({
+ Write-Status "Logging in with $($this.Tag.UserName)"
+ Hide-Popup
+ Clear-MSALCurentUserVaiables
+ Connect-MSALUser -Account $this.Tag.UserName
+
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ Write-Status ""
+ })
+
+ AddGridObject $otherLogins $lnkButton
+ }
+ catch {}
+ }
+
+ #########################################################################################################
+ ### Add login with another user
+ #########################################################################################################
+ $grdAccount = [System.Windows.Controls.Grid]::new()
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $grdAccount.ColumnDefinitions.Add($cd)
+ $cd = [System.Windows.Controls.ColumnDefinition]::new()
+ $cd.Width = [double]::NaN
+ $grdAccount.ColumnDefinitions.Add($cd)
+
+ $icon = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\Logon.xaml")
+ $icon.Width = 24
+ $icon.Height = 24
+ $icon.Margin = "0,0,5,0"
+ $grdAccount.Children.Add($icon) | Out-Null
+
+ $lbObj = [Windows.Markup.XamlReader]::Parse("Sign in with a different account")
+ $lbObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ #$lbObj.Style = $window.TryFindResource("HoverUnderlineStyle")
+ $grdAccount.Children.Add($lbObj) | Out-Null
+
+ $lnkButton = [System.Windows.Controls.Button]::new()
+ $lnkButton.Content = $grdAccount
+ $lnkButton.Style = $window.TryFindResource("LinkButton")
+ $lnkButton.Margin = "0,5,0,0"
+ $lnkButton.Cursor = "Hand"
+ $lnkButton.Tag = $account
+ $lnkButton.add_Click({
+ Write-Status "Logging in..."
+ Hide-Popup
+ Connect-MSALUser -Interactive
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ Write-Status ""
+ })
+
+ AddGridObject $otherLogins $lnkButton
+
+ if(($script:AccessableTenants | measure).Count -gt 1)
+ {
+ #########################################################################################################
+ ### Add switch to another tenant
+ #########################################################################################################
+ $lbObj = [Windows.Markup.XamlReader]::Parse("Tenants:")
+ $lbObj.Margin = "0,5,0,0"
+
+ AddGridObject $otherLogins $lbObj
+ foreach($tenant in $script:AccessableTenants)
+ {
+ try
+ {
+ $lbObj = [Windows.Markup.XamlReader]::Parse("$($tenant.DisplayName)$($tenant.defaultDomain)$($tenant.tenantId)")
+
+ if($tenant.tenantId -ne $global:MSALToken.TenantId)
+ {
+ $lbObj.Style = $window.TryFindResource("HoverUnderlineStyleWithBackground")
+ $lbObj.HorizontalAlignment = "Stretch"
+ $lnkButton = [System.Windows.Controls.Button]::new()
+ $lnkButton.Content = $lbObj
+ $lnkButton.HorizontalAlignment = "Stretch"
+ $lnkButton.Style = $window.TryFindResource("ContentButton")
+ $lnkButton.Margin = "0,5,0,0"
+ $lnkButton.Cursor = "Hand"
+ $lnkButton.Tag = $tenant
+ $lnkButton.add_Click({
+ Write-Status "Logging in to $($this.Tag.DisplayName)"
+ # Set authority to selected tenant
+ $global:MSALAuthority = "https://login.microsoftonline.com/$($this.Tag.tenantId)/"
+ Hide-Popup
+ Connect-MSALUser -Account $global:MSALToken.Account.Username
+
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ Write-Status ""
+ })
+ AddGridObject $otherLogins $lnkButton
+ }
+ else
+ {
+ $lbObj.Background = $window.TryFindResource("SelectedRowBackgroundColor")
+ $lbObj.Margin = "0,5,0,0"
+ AddGridObject $otherLogins $lbObj
+ }
+ }
+ catch {}
+ }
+ }
+
+ #########################################################################################################
+ ### Add event handling
+ #########################################################################################################
+ Add-XamlEvent $tmpObj "lnkTokeninfo" "add_Click" {
+ #Hide-Popup
+ $tokenArr = @()
+ foreach($prop in ($global:MSALToken | GM | Where MemberType -eq Property))
+ {
+ if($prop.Name -in @("AccessToken", "IdToken")) { continue }
+ elseif($prop.Name -eq "Scopes") { $value = ($global:MSALToken.Scopes -join "`n")}
+ elseif($prop.Name -in @("ExpiresOn", "ExtendedExpiresOn")) { $value = $global:MSALToken."$($prop.Name)".LocalDateTime }
+ else { $value = $global:MSALToken."$($prop.Name)"}
+
+
+ $tokenArr += New-Object PSObject -Property @{
+ Name=$prop.Name
+ Value=$value
+ }
+ }
+
+ $dg = [System.Windows.Controls.DataGrid]::new()
+ $dg.ItemsSource = ($tokenArr | Select Name, Value)
+ Show-ModalForm "Token info" $dg
+ }
+
+ Add-XamlEvent $tmpObj "lnkAccessTokenInfo" "add_Click" {
+ #Hide-Popup
+ Show-MSALDecodedToken (Get-JWTtoken $global:MSALToken.AccessToken) "Access Token Info"
+ }
+
+ Add-XamlEvent $tmpObj "lnkIdTokenInfo" "add_Click" {
+ #Hide-Popup
+ Show-MSALDecodedToken (Get-JWTtoken $global:MSALToken.IdToken) "Id Token Info"
+ }
+
+ Add-XamlEvent $tmpObj "lnkForceRefresh" "add_Click" {
+ Write-Status "Refreshing the token"
+ Connect-MSALUser -ForceRefresh
+ if(-not $global:MSALToken)
+ {
+ # Refresh failed. User was logged out
+ Show-GraphObjects
+ Hide-Popup
+ }
+ Write-Status ""
+ }
+
+ Add-XamlEvent $tmpObj "lnkLogout" "add_Click" {
+ Hide-Popup
+ Disconnect-MSALUser
+ if($global:curObjectType)
+ {
+ Show-GraphObjects
+ }
+ }
+ }
+ catch {
+ Write-LogError "Failed to create profile information object. Error: " $_.Exception
+ }
+ }
+
+ $grd
+}
+
+function Show-MSALDecodedToken {
+ param (
+ $tokenData,
+ $title
+ )
+ $tokenArr = @()
+ foreach($prop in ($tokenData.Header | GM | Where MemberType -eq NoteProperty))
+ {
+ $tokenArr += New-Object PSObject -Property @{
+ Name=$prop.Name
+ Value=$tokenData.Header."$($prop.Name)"
+ }
+ }
+
+ foreach($prop in ($tokenData.Payload | GM | Where MemberType -eq NoteProperty))
+ {
+ if($prop.Name -in @("exp","iat","nbf","xms_tcdt"))
+ {
+ $value =[datetime]::new(1970, 1, 1, 0, 0, 0, 0, "UTC").AddSeconds(($tokenData.Payload."$($prop.Name)")).ToLocalTime()
+ }
+ elseif($prop.Name -in @("acrs","amr"))
+ {
+ $value = $tokenData.Payload."$($prop.Name)" -join ";"
+ }
+ elseif($prop.Name -in @("wids"))
+ {
+ $value = $tokenData.Payload."$($prop.Name)" -join "`n"
+ }
+ elseif($prop.Name -in @("scp"))
+ {
+ $value = $tokenData.Payload."$($prop.Name)" -replace " ","`n"
+ }
+ else
+ {
+ $value = $tokenData.Payload."$($prop.Name)"
+ }
+ $tokenArr += New-Object PSObject -Property @{
+ Name=$prop.Name
+ Value=$value
+ }
+ }
+ $dg = [System.Windows.Controls.DataGrid]::new()
+ $dg.ItemsSource = ($tokenArr | Select Name, Value)
+ Show-ModalForm $title $dg
+}
+
+Export-ModuleMember -alias * -function *
\ No newline at end of file
diff --git a/Extensions/MSGraph.psm1 b/Extensions/MSGraph.psm1
new file mode 100644
index 0000000..64f4b43
--- /dev/null
+++ b/Extensions/MSGraph.psm1
@@ -0,0 +1,1952 @@
+<#
+.SYNOPSIS
+Module for MS Graph functions
+
+.DESCRIPTION
+This module manages Microsoft Grap fuctions like calling APIs, managing graph objects etc. This is common for all view using MS Graph
+
+.NOTES
+ Author: Mikael Karlsson
+#>
+function Get-ModuleVersion
+{
+ '3.0.0'
+}
+
+$global:MSGraphGlobalApps = @(
+ (New-Object PSObject -Property @{Name="";ClientId="";RedirectUri="";Authority=""}),
+ (New-Object PSObject -Property @{Name="Microsoft Intune PowerShell";ClientId="d1ddf0e4-d672-4dae-b554-9d5bdfd93547";RedirectUri="urn:ietf:wg:oauth:2.0:oob";Authority="https://login.microsoftonline.com/organizations/"}),
+ (New-Object PSObject -Property @{Name="Microsoft Graph PowerShell";ClientId="14d82eec-204b-4c2f-b7e8-296a70dab67e";RedirectUri="https://login.microsoftonline.com/common/oauth2/nativeclient";Authority="https://login.microsoftonline.com/organizations/"})
+ )
+
+function Invoke-InitializeModule
+{
+ $global:graphURL = "https://graph.microsoft.com/beta"
+
+ $global:LoadedDependencyObject = $null
+ $global:MigrationTableCache = $null
+
+ # Make sure MS Graph settings are added before exiting before App Id and Tenant Id is missing
+ Write-Log "Add settings and menu items"
+
+ # Add settings
+ $global:appSettingSections += (New-Object PSObject -Property @{
+ Title = "Import/Export"
+ Id = "ImportExport"
+ Values = @()
+ })
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Root folder"
+ Key = "RootFolder"
+ Type = "Folder"
+ Description = "Root folder for exporting/importing objects"
+ }) "ImportExport"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Add object type"
+ Key = "AddObjectType"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Default setting for adding object type to the export folder"
+ }) "ImportExport"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Add company name"
+ Key = "AddCompanyName"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Default setting for adding company name to the export folder"
+ }) "ImportExport"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Export Assignments"
+ Key = "ExportAssignments"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Default setting for exporting assignments"
+ }) "ImportExport"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Create groups"
+ Key = "CreateGroupOnImport"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Default setting for creating groups during import"
+ }) "ImportExport"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Convert synced groups"
+ Key = "ConvertSyncedGroupOnImport"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Convert AD synched groups to Azure AD group during import if the group does not exist"
+ }) "ImportExport"
+
+ Add-SettingsObject (New-Object PSObject -Property @{
+ Title = "Import Assignments"
+ Key = "ImportAssignments"
+ Type = "Boolean"
+ DefaultValue = $true
+ Description = "Import assignments when importing objects"
+ }) "ImportExport"
+}
+
+function Get-GraphAppInfo
+{
+ param($settingId, $defaultAppId)
+
+ $graphAppId = Get-SettingValue $settingId
+
+ if($graphAppId)
+ {
+ # Check if an app in the list is selected
+ $appObj = $global:MSGraphGlobalApps | Where ClientId -eq $graphAppId
+ }
+
+ if(-not $appObj)
+ {
+ # Set app info from custom settings
+ $appObj = New-Object PSObject -Property @{
+ ClientId = Get-SettingValue "$($PreFix)CustomAppId"
+ TenantId = Get-SettingValue "$($PreFix)CustomTenantId"
+ RedirectUri = Get-SettingValue "$($PreFix)CustomAppRedirect"
+ Authority = Get-SettingValue "$($PreFix)CustomAuthority"
+ }
+ }
+
+ if(-not $appObj.ClientId -and $defaultAppId)
+ {
+ # No app info found. Use default
+ $appObj = $global:MSGraphGlobalApps | Where ClientId -eq $defaultAppId
+ }
+
+ $appObj
+}
+
+function Invoke-GraphRequest
+{
+ param (
+ [Parameter(Mandatory)]
+ $Url,
+
+ [Alias("Body")]
+ $Content,
+
+ $Headers,
+
+ [ValidateSet("GET","POST","OPTIONS","DELETE", "PATCH")]
+ [Alias("Method")]
+ $HttpMethod = "GET",
+
+ $AdditionalHeaders,
+
+ [string]$Outfile = "",
+
+ [Switch]$SkipAuthentication,
+
+ $ODataMetadata = "full" # full, minimal, none or skip
+ )
+
+ if($SkipAuthentication -ne $true)
+ {
+ Connect-MSALUser
+ }
+
+ $params = @{}
+
+ $requestId = [Guid]::NewGuid().guid
+
+ if(-not $Headers)
+ {
+ $Headers = @{
+ 'Content-Type' = 'application/json; charset=utf-8'
+ 'Authorization' = "Bearer " + $global:MSALToken.AccessToken
+ 'ExpiresOn' = $global:MSALToken.ExpiresOn
+ 'x-ms-client-request-id' = $requestId
+ }
+
+ if($ContentLanguage)
+ {
+ $Headers.Add("Content-Language",$ContentLanguage)
+ }
+ }
+
+ if($HttpMethod -eq "GET" -and $ODataMetadata -ne "Skip")
+ {
+ # Note: odata.metadata=full in Accept
+ # @odata.type is not always included with default (minimum).
+ # That is required to identify the object type in some functions
+ # It does include a lot of info we don't need...
+ $Headers.Add("Accept","application/json;odata.metadata=$ODataMetadata")
+ }
+ #elseif($Content)
+ #{
+ # # Upload content as UTF8 to support international and extended characters
+ # $Content = [System.Text.Encoding]::UTF8.GetBytes($Content)
+ #}
+
+ if($AdditionalHeaders -is [HashTable])
+ {
+ foreach($key in $AdditionalHeaders)
+ {
+ if($Headers.ContainsKey($key)) { continue }
+
+ $Headers.Add($key, $AdditionalHeaders[$key])
+ }
+ }
+
+ if($Content) { $params.Add("Body", [System.Text.Encoding]::UTF8.GetBytes($Content)) }
+ if($Headers) { $params.Add("Headers", $Headers) }
+ if($Outfile)
+ {
+ $dirName = [IO.Path]::GetDirectoryName($Outfile)
+ try {
+ [IO.Directory]::CreateDirectory($dirName)
+ }
+ catch {
+
+ }
+ if([IO.Directory]::Exists($dirName))
+ {
+ $params.Add("OutFile", $OutFile)
+ }
+ else {
+ Write-Log "Failed to create directory for OutFile $Outfile" 3
+ }
+ }
+
+ if(($Url -notmatch "^http://|^https://"))
+ {
+ $Url = $global:graphURL + "/" + $Url.TrimStart('/')
+ $Url = $Url -replace "%OrganizationId%", $global:Organization.Id
+ }
+
+ ### !!!
+ ### @odata.nextLink - ToDo: Support for paging
+ ### https://docs.microsoft.com/en-us/graph/paging
+
+ $ret = $null
+ try
+ {
+ Write-LogDebug "Invoke graph API: $Url (Request ID: $requestId)"
+ $ret = Invoke-RestMethod -Uri $Url -Method $HttpMethod @params
+ if($? -eq $false)
+ {
+ throw $global:error[0]
+ }
+ }
+ catch
+ {
+ Write-LogError "Failed to invoke MS Graph with URL $Url (Request ID: $requestId). Status code: $($_.Exception.Response.StatusCode)" $_.Excption
+ }
+
+ Write-Debug "$(($ret | Select *))"
+
+ $ret
+}
+
+function Get-GraphObjects
+{
+ param(
+ [Array]
+ $Url,
+ [Array]
+ $property = $null,
+ [Array]
+ $exclude,
+ $SortProperty = "displayName")
+
+ $objects = @()
+
+ if($property -isnot [Object[]]) { $property = @('displayName', 'description', 'id')}
+
+ $graphObjects = Invoke-GraphRequest -Url $url
+
+ if($graphObjects -and ($graphObjects | GM -Name Value -MemberType NoteProperty))
+ {
+ $retObjects = $graphObjects.Value
+ }
+ else
+ {
+ $retObjects = $graphObjects
+ }
+
+ foreach($graphObject in $retObjects)
+ {
+ $params = @{}
+ if($property) { $params.Add("Property", $property) }
+ if($exclude) { $params.Add("ExcludeProperty", $exclude) }
+ foreach($objTmp in ($graphObject | Select-Object @params))
+ {
+ $objTmp | Add-Member -NotePropertyName "IsSelected" -NotePropertyValue $false
+ $objTmp | Add-Member -NotePropertyName "Object" -NotePropertyValue $graphObject
+ $objects += $objTmp
+ }
+ }
+ $property = "IsSelected",$property
+
+ if($objects.Count -gt 0 -and $SortProperty -and ($objects[0] | GM -MemberType NoteProperty -Name $SortProperty))
+ {
+ $objects = $objects | sort -Property $SortProperty
+ }
+ $objects
+}
+
+function Show-GraphObjects
+{
+ $global:curObjectType = $global:lstMenuItems.SelectedItem
+
+ Clear-GraphObjects
+
+ if(-not $global:MSALToken)
+ {
+ $global:grdNotLoggedIn.Visibility = "Visible"
+ $global:grdData.Visibility = "Collapsed"
+ return
+ }
+ $global:grdNotLoggedIn.Visibility = "Collapsed"
+ $global:grdData.Visibility = "Visible"
+
+ # Always show Import is an item is selected
+ $global:btnImport.IsEnabled = $global:lstMenuItems.SelectedItem -ne $null
+
+ if(-not $global:lstMenuItems.SelectedItem) { return }
+
+ Write-Status "Loading $($global:curObjectType.Title) objects"
+
+ if($global:lstMenuItems.SelectedItem.ShowForm -ne $false)
+ {
+ $viewItem = $global:lstMenuItems.SelectedItem
+ if($viewItem.Icon -or [IO.File]::Exists(($global:AppRootFolder + "\Xaml\Icons\$($viewItem.Id).xaml")))
+ {
+ $global:ccIcon.Content = Get-XamlObject ($global:AppRootFolder + "\Xaml\Icons\$((?? $viewItem.Icon $viewItem.Id)).xaml")
+ }
+
+ $global:txtFormTitle.Text = $global:lstMenuItems.SelectedItem.Title
+ $global:grdTitle.Visibility = "Visible"
+ }
+
+ $url = $global:curObjectType.API
+ if($global:curObjectType.QUERYLIST)
+ {
+ $url = "$($url.Trim())?$($global:curObjectType.QUERYLIST.Trim())"
+ }
+
+ $graphObjects = @(Get-GraphObjects -Url $url -property $global:curObjectType.ViewProperties)
+
+ if($global:curObjectType.PostListCommand)
+ {
+ $graphObjects = & $global:curObjectType.PostListCommand $graphObjects $global:curObjectType
+ }
+
+ if(($graphObjects | measure).Count -eq 0) { return }
+
+ $dgObjects.AutoGenerateColumns = $false
+ $dgObjects.Columns.Clear()
+ $tmpObj = $graphObjects | Select -First 1
+
+ $prop = $tmpObj.PSObject.Properties | Where Name -eq "IsSelected"
+ if($prop)
+ {
+ # Build the CheckBox column for IsSelected
+ $binding = [System.Windows.Data.Binding]::new($prop.Name)
+ $binding.UpdateSourceTrigger = [System.Windows.Data.UpdateSourceTrigger]::PropertyChanged
+ $column = [System.Windows.Controls.DataGridTemplateColumn]::new()
+ $fef = [System.Windows.FrameworkElementFactory]::new([System.Windows.Controls.CheckBox])
+ $binding.Mode = [System.Windows.Data.BindingMode]::TwoWay
+ $fef.SetValue([System.Windows.Controls.CheckBox]::IsCheckedProperty,$binding)
+ $dt = [System.Windows.DataTemplate]::new()
+ $dt.VisualTree = $fef
+ $column.CellTemplate = $dt
+ #$header = [System.Windows.Controls.CheckBox]::new()
+ #$column.Header = $header
+ $dgObjects.Columns.Add($column)
+ }
+
+ $tableColumns = @()
+ # Add other columns
+ foreach($prop in ($tmpObj.PSObject.Properties | Where {$_.Name -notin @("IsSelected","Object")}))
+ {
+ $binding = [System.Windows.Data.Binding]::new($prop.Name)
+ $column = [System.Windows.Controls.DataGridTextColumn]::new()
+ $column.Header = $prop.Name
+ $column.IsReadOnly = $true
+ $column.Binding = $binding
+
+ $tableColumns += $prop.Name
+ $dgObjects.Columns.Add($column)
+ }
+ $ocList = [System.Collections.ObjectModel.ObservableCollection[object]]::new($graphObjects)
+ $dgObjects.ItemsSource = [System.Windows.Data.CollectionViewSource]::GetDefaultView($ocList)
+
+ <#
+ $dt = New-Object System.Data.DataTable
+ [void]$dt.Columns.AddRange($tableColumns)
+ foreach ($graphObject in $graphObjects)
+ {
+ $rowValues = @()
+ Foreach ($prop in $tableColumns)
+ {
+ $rowValues += $graphObject.$prop
+ }
+ $dt.Rows.Add($rowValues) | Out-Null
+ }
+ $dgObjects.ItemsSource = $dt.DefaultView
+ #>
+
+ # Show/Hide buttons based on object type
+ foreach($ctrl in $spSubMenu.Children)
+ {
+ if(-not $global:curObjectType.ShowButtons -or ($global:curObjectType.ShowButtons | Where-Object { $ctrl.Name -like "*$($_)" } ))
+ {
+ Write-LogDebug "Show $($ctrl.Name)"
+ $ctrl.Visibility = "Visible"
+ }
+ else
+ {
+ Write-LogDebug "Hide $($ctrl.Name)"
+ $ctrl.Visibility = "Collapsed"
+ }
+ }
+}
+
+function Clear-GraphObjects
+{
+ $global:txtFormTitle.Text = ""
+ $global:grdTitle.Visibility = "Collapsed"
+ $global:grdObject.Children.Clear()
+ $global:dgObjects.ItemsSource = $null
+ Set-ObjectGrid
+
+ [System.Windows.Forms.Application]::DoEvents()
+}
+
+function Get-GraphObject
+{
+ param($obj, $objectType, [switch]$SkipAssignments)
+
+ Write-Status "Loading $((Get-GraphObjectName $obj $objectType))"
+
+ if($objectType.PreGetCommand)
+ {
+ $preConfig = & $objectType.PreGetCommand $obj $objectType
+ }
+
+ if($preConfig -isnot [Hashtable]) { $preConfig = @{} }
+
+ if($preConfig.ContainsKey("API") -and $preConfig["API"])
+ {
+ $api = $preConfig["API"]
+ }
+ elseif(-not $objectType.APIGET)
+ {
+ $api = ("$($objectType.API)/$($obj.Id)")
+ }
+ else
+ {
+ $api = $graphObject.APIGET -replace "%id%", (Get-GraphObjectId $obj $objectType)
+ }
+
+ $expand = @()
+ if($obj.'assignments@odata.navigationLink' -and $SkipAssignments -ne $true -and $objectType.ExpandAssignments -ne $false)
+ {
+ $expand += "assignments"
+ }
+
+ if($obj.'apps@odata.navigationLink')
+ {
+ $expand += "apps"
+ }
+
+ if($obj.'settings@odata.navigationLink')
+ {
+ $expand += "settings"
+ }
+
+ if($obj.'roleAssignments@odata.navigationLink')
+ {
+ $expand += "roleAssignments"
+ }
+
+ if($objectType.Expand)
+ {
+ foreach($objExpand in $objectType.Expand)
+ {
+ if($objExpand -notin $expand) { $expand += $objExpand}
+ }
+ }
+
+ if($expand.Count -gt 0)
+ {
+ if($api.IndexOf('?') -eq -1) { $api = ($api + "?")}
+ else { $api = ($api + "&")}
+ $api = ($api + ("expand=" + ($expand -join ",")))
+ }
+
+ $objInfo = Get-GraphObjects -Url $api -property $objectType.ViewProperties
+
+ if($objInfo -and $objectType.PostGetCommand)
+ {
+ & $objectType.PostGetCommand $objInfo $objectType
+ }
+ $objInfo
+}
+
+# Generic Pre-Import function for all imports
+function Start-GraphPreImport
+{
+ param($obj, $objectType)
+
+ if($objectType.SkipRemovingProperties -eq $true) { return }
+
+ $removeProperties = $objectType.PropertiesToRemove
+
+ if($removeProperties -isnot [Object[]])
+ {
+ $removeProperties = @()
+ }
+
+ if($removeProperties.Count -eq 0 -or $objectType.SkipRemoveDefaultProperties -ne $true)
+ {
+ # Default properties to delete
+ $removeProperties += @('lastModifiedDateTime','createdDateTime','supportsScopeTags','id','modifiedDateTime')
+ }
+
+ # Remove OData properties
+ foreach($odataProp in ($obj.PSObject.Properties | Where { $_.Name -like "*@Odata*Link" -or $_.Name -like "*@odata.context" -or $_.Name -like "*@odata.id" -or ($_.Name -like "*@odata.type" -and $_.Name -ne "@odata.type")}))
+ {
+ $removeProperties += $odataProp.Name
+ }
+
+ foreach($prop in $removeProperties)
+ {
+ # Allow override deleting default propeties e.g. some object types requires the Id property
+ if($objectType.SkipRemoveProperties -is [Object[]] -and $prop -in $objectType.SkipRemoveProperties) { continue }
+ Remove-Property $obj $prop
+ }
+
+ if($objectType.SkipRemovingChildProperties -ne $true)
+ {
+ foreach($prop in ($obj.PSObject.Properties))
+ {
+ if($obj."$($prop.Name)"."@odata.type")
+ {
+ foreach($childObj in ($obj."$($prop.Name)"))
+ {
+ Start-GraphPreImport $childObj $objectType
+ }
+ }
+ }
+ }
+}
+
+function Get-GraphMetaData
+{
+ if(-not $global:metaDataXML)
+ {
+ $downloadSize = 0
+ $url = "https://graph.microsoft.com/beta/`$metadata#deviceAppManagement"
+ try
+ {
+ $wr = [net.WebRequest]::Create($url)
+ try
+ {
+ $wrResponse = $wr.GetResponse()
+ $downloadSize = $wrResponse.ContentLength
+ }
+ catch
+ {
+ }
+ finally
+ {
+ $wrResponse.Close()
+ $wrResponse.Dispose()
+ }
+ $wr.Abort()
+ }
+ catch
+ {
+
+ }
+ #ToDo: When do we update/re-download it?
+ $fileName = [Environment]::ExpandEnvironmentVariables("%LOCALAPPDATA%\GraphPowerShellManager\GraphMetaData.xml")
+ $fi = [IO.FileInfo]$fileName
+ if($fi.Exists -and $fi.Length -ne $downloadSize)
+ {
+ try
+ {
+ [xml]$global:metaDataXML = Get-Content $fileName
+ }
+ catch { }
+ }
+
+
+ if(-not $global:metaDataXML)
+ {
+ $ret = Invoke-WebRequest $url -UseBasicParsing
+ [xml]$global:metaDataXML = $ret.Content
+ try { $global:metaDataXML.Save($fileName) } catch {}
+ }
+ }
+}
+
+function Get-GraphObjectClassName
+{
+ param($type)
+
+ Get-GraphMetaData
+
+ $objectClassName = $null
+
+ $nodes = $global:metaDataXML.SelectNodes("//*[@Type='Collection(graph.$($type))']")
+ if($nodes -ne $null -and $nodes.Count -gt 0)
+ {
+ foreach($node in $nodes)
+ {
+ if($node.ParentNode.Name -eq "deviceAppManagement")
+ {
+ $objectClassName = $node.Name
+ break
+ }
+ }
+ }
+
+ $objectClassName
+}
+
+#region Export/Import dialogs
+
+function Show-GraphExportForm
+{
+ $script:exportForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\ExportForm.xaml") -AddVariables
+ if(-not $script:exportForm) { return }
+
+ Set-XamlProperty $script:exportForm "txtExportPath" "Text" (?? (Get-Setting "" "LastUsedRoot") (Get-SettingValue "RootFolder"))
+ Set-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked" (Get-SettingValue "AddObjectType")
+ Set-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked" (Get-SettingValue "AddCompanyName")
+
+ Set-XamlProperty $script:exportForm "btnExportSelected" "IsEnabled" ($global:dgObjects.SelectedItem -ne $null)
+ if(($global:dgObjects.ItemsSource | Where IsSelected).Count -gt 0)
+ {
+ Set-XamlProperty $script:exportForm "lblSelectedObject" "Content" "$(($global:dgObjects.ItemsSource | Where IsSelected).Count) selected object(s)"
+ }
+ elseif($global:dgObjects.SelectedItem)
+ {
+ Set-XamlProperty $script:exportForm "lblSelectedObject" "Content" "Selected object: $((Get-GraphObjectName $global:dgObjects.SelectedItem $global:curObjectType))"
+ }
+ Add-XamlEvent $script:exportForm "btnCancel" "add_click" {
+ $script:exportForm = $null
+ Show-ModalObject
+ }
+
+ Add-XamlEvent $script:exportForm "btnExportAll" "add_click" {
+
+ Export-GraphObjects
+
+ $script:exportForm = $null
+ Show-ModalObject
+ }
+
+ Add-XamlEvent $script:exportForm "btnExportSelected" "add_click" {
+ Export-GraphObjects -Selected
+
+ $script:exportForm = $null
+ Show-ModalObject
+ }
+
+ Add-XamlEvent $script:exportForm "browseExportPath" "add_click" {
+ $folder = Get-Folder (Get-XamlProperty $script:exportForm "txtExportPath" "Text") "Select root folder for export"
+ if($folder)
+ {
+ Set-XamlProperty $script:exportForm "txtExportPath" "Text" $folder
+ }
+ }
+
+ Add-GraphExportExtensions $script:exportForm 1
+
+ Show-ModalForm "Export $($global:curObjectType.Title) objects" $script:exportForm -HideButtons
+}
+
+function Show-GraphBulkExportForm
+{
+ $script:exportForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\BulkExportForm.xaml") -AddVariables
+ if(-not $script:exportForm) { return }
+
+ Set-XamlProperty $script:exportForm "txtExportPath" "Text" (?? (Get-Setting "" "LastUsedRoot") (Get-SettingValue "RootFolder"))
+ Set-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked" (Get-SettingValue "AddCompanyName")
+
+ Add-XamlEvent $script:exportForm "browseExportPath" "add_click" ({
+ $folder = Get-Folder (Get-XamlProperty $script:exportForm "txtExportPath" "Text") "Select root folder for export"
+ if($folder)
+ {
+ Set-XamlProperty $script:exportForm "txtExportPath" "Text" $folder
+ }
+ })
+
+ $script:exportObjects = @()
+ foreach($objType in $global:lstMenuItems.ItemsSource)
+ {
+ if(-not $objType.Title) { continue }
+
+ if($objType.ShowButtons -is [Object[]] -and $objType.ShowButtons -notcontains "Export") { continue }
+
+ $script:exportObjects += New-Object PSObject -Property @{
+ Title = $objType.Title
+ Selected = (?? $objType.BulkExport $true)
+ ObjectType = $objType
+ }
+ }
+
+ Add-GraphExportExtensions $script:exportForm 0
+
+ $script:lstObjectsToExport = $script:exportForm.FindName("lstObjectsToExport")
+ if($script:lstObjectsToExport)
+ {
+ $script:lstObjectsToExport.ItemsSource = $script:exportObjects
+
+ Add-XamlEvent $script:exportForm "chkCheckAll" "add_click" ({
+ foreach($item in $script:exportObjects)
+ {
+ $item.Selected = $this.IsChecked
+ }
+ $script:lstObjectsToExport.Items.Refresh()
+ })
+ }
+
+ Add-XamlEvent $script:exportForm "btnClose" "add_click" ({
+ $script:exportForm = $null
+ Show-ModalObject
+ })
+
+ Add-XamlEvent $script:exportForm "btnExport" "add_click" ({
+ Write-Status "Export objects" -Block
+ Write-Log "****************************************************************"
+ Write-Log "Start bulk export"
+ Write-Log "****************************************************************"
+ foreach($item in $script:exportObjects)
+ {
+ if($item.Selected -ne $true) { continue }
+
+ Write-Log "----------------------------------------------------------------"
+ Write-Log "Export $($item.ObjectType.Title) objects"
+ Write-Log "----------------------------------------------------------------"
+
+ $url = $item.ObjectType.API
+ if($item.ObjectType.QUERYLIST)
+ {
+ $url = "$($url.Trim())?$($item.ObjectType.QUERYLIST.Trim())"
+ }
+
+ try
+ {
+ $folder = Get-GraphObjectFolder $item.ObjectType (Get-XamlProperty $script:exportForm "txtExportPath" "Text") (Get-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked") (Get-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked")
+
+ $objects = @(Get-GraphObjects -Url $url -property $objectType.ViewProperties)
+ foreach($obj in $objects)
+ {
+ Write-Status "Export $($item.Title): $((Get-GraphObjectName $obj))" -Force
+ Export-GraphObject $obj.Object $item.ObjectType $folder
+ }
+ Save-Setting "" "LastUsedFullPath" $folder
+ }
+ catch
+ {
+ Write-LogError "Failed when exporting $($item.Title) objects" $_.Exception
+ }
+ }
+ Save-Setting "" "LastUsedRoot" (Get-XamlProperty $script:exportForm "txtExportPath" "Text")
+
+ Write-Log "****************************************************************"
+ Write-Log "Bulk export finished"
+ Write-Log "****************************************************************"
+ Write-Status ""
+ })
+
+ Show-ModalForm "Bulk Export" $script:exportForm -HideButtons
+}
+
+function Show-GraphImportForm
+{
+ $script:importForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\ImportForm.xaml") -AddVariables
+ if(-not $script:importForm) { return }
+
+ $path = Get-Setting "" "LastUsedFullPath"
+ if($path)
+ {
+ $path = [IO.Path]::Combine([IO.Directory]::GetParent($path).FullName, $global:lstMenuItems.SelectedItem.Id)
+ if([IO.Directory]::Exists($path) -eq $false)
+ {
+ $path = Get-Setting "" "LastUsedRoot"
+ }
+ }
+
+ Set-XamlProperty $script:importForm "txtImportPath" "Text" (?? $path (Get-SettingValue "RootFolder"))
+
+ Add-XamlEvent $script:importForm "browseImportPath" "add_click" ({
+ $folder = Get-Folder (Get-XamlProperty $script:importForm "txtImportPath" "Text") "Select root folder for import"
+ if($folder)
+ {
+ Set-XamlProperty $script:importForm "txtImportPath" "Text" $folder
+ $global:lstFiles.ItemsSource = @(Get-GraphFileObjects $folder)
+ Save-Setting "" "LastUsedFullPath" $folder
+ Set-XamlProperty $script:importForm "lblMigrationTableInfo" "Content" (Get-MigrationTableInfo)
+ }
+ })
+
+ Add-XamlEvent $script:importForm "btnCancel" "add_click" {
+ $script:importForm = $null
+ Show-ModalObject
+ }
+
+ Add-XamlEvent $script:importForm "btnImportSelected" "add_click" {
+ Write-Status "Import objects"
+ Get-GraphDependencyDefaultObjects
+ foreach ($fileObj in ($global:lstFiles.ItemsSource | Where Selected -eq $true))
+ {
+ Import-GraphFile $fileObj
+ }
+ Show-GraphObjects
+ Show-ModalObject
+ Write-Status ""
+ }
+
+ Add-XamlEvent $script:importForm "chkCheckAll" "add_click" {
+ foreach($obj in $global:lstFiles.Items)
+ {
+ $obj.Selected = $global:chkCheckAll.IsChecked
+ }
+ $global:lstFiles.Items.Refresh()
+ }
+
+ Add-XamlEvent $script:importForm "btnGetFiles" "add_click" {
+ # Used when the user manually updates the path and the press Get Files
+ $global:lstFiles.ItemsSource = @(Get-GraphFileObjects $global:txtImportPath.Text)
+ if([IO.Directory]::Exists($global:txtImportPath.Text))
+ {
+ Save-Setting "" "LastUsedFullPath" $global:txtImportPath.Text
+ Set-XamlProperty $script:importForm "lblMigrationTableInfo" "Content" (Get-MigrationTableInfo)
+ }
+ }
+
+ Add-GraphImportExtensions $script:importForm 1
+
+ if($global:txtImportPath.Text)
+ {
+ $global:lstFiles.ItemsSource = @(Get-GraphFileObjects $global:txtImportPath.Text)
+ Set-XamlProperty $script:importForm "lblMigrationTableInfo" "Content" (Get-MigrationTableInfo)
+ }
+
+ Show-ModalForm "Import objects" $script:importForm -HideButtons
+}
+
+function Show-GraphBulkImportForm
+{
+ $script:importForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\BulkImportForm.xaml") -AddVariables
+ if(-not $script:importForm) { return }
+
+ $path = Get-Setting "" "LastUsedFullPath"
+ if($path)
+ {
+ $path = [IO.Directory]::GetParent($path).FullName
+ }
+
+ Set-XamlProperty $script:importForm "txtImportPath" "Text" (?? $path (Get-SettingValue "RootFolder"))
+ #Set-XamlProperty $script:importForm "chkAddCompanyName" "IsChecked" (Get-SettingValue "AddCompanyName")
+
+ Add-XamlEvent $script:importForm "browseImportPath" "add_click" ({
+ $folder = Get-Folder (Get-XamlProperty $script:importForm "txtImportPath" "Text") "Select root folder for import"
+ if($folder)
+ {
+ Set-XamlProperty $script:importForm "txtImportPath" "Text" $folder
+ Set-XamlProperty $script:importForm "lblMigrationTableInfo" "Content" (Get-MigrationTableInfo)
+ }
+ })
+
+ $script:importObjects = @()
+ foreach($objType in $global:lstMenuItems.ItemsSource)
+ {
+ if(-not $objType.Title) { continue }
+
+ if($objType.ShowButtons -is [Object[]] -and $objType.ShowButtons -notcontains "Import") { continue }
+
+ $script:importObjects += New-Object PSObject -Property @{
+ Title = $objType.Title
+ Selected = (?? $objType.BulkImport $true)
+ ObjectType = $objType
+ }
+ }
+
+ Add-GraphImportExtensions $script:importForm 0
+
+ $script:lstObjectsToImport = $script:importForm.FindName("lstObjectsToImport")
+ if($script:lstObjectsToImport)
+ {
+ $script:lstObjectsToImport.ItemsSource = $script:importObjects
+
+ Add-XamlEvent $script:importForm "chkCheckAll" "add_click" ({
+ foreach($item in $script:importObjects)
+ {
+ $item.Selected = $this.IsChecked
+ }
+ $script:lstObjectsToImport.Items.Refresh()
+ })
+ }
+
+ Add-XamlEvent $script:importForm "btnClose" "add_click" ({
+ $script:importForm = $null
+ Show-ModalObject
+ })
+
+ Add-XamlEvent $script:importForm "btnImport" "add_click" ({
+ Write-Status "Import objects" -Block
+ Write-Log "****************************************************************"
+ Write-Log "Start bulk import"
+ Write-Log "****************************************************************"
+ Get-GraphDependencyDefaultObjects
+ $importedObjects = 0
+
+ foreach($item in ($script:importObjects | where Selected -eq $true | sort-object -property @{e={$_.ObjectType.ImportOrder}}))
+ {
+ Write-Log "----------------------------------------------------------------"
+ Write-Log "Import $($item.ObjectType.Title) objects"
+ Write-Log "----------------------------------------------------------------"
+ $folder = Get-GraphObjectFolder $item.ObjectType (Get-XamlProperty $script:importForm "txtImportPath" "Text") (Get-XamlProperty $script:importForm "chkAddObjectType" "IsChecked")
+
+ if([IO.Directory]::Exists($folder))
+ {
+ foreach ($fileObj in @(Get-GraphFileObjects $folder -ObjectType $item.ObjectType))
+ {
+ Import-GraphFile $fileObj
+ $importedObjects++
+ }
+ Save-Setting "" "LastUsedFullPath" $folder
+ }
+ else
+ {
+ Write-Log "Folder $folder not found. Skipping import" 2
+ }
+ }
+
+ Write-Log "****************************************************************"
+ Write-Log "Bulk import finished"
+ Write-Log "****************************************************************"
+ Write-Status ""
+ if($importedObjects -eq 0)
+ {
+ [System.Windows.MessageBox]::Show("No objects were imported. Verify folder and exported files", "Error", "OK", "Error")
+ }
+ })
+
+ if((Get-XamlProperty $script:importForm "txtImportPath" "Text"))
+ {
+ Set-XamlProperty $script:importForm "lblMigrationTableInfo" "Content" (Get-MigrationTableInfo)
+ }
+
+ Show-ModalForm "Bulk Import" $script:importForm -HideButtons
+}
+
+function Add-GraphExportExtensions
+{
+ param($form, $buttonIndex = 0)
+
+ if($global:curObjectType.ExportExtension)
+ {
+ $grid = $form.FindName("grdExportProperties")
+ $extraProperties = & $global:curObjectType.ExportExtension $global:curObjectType.ExportExtension $form "spExportSubMenu" 1
+ for($i=0;($i + 1) -lt (($extraProperties) | measure).Count;$i ++)
+ {
+ $rd = [System.Windows.Controls.RowDefinition]::new()
+ $rd.Height = [double]::NaN
+ $grid.RowDefinitions.Add($rd)
+ $extraProperties[$i].SetValue([System.Windows.Controls.Grid]::RowProperty,$grid.RowDefinitions.Count)
+ $grid.Children.Add($extraProperties[$i])
+
+ $i++
+ $extraProperties[$i].SetValue([System.Windows.Controls.Grid]::RowProperty,$grid.RowDefinitions.Count)
+ $extraProperties[$i].SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ $grid.Children.Add($extraProperties[$i])
+
+ }
+ }
+}
+
+function Add-GraphImportExtensions
+{
+ param($form, $buttonIndex = 0)
+
+ if($global:curObjectType.ImportExtension)
+ {
+ $grid = $form.FindName("grdImportProperties")
+ $extraProperties = & $global:curObjectType.ExportExtension $global:curObjectType.ExportExtension $form "spExportSubMenu" 1
+ for($i=0;($i + 1) -lt (($extraProperties) | measure).Count;$i ++)
+ {
+ $rd = [System.Windows.Controls.RowDefinition]::new()
+ $rd.Height = [double]::NaN
+ $grid.RowDefinitions.Add($rd)
+ $extraProperties[$i].SetValue([System.Windows.Controls.Grid]::RowProperty,$grid.RowDefinitions.Count)
+ $grid.Children.Add($extraProperties[$i])
+
+ $i++
+ $extraProperties[$i].SetValue([System.Windows.Controls.Grid]::RowProperty,$grid.RowDefinitions.Count)
+ $extraProperties[$i].SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
+ $grid.Children.Add($extraProperties[$i])
+
+ }
+ }
+}
+
+function Get-GraphFileObjects
+{
+ param($path, $Exclude = @("*_settings.json","*_assignments.json"), $SelectedStatus = $true, $ObjectType = $global:curObjectType)
+
+ if(-not $path -or (Test-Path $path) -eq $false) { return }
+
+ $params = @{}
+ if($exclude)
+ {
+ $params.Add("Exclude", $exclude)
+ }
+
+ $fileArr = @()
+ foreach($file in (Get-Item -path "$path\*.json" @params))
+ {
+ $obj = New-Object PSObject -Property @{
+ FileName = $file.Name
+ FileInfo = $file
+ Selected = $SelectedStatus
+ Object = (ConvertFrom-Json (Get-Content $file.FullName -Raw))
+ ObjectType = $ObjectType
+ }
+
+ $fileArr += $obj
+ }
+
+ if(($fileArr | measure).Count -eq 1)
+ {
+ return @($fileArr)
+ }
+ return $fileArr
+}
+
+function Import-GraphFile
+{
+ param($file, $objectType)
+
+ if([IO.File]::Exists($file.FileInfo.FullName) -eq $false)
+ {
+ Write-Log "File '$($file.FileInfo.FullName)' not found. Cannot import object" 3
+ return
+ }
+
+ Get-GraphMigrationObjectsFromFile
+
+ Get-GraphDependencyObjects $file.ObjectType
+
+ try
+ {
+ # Clone the object to keep original values
+ $objClone = $file.Object | ConvertTo-Json -Depth 10 | ConvertFrom-Json
+
+ if($objectType.PreFileImportCommand)
+ {
+ & $objectType.PreFileImportCommand $objectType $file
+ }
+
+ Set-ScopeTags $file.Object
+
+ # Never import with assignments. Add them if requested
+ Remove-Property $file.Object "Assignments"
+
+ $newObj = Import-GraphObject $file.Object $file.ObjectType $file.FileInfo.FullName
+
+ if($newObj -and $file.ObjectType.PostFileImportCommand)
+ {
+ & $file.ObjectType.PostFileImportCommand $newObj $file.ObjectType $file.FileInfo.FullName
+ }
+
+ if($newObj -and $objClone.Assignments -and $global:chkImportAssignments.IsChecked -eq $true)
+ {
+ $preConfig = $null
+ if($file.ObjectType.PreImportAssignmentsCommand)
+ {
+ $preConfig = & $file.ObjectType.PreImportAssignmentsCommand $newObj $file.ObjectType $file.FileInfo.FullName $objClone.Assignments
+ }
+
+ ###### Import Assignments ######
+
+ if($preConfig -isnot [Hashtable]) { $preConfig = @{} }
+
+ if($preConfig["Import"] -eq $false) { return } # Assignment managed manually so skip further processing
+
+ $api = ?? $preConfig["API"] "$($file.ObjectType.API)/$($newObj.Id)/assign"
+
+ $method = ?? $preConfig["Method"] "POST"
+
+ $keepProperties = ?? $file.ObjectType.AssignmentProperties @("target")
+ $keepTargetProperties = ?? $file.ObjectType.AssignmentTargetProperties @("@odata.type","groupId")
+ $ObjctAssignments = @()
+ foreach($assignment in $objClone.Assignments)
+ {
+ if($assignment.target.UserId -or ($assignment.Source -and $assignment.Source -ne "direct"))
+ {
+ # E.g. Source could be PolicySet...so should not be added here
+ continue
+ }
+
+ $assignment.Id = ""
+ foreach($prop in $assignment.PSObject.Properties)
+ {
+ if($prop.Name -in $keepProperties) { continue }
+ Remove-Property $assignment $prop.Name
+ }
+
+ foreach($prop in $assignment.target.PSObject.Properties)
+ {
+ if($prop.Name -in $keepTargetProperties) { continue }
+ Remove-Property $assignment.target $prop.Name
+ }
+ $ObjctAssignments += $assignment
+ }
+
+ $objClone.Assignments = $ObjctAssignments
+
+ if(($objClone.Assignments | measure).Count -gt 0)
+ {
+ $json = "{ `"$((?? $file.ObjectType.AssignmentsType "assignments"))`": "
+ $strAssign = "$((Update-JsonForEnvironment ($objClone.Assignments | ConvertTo-Json -Depth 10)))"
+ # Array characters [ ] is not included if there is only one assignment
+ # Added them if they are missing
+ if($strAssign.Trim().StartsWith("[") -eq $false) { $strAssign = (" [ " + $strAssign + " ] ") }
+ $json = ($json + $strAssign + "}")
+
+ if($json)
+ {
+ $objAssign = Invoke-GraphRequest $api -HttpMethod $method -Content $json
+ }
+ }
+
+ if($assignmentsProcessed -ne $true -and $file.ObjectType.PostImportAssignmentsCommand)
+ {
+ & $file.ObjectType.PostImportAssignmentsCommand $newObj $file.ObjectType $file.FileInfo.FullName $objAssign
+ }
+ }
+ }
+ catch
+ {
+ Write-LogError "Failed to import file '$($file.FileInfo.Name)'" $_.Exception
+ }
+}
+
+#endregion
+
+#region Migration Info
+########################################################################
+#
+# Migration functions
+#
+########################################################################
+function Set-ScopeTags
+{
+ param($obj)
+ # ToDo: Get values from exported json files instead of MigrationTable?
+
+ if(-not $obj.roleScopeTagIds) { return }
+
+ $scopesIds = @()
+ $loadedScopeTags = $global:LoadedDependencyObjects["ScopeTags"]
+ $usingDefault = (($obj.roleScopeTagIds | measure).Count -eq 1 -and $obj.roleScopeTagIds[0] -eq "0")
+ if($loadedScopeTags -and $global:chkImportScopes.IsChecked -eq $true -and $usingDefault -eq $false -and $global:MigrationTableCache)
+ {
+ foreach($scopeId in $obj.roleScopeTagIds)
+ {
+ if($scopeId -eq 0) { $scopesIds += "0"; continue } # Add default
+
+ $scopeMigObj = $loadedScopeTags | Where OriginalId -eq $scopeId
+ if($scopeMigObj -and $scopeMigObj.Id)
+ {
+ $scopesIds += "$($scopeMigObj.Id)"
+ }
+ elseif($scopeMigObj)
+ {
+ Write-Log "Could not find a ScopeTag for exported Id '$($obj.Id)' ($($scopeMigObj.Name)). Make sure all ScopeTags are imported into the environment" 2
+ }
+ }
+ }
+ if($scopesIds.Count -eq 0)
+ {
+ $scopesIds += "0" # Import with Default ScopeTag as default.
+ }
+ $obj.roleScopeTagIds = $scopesIds
+}
+
+# Called during export to add group info for assignments
+# $objAssignments is specified for objects who don't support getting the assgnment info with expand=assignments
+function Add-GraphMigrationInfo
+{
+ param($obj, $objAssignments)
+
+ if(-not $obj) { return }
+
+ $assignments = ?? $objAssignments $obj.Assignments
+
+ foreach($assignment in $assignments)
+ {
+ foreach($objInfo in $assignment.target)
+ {
+ if(-not $objInfo."@odata.type") { continue }
+
+ $objType = $objInfo."@odata.type"
+
+ if($objType -eq "#microsoft.graph.groupAssignmentTarget" -or
+ $objType -eq "#microsoft.graph.exclusionGroupAssignmentTarget")
+ {
+ Add-GroupMigrationObject $objInfo.groupid
+ }
+ elseif($objType -eq "#microsoft.graph.allLicensedUsersAssignmentTarget" -or
+ $objType -eq "#microsoft.graph.allDevicesAssignmentTarget")
+ {
+ # No need to migrate All Users or All Devices
+ }
+ else
+ {
+ Write-Log "Unsupported migration object: $objType" 3
+ }
+ }
+ }
+}
+
+# Used during Import to display Migration Table info on the Import Form
+function Get-MigrationTableInfo
+{
+ $fileName = Get-GraphMigrationTableForImport
+
+ $str = $null
+ $sameTenant = $false
+ if($fileName -and [IO.File]::Exists($fileName))
+ {
+ $migFileObj = ConvertFrom-Json (Get-Content $fileName -Raw)
+ if($migFileObj.TenantId -and $migFileObj.TenantId -eq $global:organization.Id)
+ {
+ $sameTenant = $true
+ $str = "Current tenant. Migration table will not be used"
+ }
+ elseif($migFileObj.Organization)
+ {
+ $str = "Objects exported from $($migFileObj.Organization) ($($migFileObj.TenantId))"
+ }
+ }
+ $chkReplaceDependencyIDs.IsEnabled = $sameTenant -eq $false
+ $chkReplaceDependencyIDs.IsChecked = $sameTenant -eq $false
+
+ if(-not $str)
+ {
+ # Hide controls?
+ $str = "No migration table found"
+ }
+ $str
+}
+
+function Get-GraphMigrationTableFile
+{
+ param($path)
+
+ if(-not $path)
+ {
+ Write-Log "Export path not set" 3
+ return
+ }
+
+ if($global:chkAddCompanyName.IsChecked)
+ {
+ $path = Join-Path $path $global:organization.displayName
+ }
+ $path
+}
+
+function Add-GroupMigrationObject
+{
+ param($groupId)
+
+ if(-not $groupId) { return }
+
+ $path = Get-GraphMigrationTableFile $global:txtExportPath.Text
+
+ if(-not $path) { return }
+
+ # Check if group is already processed
+ $groupObj = Get-GraphMigrationObject $groupId
+ if(-not $groupObj)
+ {
+ # Get group info
+ $groupObj = Invoke-GraphRequest "/groups/$groupId" -ODataMetadata "none"
+ }
+
+ if($groupObj)
+ {
+ # Add group to cache
+ if($global:AADObjectCache.ContainsKey($groupId) -eq $false) { $global:AADObjectCache.Add($groupId, $groupObj) }
+
+ # Add group to migration file
+ if((Add-GraphMigrationObject $groupObj $path "Group"))
+ {
+ # Export group info to json file for possible import
+ $grouspPath = Join-Path $path "Groups"
+ if(-not (Test-Path $grouspPath)) { mkdir -Path $grouspPath -Force -ErrorAction SilentlyContinue | Out-Null }
+ $fileName = "$grouspPath\$((Remove-InvalidFileNameChars $groupObj.displayName)).json"
+ ConvertTo-Json $groupObj -Depth 10 | Out-File $fileName -Force
+ }
+ }
+}
+
+function Get-GraphMigrationObject
+{
+ param($objId)
+
+ if(-not $global:AADObjectCache)
+ {
+ $global:AADObjectCache = @{}
+ }
+
+ if($global:AADObjectCache.ContainsKey($objId)) { return $global:AADObjectCache[$objId] }
+}
+
+# Adds an object to migration file if not added previously
+function Add-GraphMigrationObject
+{
+ param($obj, $path, $objType)
+
+ if(-not $objType) { $objType = $obj."@odata.type" }
+
+ $migFileName = Join-Path $path "MigrationTable.json"
+
+ if(-not $global:migFileObj)
+ {
+ if(-not ([IO.File]::Exists($migFileName)))
+ {
+ # Create new file
+ $global:migFileObj = (New-Object PSObject -Property @{
+ TenantId = $global:organization.Id
+ Organization = $global:organization.displayName
+ Objects = @()
+ })
+ }
+ else
+ {
+ # Add to existing file
+ $global:migFileObj = ConvertFrom-Json (Get-Content $migFileName -Raw)
+ }
+ }
+
+ # Make sure Objects property actually exists
+ if(($global:migFileObj | GM -MemberType NoteProperty -Name "Objects") -eq $false)
+ {
+ $global:migFileObj | Add-Member -MemberType NoteProperty -Name "Objects" -Value (@())
+ }
+
+ # Get current object
+ $curObj = $global:migFileObj.Objects | Where { $_.Id -eq $obj.Id -and $_.Type -eq $objType }
+
+ if($curObj) { return $false } # Existing object found so return false to tell that the object was not added
+
+ $global:migFileObj.Objects += (New-Object PSObject -Property @{
+ Id = $obj.Id
+ DisplayName = $obj.displayName
+ Type = $objType
+ })
+
+ if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
+ ConvertTo-Json $global:migFileObj -Depth 10 | Out-File $migFileName -Force
+
+ $true # New object was added
+}
+
+function Get-GraphMigrationTableForImport
+{
+ $global:GraphMigrationTable = $null
+ # Migration table must be located in the root of the import path
+ $path = $global:txtImportPath.Text
+
+ for($i = 0;$i -lt 2;$i++)
+ {
+ if($i -gt 0)
+ {
+ # Get parent directory
+ $path = [io.path]::GetDirectoryName($path)
+ }
+
+ $migFileName = Join-Path $path "MigrationTable.json"
+ try
+ {
+ if([IO.File]::Exists($migFileName))
+ {
+ $global:GraphMigrationTable = $migFileName
+ return $migFileName
+ }
+ }
+ catch {}
+ }
+
+ Write-Log "Could not find migration table" 2
+}
+
+# Cache the migration table and create all missing groups
+function Get-GraphMigrationObjectsFromFile
+{
+ if($global:MigrationTableCache) { return }
+
+ $migFileName = Get-GraphMigrationTableForImport
+ if(-not $migFileName) { return }
+
+ $global:MigrationTableCache = @()
+
+ $migFileObj = ConvertFrom-Json (Get-Content $migFileName -Raw)
+
+ # No need to translate migrated objects in the same environment as exported
+ if($migFileObj.TenantId -eq $global:organization.Id) { return }
+
+ Write-Status "Loading migration objects"
+
+ if($global:chkImportAssignments.IsChecked -eq $true)
+ {
+ # Only check groups if Assignments are imported
+ # This will CREATE the group if it doesn't exist in the target environment
+ foreach($migObj in $migFileObj.Objects)
+ {
+ if($migObj.Type -like "*group*")
+ {
+ $obj = (Invoke-GraphRequest "/groups?`$filter=displayName eq '$($migObj.DisplayName)'").Value
+ if(-not $obj)
+ {
+ $groupFi = $null
+ if($global:GraphMigrationTable)
+ {
+ $fi = [IO.FileInfo]$global:GraphMigrationTable
+ $groupFi = [IO.FileInfo]($fi.DirectoryName + "\Groups\$($migObj.DisplayName).json")
+ }
+
+ if($groupFi.Exists -eq $true)
+ {
+ # ToDo: Create group from Json (could be a dynamic group)
+ # Warn if synched group
+ $groupObj = (Get-Content $groupFi.FullName) | ConvertFrom-Json
+
+ #isAssignableToRole - For Role assignment groupd.
+ $keepProps = @("displayName","description","mailEnabled","mailNickname","securityEnabled","membershipRule","groupTypes", "membershipRuleProcessingState")
+ foreach($prop in $groupObj.PSObject.Properties)
+ {
+ if($prop.Name -in $keepProps) { continue }
+
+ Remove-Property $groupObj $prop.Name
+ }
+ $groupJson = ConvertTo-Json $groupObj -Depth 10
+ }
+ else
+ {
+ Write-Log "No group object found for $($migObj.DisplayName). Creating a cloud group with default settings" 2
+ $groupJson = @"
+ {
+ "displayName": "$($migObj.DisplayName)",
+ "groupTypes": [
+ ],
+ "mailEnabled": false,
+ "mailNickname" "NotSet"
+ "securityEnabled": true
+ }
+"@
+ }
+ Write-Log "Create AAD Group $($migObj.DisplayName)"
+
+ $obj = Invoke-GraphRequest "/groups" -HttpMethod "POST" -Content $groupJson
+ }
+ $global:MigrationTableCache += (New-Object PSObject -Property @{
+ OriginalId = $migObj.Id
+ Id = $obj.Id
+ Type = $migObj.Type
+ })
+ }
+ }
+ }
+}
+function Update-JsonForEnvironment
+{
+ param($json)
+
+ # Load MigrationTable file unless previously loaded
+ Get-GraphMigrationObjectsFromFile
+
+ if($global:chkReplaceDependencyIDs.IsChecked -eq $true)
+ {
+ foreach($depObjType in $global:LoadedDependencyObjects.Keys)
+ {
+ foreach($depObj in $global:LoadedDependencyObjects[$depObjType])
+ {
+ if(-not $depObj.Id -or -not $depObj.OriginalId) { continue }
+ if($depObj.OriginalId.Length -lt 36) { continue } # Skip non-guid IDs # ToDo: Verify...
+ $json = $json -replace $depObj.OriginalId,$depObj.Id
+ }
+ }
+ }
+
+ if(-not $global:MigrationTableCache -or $global:MigrationTableCache.Count -eq 0) { return $json }
+
+ # Enumerate all objects in the migration table and replace all exported Id's to Id's in the new environment
+ foreach($migInfo in ($global:MigrationTableCache | Where Type -like "*group*"))
+ {
+ if(-not $migInfo.Id -or -not $migInfo.OriginalId) { continue }
+ if($migInfo.OriginalId.Length -lt 36) { continue } # Skip non-guid IDs # ToDo: Verify...
+ $json = $json -replace $migInfo.OriginalId,$migInfo.Id
+ }
+
+ #return updated json
+ $json
+}
+
+#endregion
+
+#region Dependency Functions
+function Get-GraphDependencyDefaultObjects
+{
+ Add-GraphDependencyObjects @("ScopeTags")
+}
+
+function Get-GraphDependencyObjects
+{
+ param($objectType)
+
+ if($global:chkReplaceDependencyIDs.IsChecked -ne $true -or -not $objectType -or -not $objectType.Dependencies -or (($objectType.Dependencies) | Measure).Count -eq 0) { return }
+
+ $missingDeps = @()
+ foreach($dep in $objectType.Dependencies)
+ {
+ if($global:LoadedDependencyObjects -isnot [HashTable] -or $global:LoadedDependencyObjects.ContainsKey($dep) -eq $false)
+ {
+ $missingDeps += $dep
+ }
+ }
+
+ if($missingDeps.Count -eq 0) { return }
+
+ Add-GraphDependencyObjects $missingDeps
+}
+
+function Add-GraphDependencyObjects
+{
+ param($DependencyIds)
+
+ if($global:LoadedDependencyObjects -isnot [HashTable]) { $global:LoadedDependencyObjects = @{} }
+
+ $importPath = $global:txtImportPath.Text
+ $parentPath = [IO.Path]::GetDirectoryName($importPath)
+ foreach($dep in $DependencyIds)
+ {
+ if($global:LoadedDependencyObjects.ContainsKey($dep)) { continue }
+
+ $depObjectType = $global:currentViewObject.ViewItems | Where Id -eq $Dep
+
+ if(-not $depObjectType)
+ {
+ Write-Log "No ViewItem found with Id $dep" 2
+ continue
+ }
+
+ if([IO.Directory]::Exists(($importPath + "\" + $dep)))
+ {
+ $path = ($importPath + "\" + $dep)
+ }
+ elseif([IO.Directory]::Exists(($parentPath + "\" + $dep)))
+ {
+ $path = ($parentPath + "\" + $dep)
+ }
+ else
+ {
+ Write-Log "Export folder for depndency $dep not found" 2
+ continue
+ }
+
+ $depFiles = Get-GraphFileObjects $path -ObjectType $depObjectType
+
+ $url = ($depObjectType.API + "?`$select=$((?? $depObjectType.IdProperty "Id")),$((?? $depObjectType.NameProperty "displayName"))")
+
+ if($depObjectType.QUERYLIST)
+ {
+ $url = "$($url.Trim())&$($depObjectType.QUERYLIST.Trim())"
+ }
+
+ $depObjects = (Invoke-GraphRequest $url -ODataMetadata "none").Value
+ $arrDepObjects = @()
+ foreach($depObject in $depObjects)
+ {
+ $name = Get-GraphObjectName $depObject $depObjectType
+
+ $fileObj = $depFiles | Where { (Get-GraphObjectName $_.Object $depObjectType) -eq $name }
+ if(-not $fileObj)
+ {
+ Write-Log "Could not find an exported '$($depObjectType.Title)' object with name $name" 2
+ continue
+ }
+ if(($fileObj | measure).Count -gt 1)
+ {
+ $fileObj = $fileObj[0]
+ Write-Log "Multple files returned for object $name. Using first: $($fileObj.FileInfo.Name)" 2
+ }
+ $arrDepObjects += New-Object PSObject -Property @{
+ OriginalId = $fileObj.Object.Id
+ Name = $name
+ Id = Get-GraphObjectId $depObject $depObjectType
+ Type = $depObjectType.Id
+ }
+ }
+
+ if($arrDepObjects.Count -gt 0)
+ {
+ $global:LoadedDependencyObjects.Add($depObjectType.Id,$arrDepObjects)
+ }
+ }
+}
+
+
+#endregion
+
+#region Import/Export/Copy functions
+
+function Export-GraphObjects
+{
+ param([switch]$Selected)
+
+ $objectType = $global:curObjectType
+ Write-Status "Export $($objectType.Title)"
+
+ $global:ExportRoot = (Get-XamlProperty $script:exportForm "txtExportPath" "Text")
+ $folder = Get-GraphObjectFolder $objectType $global:ExportRoot (Get-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked") (Get-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked")
+
+ $objectsToExport = @()
+ if($Selected -ne $true)
+ {
+ # Export all
+ $objectsToExport = $global:dgObjects.ItemsSource
+ }
+ elseif(($global:dgObjects.ItemsSource | Where IsSelected).Count -gt 0)
+ {
+ # Export checked items
+ $objectsToExport += ($global:dgObjects.ItemsSource | Where IsSelected)
+ }
+ elseif($global:dgObjects.SelectedItem)
+ {
+ # Export selected item
+ $objectsToExport += $global:dgObjects.SelectedItem
+ }
+ else
+ {
+ return
+ }
+
+ foreach($obj in $objectsToExport)
+ {
+ Export-GraphObject $obj.Object $global:curObjectType $folder
+ }
+
+ Save-Setting "" "LastUsedFullPath" $folder
+ Save-Setting "" "LastUsedRoot" $global:ExportRoot
+
+ Write-Status ""
+}
+
+function Export-GraphObject
+{
+ param($objToExport,
+ $objectType,
+ $exportFolder)
+
+ if(-not $exportFolder) { return }
+
+ Write-Status "Export $((Get-GraphObjectName $objToExport $objectType))"
+
+ $obj = Get-GraphExportObject $objToExport $objectType
+
+ if(-not $obj)
+ {
+ Write-Log "No object to export" 3
+ return
+ }
+
+ try
+ {
+ if([IO.Directory]::Exists($exportFolder) -eq $false)
+ {
+ [IO.Directory]::CreateDirectory($exportFolder)
+ }
+
+ if($chkExportAssignments.IsChecked -ne $true -and $obj.Assignments)
+ {
+ ### ToDo: Fix full support for including Assignments. $extend=Assignments might not work
+ ### E.g. Check AutoPilot
+ Remove-Property $obj $Assignments
+ }
+ elseif($chkExportAssignments.IsChecked -eq $true -and -not $obj.Assignments)
+ {
+
+ }
+
+ $obj | ConvertTo-Json -Depth 10 | Out-File ([IO.Path]::Combine($exportFolder, (Remove-InvalidFileNameChars "$((Get-GraphObjectName $obj $objectType)).json")))
+
+ if($objectType.PostExportCommand)
+ {
+ & $objectType.PostExportCommand $obj $objectType $exportFolder
+ }
+
+ Add-GraphMigrationInfo $obj
+ }
+ catch
+ {
+ Write-LogError "Failed to export object" $_.Exception
+ }
+}
+
+function Get-GraphExportObject
+{
+ param($obj, $objectType)
+
+ if($objectType.ExportFullObject -ne $false)
+ {
+ $exportObj = (Get-GraphObject $obj $objectType).Object
+ }
+ else
+ {
+ if($obj.Object)
+ {
+ $exportObj = $obj.Object
+ }
+ else
+ {
+ $exportObj = $obj
+ }
+ }
+ $exportObj
+}
+
+function Import-GraphObject
+{
+ param($obj,
+ $objectType,
+ $fromFile)
+
+ Write-Log "Import $($objectType.Title) object $((Get-GraphObjectName $obj $objectType))"
+
+ # Clone the object before removing properties
+ $objClone = $obj | ConvertTo-Json -Depth 10 | ConvertFrom-Json
+
+ Start-GraphPreImport $obj $objectType
+
+ $params = @{}
+ $strAPI = (?? $objectType.APIPOST $objectType.API)
+ $method = "POST"
+ if($objectType.PreImportCommand)
+ {
+ $ret = & $objectType.PreImportCommand $obj $objectType $fromFile
+ if($ret -is [HashTable])
+ {
+ if($ret.ContainsKey("Import") -and $ret["Import"] -eq $false)
+ {
+ # Import handled manually
+ return $false
+ }
+
+ if($ret.ContainsKey("API"))
+ {
+ $strAPI = $ret["API"]
+ }
+
+ if($ret.ContainsKey("Method"))
+ {
+ $method = $ret["Method"]
+ }
+
+ if($ret.ContainsKey("AdditionalHeaders") -and $ret["AdditionalHeaders"] -is [HashTable])
+ {
+ $params.Add("AdditionalHeaders",$ret["AdditionalHeaders"])
+ }
+ }
+ }
+
+ $json = ConvertTo-Json $obj -Depth 10
+ if($fromFile)
+ {
+ # Call Update-JsonForEnvironment before importing the object
+ # E.g. PolicySets contains references, AppConfiguration policies reference apps etc.
+ $json = Update-JsonForEnvironment $json
+ }
+
+ $newObj = (Invoke-GraphRequest -Url $strAPI -Content $json -HttpMethod $method @params)
+
+ if($newObj -and $objectType.PostImportCommand)
+ {
+ & $objectType.PostImportCommand $newObj $objectType $fromFile
+ }
+
+ $newObj
+}
+
+function Copy-GraphObject
+{
+ if(-not $dgObjects.SelectedItem)
+ {
+ [System.Windows.MessageBox]::Show("No object selected`n`nSelect the $($global:curObjectType.Title) item you want to copy", "Error", "OK", "Error")
+ return
+ }
+
+ $newName = "$((Get-GraphObjectName $dgObjects.SelectedItem $global:curObjectType)) - Copy"
+ if($global:curObjectType.CopyDefaultName)
+ {
+ $newName = $global:curObjectType.CopyDefaultName
+ $dgObjects.SelectedItem.PSObject.Properties | foreach { $newName = $newName -replace "%$($_.Name)%", $dgObjects.SelectedItem."$($_.Name)" }
+ }
+ $ret = Show-InputDialog "Copy $($global:curObjectType.Title)" "Select name for the new object" $newName
+
+ if($ret)
+ {
+ # Export profile
+ Write-Status "Export $((Get-GraphObjectName $dgObjects.SelectedItem $global:curObjectType))"
+ if($global:curObjectType.PreCopyCommand)
+ {
+ if((& $global:curObjectType.PreCopyCommand $dgObjects.SelectedItem.Object $global:curObjectType $ret))
+ {
+ Show-GraphObjects
+ Write-Status ""
+ return
+ }
+ }
+
+ $exportObj = (Get-GraphObject $dgObjects.SelectedItem.Object $global:curObjectType -SkipAssignments).Object
+
+ # Convert to Json and back to clone the object
+ $obj = ConvertTo-Json $exportObj -Depth 10 | ConvertFrom-Json
+ if($obj)
+ {
+ # Import new profile
+ Set-GraphObjectName $obj $global:curObjectType $ret
+
+ $newObj = Import-GraphObject $obj $global:curObjectType
+ if($newObj)
+ {
+ if($global:curObjectType.PostCopyCommand)
+ {
+ & $global:curObjectType.PostCopyCommand $exportObj $newObj $global:curObjectType
+ }
+ Show-GraphObjects
+ }
+ else
+ {
+ [System.Windows.MessageBox]::Show("Failed to copy object. See log for more information", "Error", "OK", "Error")
+ }
+ }
+ Write-Status ""
+ }
+ $dgObjects.Focus()
+}
+
+#endregion
+
+function Show-GraphObjectInfo
+{
+ param(
+ $FormTitle = "",
+ [switch]$NoLoadFull)
+
+ if(-not $global:dgObjects.SelectedItem) { return }
+ if(-not $global:dgObjects.SelectedItem.Object) { return }
+
+ $script:detailsForm = Get-XamlObject ($global:AppRootFolder + "\Xaml\ObjectDetails.xaml")
+ if(-not $script:detailsForm) { return }
+
+ if(-not $FormTitle) { $FormTitle = $global:curObjectType.Title }
+ $objName = Get-GraphObjectName $global:dgObjects.SelectedItem.Object $global:curObjectType
+ if($objName)
+ {
+ $FormTitle = "$FormTitle - $objName"
+ }
+
+ if($global:curObjectType.DetailExtension)
+ {
+ & $global:curObjectType.DetailExtension $script:detailsForm "pnlButtons"
+ }
+
+ Set-XamlProperty $script:detailsForm "txtValue" "Text" (ConvertTo-Json $global:dgObjects.SelectedItem.Object -Depth 10)
+
+ if($global:curObjectType.AllowFullDetails -eq $false)
+ {
+ Set-XamlProperty $script:detailsForm "btnFull" "Visibility" "Collapsed"
+ }
+
+ Add-XamlEvent $script:detailsForm "btnCopy" "Add_Click" -scriptBlock ([scriptblock]{
+ $tmp = $script:detailsForm.FindName("txtValue")
+ if($tmp.Text) { $tmp.Text | Clip }
+ })
+
+ Add-XamlEvent $script:detailsForm "btnFull" "Add_Click" -scriptBlock ([scriptblock]{
+
+ $obj = Get-GraphObject $global:dgObjects.SelectedItem.Object $global:curObjectType
+ if($obj.Object)
+ {
+ Set-XamlProperty $script:detailsForm "txtValue" "Text" (ConvertTo-Json $obj.Object -Depth 10)
+ Set-XamlProperty $script:detailsForm "btnFull" "IsEnabled" $false
+ }
+ Write-Status ""
+ })
+
+ Show-ModalForm $FormTitle $detailsForm
+}
+
+function Get-GraphObjectName
+{
+ param($obj, $objectType)
+
+ $obj."$((?? ($objectType.NameProperty) "displayName"))"
+}
+
+function Set-GraphObjectName
+{
+ param($obj, $objectType, $value)
+
+ $obj."$((?? ($objectType.NameProperty) "displayName"))" = $value
+}
+
+function Get-GraphObjectId
+{
+ param($obj,
+ $objectType)
+
+ $obj."$((?? ($objectType.IdProperty) "Id"))"
+}
+function Get-GraphObjectFolder
+{
+ param($objectType,
+ $rootFolder,
+ $addObjectType,
+ $addOrganization)
+
+ $path = $rootFolder
+
+ if($addOrganization) { $path = Join-Path $path $global:organization.displayName }
+
+ if($addObjectType -and $objectType.Id) { $path = Join-Path $path $objectType.Id }
+
+ $path
+}
+
+function Add-GraphBulkMenu
+{
+ $menuItem = [System.Windows.Controls.MenuItem]::new()
+ $menuItem.Header = "_Bulk"
+ $menuItem.Name = "EMBulk"
+ $subItem = [System.Windows.Controls.MenuItem]::new()
+ $subItem.Header = "_Export"
+ $subItem.Add_Click({Show-GraphBulkExportForm})
+ $menuItem.AddChild($subItem) | Out-Null
+ $subItem = [System.Windows.Controls.MenuItem]::new()
+ $subItem.Header = "_Import"
+ $subItem.Add_Click({Show-GraphBulkImportForm})
+ $menuItem.AddChild($subItem) | Out-Null
+
+ $mnuMain.Items.Insert(1,$menuItem) | Out-Null
+}
\ No newline at end of file
diff --git a/Extensions/MSGraphIntune.psm1 b/Extensions/MSGraphIntune.psm1
deleted file mode 100644
index 51095af..0000000
--- a/Extensions/MSGraphIntune.psm1
+++ /dev/null
@@ -1,1614 +0,0 @@
-function Invoke-InitializeModule
-{
- $module = Get-Module -Name Microsoft.Graph.Intune -ListAvailable
- if(-not $module)
- {
- $ret = [System.Windows.MessageBox]::Show("Intune PowerShell module not found!`n`nDo you want to install it as admin?`n`nYes = Install intune module as Admin (Requires admin or it will fail)`nNo = Install module for current user`nCancel = Quit", "Error", "YesNoCancel", "Error")
- if($ret -eq "Cancel")
- {
- exit
- }
-
- $params = @{}
- if($ret -eq "No")
- {
- $params.Add("Scope", "CurrentUser")
- }
-
- try
- {
- Install-Module -Name Microsoft.Graph.Intune -Force -ErrorAction SilentlyContinue @params
- }
- catch {}
-
- if(-not (Get-Module -Name Microsoft.Graph.Intune -ListAvailable -Refresh))
- {
- [System.Windows.MessageBox]::Show("Failed to install Intune PowerShell module!`n`nRestart this as admin and try again`nor`nStart PowerShell as admin and run:`nInstall-Module -Name Microsoft.Graph.Intune", "Error", "OK", "Error")
- exit
- }
- }
-
- if(-not $global:authentication)
- {
- if((Get-Command Connect-MSGraph -ErrorAction SilentlyContinue))
- {
- $global:authentication = Connect-MSGraph -PassThru
- }
- }
-
- if(-not $global:authentication)
- {
- [System.Windows.MessageBox]::Show("Failed to connect to Azure with Intune PowerShell module!`n`nNo Intune extensions will be imported", "Error", "OK", "Error")
- return
- }
-
- Write-Log "Get current user"
- $global:Me = Invoke-GraphRequest "ME"
-
- if(-not $global:Me)
- {
- [System.Windows.MessageBox]::Show("Failed to get information about current logged on Azure user!`n`nVerify connection and try again`n`nNo Intune modules will be imported!", "Error", "OK", "Error")
- return
- }
-
- Write-Log "Get organization info"
- $global:Organization = (Invoke-GraphRequest "Organization").Value
-
- $global:graphURL = "https://graph.microsoft.com/beta"
-
- # Add settings
- $global:appSettingSections += (New-Object PSObject -Property @{
- Title = "Intune"
- Id = "IntuneAzure"
- Values = @()
- })
-
- Write-Log "Add settings and menu items"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Root folder"
- Key = "IntuneRootFolder"
- Type = "Folder"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "App packages folder"
- Key = "IntuneAppPackages"
- Type = "Folder"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Add object type"
- Key = "AddObjectType"
- Type = "Boolean"
- DefaultValue = $true
- Description = "Default setting for adding object type to the export folder"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Add company name"
- Key = "AddCompanyName"
- Type = "Boolean"
- DefaultValue = $true
- Description = "Default setting for adding company name to the export folder"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Export Assignments"
- Key = "ExportIntuneAssignments"
- Type = "Boolean"
- DefaultValue = $true
- Description = "Default setting for exporting assignments"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Create groups"
- Key = "CreateIntuneGroupOnImport"
- Type = "Boolean"
- DefaultValue = $true
- Description = "Default setting for creating groups during import"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Convert synced groups"
- Key = "ConvertIntuneSyncedGroupOnImport"
- Type = "Boolean"
- DefaultValue = $true
- Description = "Convert AD synched groups to Azure AD group during import if the group does not exist"
- }) "IntuneAzure"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Import Assignments"
- Key = "ImportAssignments"
- Type = "Boolean"
- DefaultValue = $true
- }) "IntuneAzure"
-
-
- #Add menu group and items
- Add-MenuSection (New-Object PSObject -Property @{ Title = "Intune/Azure Objects"; ID="IntuneGraphAPI"; Order = 10})
- Add-MenuSection (New-Object PSObject -Property @{ Title = "Intune/Azure Management"; ID="IntuneGraphAPIEX"; Order = 20})
-
- # Add default menu items
- Add-MenuItem (New-Object PSObject -Property @{
- Title = 'Bulk Import'
- MenuID = "IntuneGraphAPIEX"
- Script = [ScriptBlock]{ Show-ImportAllForm }
- })
-
- # Add default menu items
- Add-MenuItem (New-Object PSObject -Property @{
- Title = 'Bulk Export'
- MenuID = "IntuneGraphAPIEX"
- Script = [ScriptBlock]{ Show-ExportAllForm }
- })
-
- $global:UpdateJsonForMigration = $true
-}
-
-function Show-ExportAllForm
-{
- param($Extension)
-
-$xmlStr = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- $($Extension.Xaml)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
- $exportGrid = [System.Windows.Markup.XamlReader]::Parse($xmlStr)
-
- $btnDoExport = $exportGrid.FindName("btnDoExport")
- $btnCancel = $exportGrid.FindName("btnCancel")
- $script:lstObjectsToExport = $exportGrid.FindName("lstObjectsToExport")
- $global:txtExportPath = $exportGrid.FindName("txtExportPath")
- $global:chkAddCompanyName = $exportGrid.FindName("chkAddCompanyName")
- $global:chkAddObjectType = $exportGrid.FindName("chkAddObjectType")
- $global:chkCheckAll = $exportGrid.FindName("chkCheckAll")
-
- $script:btnBrowse = $exportGrid.FindName("browseExportPath")
- $btnBrowse.Tag = $global:txtExportPath
- $btnBrowse.Add_Click({
- $folder = Get-Folder $this.Tag.Text
- if($folder) { $this.Tag.Text = $folder }
- })
-
- $global:exportObjects = @()
- Invoke-ModuleFunction "Get-SupportedExportObjects"
-
- $script:lstObjectsToExport.ItemsSource = $global:exportObjects
-
- if($Extension.Script)
- {
- Invoke-Command -ScriptBlock $Extension.Script -ArgumentList $exportGrid
- }
-
- $global:chkCheckAll.Add_Click({
- foreach($obj in $global:exportObjects)
- {
- $obj.Selected = $global:chkCheckAll.IsChecked
- }
- $script:lstObjectsToExport.Items.Refresh()
- })
-
- $btnDoExport.Add_Click({
- if([System.Windows.MessageBox]::Show("Are you sure you want to export all selected objects?", "Start bulk export?", "YesNo", "Question") -eq "Yes")
- {
- Invoke-GraphExportAll $global:txtExportPath.Text
- Write-Status ""
- if($global:exportedObjects -gt 0)
- {
- [System.Windows.MessageBox]::Show("$($global:exportedObjects) objects exported", "Export finished", "OK", "Info")
- }
- else
- {
- [System.Windows.MessageBox]::Show("No objects was exported!", "Export finished", "OK", "Warning")
- }
- }
- })
-
- Set-ObjectGrid $exportGrid
-}
-
-
-function Show-ImportAllForm
-{
- param($Extension)
-
-$xmlStr = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- $($Extension.Xaml)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
- $importGrid = [System.Windows.Markup.XamlReader]::Parse($xmlStr)
-
- $btnDoImport = $importGrid.FindName("btnDoImport")
- $btnCancel = $importGrid.FindName("btnCancel")
- $script:lstObjectsToImport = $importGrid.FindName("lstObjectsToImport")
- $global:txtImportPath = $importGrid.FindName("txtImportPath")
- $global:chkAddCompanyName = $importGrid.FindName("chkAddCompanyName")
- $global:chkAddObjectType = $importGrid.FindName("chkAddObjectType")
- $global:chkCheckAll = $importGrid.FindName("chkCheckAll")
- $global:chkImportAssignments = $importGrid.FindName("chkImportAssignments")
-
- $script:btnBrowse = $importGrid.FindName("browseImportPath")
- $btnBrowse.Tag = $global:txtImportPath
- $btnBrowse.Add_Click({
- $folder = Get-Folder $this.Tag.Text
- if($folder) { $this.Tag.Text = $folder }
- })
-
- $global:importObjects = @()
-
- Invoke-ModuleFunction "Get-SupportedImportObjects"
-
- $script:lstObjectsToImport.ItemsSource = $global:importObjects
-
- if($Extension.Script)
- {
- Invoke-Command -ScriptBlock $Extension.Script -ArgumentList $importGrid
- }
-
- $global:chkCheckAll.Add_Click({
- foreach($obj in $global:importObjects)
- {
- $obj.Selected = $global:chkCheckAll.IsChecked
- }
- $script:lstObjectsToImport.Items.Refresh()
- })
-
- $btnDoImport.Add_Click({
- if([System.Windows.MessageBox]::Show("Are you sure you want to import all selected objects?", "Start bulk import?", "YesNo", "Question") -eq "Yes")
- {
- Invoke-GraphImportAll $global:txtImportPath.Text
- Write-Status ""
- if($global:importedObjects -gt 0)
- {
- [System.Windows.MessageBox]::Show("$($global:importedObjects) objects imported", "Import finished", "OK", "Info")
- }
- else
- {
- [System.Windows.MessageBox]::Show("No objects was imported!", "Import finished", "OK", "Warning")
- }
- }
- })
-
- Set-ObjectGrid $importGrid
-}
-
-function Invoke-GraphRequest
-{
- param (
- [Parameter(Mandatory)]
- $Url,
-
- $Content,
-
- $Headers,
-
- [ValidateSet("GET","POST","OPTIONS","DELETE", "PATCH")]
- $HttpMethod = "GET"
- )
-
- $params = @{}
-
- if($Content) { $params.Add("Content", $Content) }
- if($Headers) { $params.Add("Headers", $Headers) }
-
- if(($Url -notmatch "^http://|^https://"))
- {
- $Url = $global:graphURL + "/" + $Url.TrimStart('/')
- }
-
- try
- {
- Invoke-MSGraphRequest -Url $Url -HttpMethod $HttpMethod.ToUpper() @params -ErrorAction SilentlyContinue
- if($? -eq $false)
- {
- throw $global:error[0]
- }
-
- }
- catch
- {
- Write-LogError "Failed to invoke MSGraphRequest" $_.Exception
- }
-}
-
-function Get-GraphObjects
-{
- param(
- [Array]
- $Url,
- [Array]
- $property = @('displayName', 'description', 'id'),
- [Array]
- $exclude,
- $SortProperty = "displayName")
-
- $objects = @()
-
- $graphObjects = Invoke-GraphRequest -Url $url
-
- if(($graphObjects | GM -Name Value -MemberType NoteProperty))
- {
- $retObjects = $graphObjects.Value
- }
- else
- {
- $retObjects = $graphObjects
- }
-
- foreach($graphObject in $retObjects)
- {
- $params = @{}
- if($property) { $params.Add("Property", $property) }
- if($exclude) { $params.Add("ExcludeProperty", $exclude) }
- foreach($objTmp in ($graphObject | select @params))
- {
- $objTmp | Add-Member -NotePropertyName "Object" -NotePropertyValue $graphObject
- $objects += $objTmp
- }
- }
-
- if($objects.Count -gt 0 -and $SortProperty -and ($objects[0] | GM -MemberType NoteProperty -Name $SortProperty))
- {
- $objects = $objects | sort -Property $SortProperty
- }
- $objects
-}
-
-function Add-ModuleMenuSections
-{
-
-}
-
-function Get-OrganizationName
-{
- if(-not $global:Organization)
- {
- $global:Organization = (Invoke-GraphRequest "Organization").Value
- }
- $global:Organization.displayName
-}
-
-function Set-ObjectPath
-{
- param($path)
-
- if(-not $lstMenu.SelectedItem.ObjectPath -or -not $path -or (Test-Path $path) -eq $false) { return }
-
- Save-RegSetting $lstMenu.SelectedItem.ObjectPath "LastUsedPath" $path
-}
-
-function Get-ObjectPath
-{
- param($defautValue)
-
- Get-RegSetting $lstMenu.SelectedItem.ObjectPath "LastUsedPath" $defautValue
-}
-
-function Get-AzureADOrganization
-{
- param([switch]$short)
-
- $urlTemp = "/organization"
-
- if($short) { $urlTemp += "`$select=displayName" }
-
- Get-GraphObjects $urlTemp
-}
-
-function Get-JsonFileObjects
-{
- param($path, $Exclude = @("*_settings.json","*_assignments.json"), $SelectedStatus = $true)
-
- if(-not $path -or (Test-Path $path) -eq $false) { return }
-
- $params = @{}
- if($exclude)
- {
- $params.Add("Exclude", $exclude)
- }
-
- $fileArr = @()
- foreach($file in (Get-Item -path "$path\*.json" @params))
- {
- $obj = New-Object PSObject -Property @{
- FileName = $file.Name
- FileInfo = $file
- Selected = $SelectedStatus
- Object = (ConvertFrom-Json (Get-Content $file.FullName -Raw))
- }
-
- $fileArr += $obj
- }
-
- Set-ObjectPath $path
-
- if(($fileArr | measure).Count -eq 1)
- {
- return @($fileArr)
- }
- return $fileArr
-}
-
-function Add-DefaultObjectButtons
-{
- param(
- [scriptblock]
- $export,
- [scriptblock]
- $import,
- [scriptblock]
- $copy,
- [scriptblock]
- $viewFullObject,
- [switch]
- $ForceFullObject,
- [switch]
- $hideview
- )
-
- if($hideview -ne $true)
- {
- $newBtn = New-Object System.Windows.Controls.Button
- #View button
- $newBtn.Content = 'View'
- $newBtn.Name = 'btnView'
- $newBtn.Margin = "5,0,0,0"
- $newBtn.Width = "100"
- $spSubMenu.AddChild($newBtn)
-
- $script:viewFullObject = $viewFullObject
- $script:ForceFullObject = ($ForceFullObject -eq $true)
-
- if($view)
- {
- $newBtn.Add_Click($view)
- }
- else
- {
- $newBtn.Add_Click([scriptblock]{
- if(-not $global:dgObjects.SelectedItem) { return }
-
- if(-not $global:dgObjects.SelectedItem.Object) { return }
-
- if($script:ForceFullObject -eq $true -and $script:ViewFullObject)
- {
- Write-Status "Loading full object info"
- $objFullInfo = Invoke-Command -ScriptBlock $script:ViewFullObject
- Write-Status ""
- if($objFullInfo)
- {
- Show-ObjectInfo -object $objFullInfo -NoLoadFull
- }
- }
- else
- {
- Show-ObjectInfo -Object $global:dgObjects.SelectedItem.Object
- }
- })
- }
- }
-
- if($copy)
- {
- $newBtn = New-Object System.Windows.Controls.Button
- #Copy button
- $newBtn.Content = 'Copy'
- $newBtn.Name = 'btnCopy'
- $newBtn.Margin = "5,0,0,0"
- $newBtn.Width = "100"
- $spSubMenu.AddChild($newBtn)
-
- $newBtn.Add_Click($copy)
- }
-
- if($import)
- {
- $newBtn = New-Object System.Windows.Controls.Button
- #Import button
- $newBtn.Content = 'Import'
- $newBtn.Name = 'btnImport'
- $newBtn.Margin = "5,0,0,0"
- $newBtn.Width = "100"
- $spSubMenu.AddChild($newBtn)
-
- $newBtn.Add_Click($import)
- }
-
- if($export)
- {
- $newBtn = New-Object System.Windows.Controls.Button
- #Export button
- $newBtn.Content = 'Export'
- $newBtn.Name = 'btnExport'
- $newBtn.Margin = "5,0,0,0"
- $newBtn.Width = "100"
- $spSubMenu.AddChild($newBtn)
-
- $newBtn.Add_Click($export)
- }
-
- if($spSubMenu.Children.Count -gt 0)
- {
- Show-SubMenu
- }
-}
-
-function Show-ObjectInfo
-{
- param(
- $FormTitle = "Object info",
- $object,
- [switch]$NoLoadFull)
-
- if(-not $object) { return }
-
- [xml]$xaml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
-
- $reader = (New-Object System.Xml.XmlNodeReader $xaml)
- $script:inputBox = [Windows.Markup.XamlReader]::Load($reader)
-
- $script:txtValue = $script:inputBox.FindName("txtValue")
- $btnOk = $script:inputBox.FindName("btnOk")
- $btnCopy = $script:inputBox.FindName("btnCopy")
- $btnFull = $script:inputBox.FindName("btnFull")
-
- $script:txtValue.Text = (ConvertTo-Json $Object -Depth 5)
-
- $btnOk.Add_Click({
- $script:inputBox.Close()
- })
-
- $btnCopy.Add_Click({
- $script:txtValue.Text | Clip
- })
-
- if($script:ViewFullObject -and $NoLoadFull -ne $true)
- {
- $btnFull.Visibility = "Visible"
- $btnFull.Add_Click({
- Write-Status "Loading full object info"
- $objFullInfo = Invoke-Command -ScriptBlock $script:ViewFullObject
- Write-Status ""
- if($objFullInfo)
- {
- $script:inputBox.Close()
- Show-ObjectInfo -object $objFullInfo -NoLoadFull
- }
- })
- }
-
- $inputBox.ShowDialog() | Out-Null
-}
-
-########################################################################
-#
-# Export functions
-#
-########################################################################
-
-function Show-DefaultExportGrid
-{
- param(
- [ScriptBlock]$ExportAllScript,
- [ScriptBlock]$ExportSelectedScript,
- $Extension,
- $DisplayColumn)
-
- $exportGrid = [System.Windows.Markup.XamlReader]::Parse(@"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- $($Extension.Xaml)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@)
-
- $btnDoExport = $exportGrid.FindName("btnDoExport")
- $btnCancel = $exportGrid.FindName("btnCancel")
- $global:txtExportPath = $exportGrid.FindName("txtExportPath")
- $btnDoSelectedExport = $exportGrid.FindName("btnDoSelectedExport")
- $lblSelectedObject = $exportGrid.FindName("lblSelectedObject")
- $script:btnBrowse = $exportGrid.FindName("browseExportPath")
- $global:chkAddCompanyName = $exportGrid.FindName("chkAddCompanyName")
- $global:chkAddObjectType = $exportGrid.FindName("chkAddObjectType")
- $global:chkExportAssignments = $exportGrid.FindName("chkExportAssignments")
-
- $btnBrowse.Tag = $global:txtExportPath
- $btnBrowse.Add_Click({
- $folder = Get-Folder $global:txtExportPath.Text
- if($folder) { $this.Tag.Text = $folder }
- })
-
- $btnCancel.Add_Click({
- Set-ObjectGrid
- })
-
- if(-not $ExportAllScript)
- {
- $ExportAllScript = [ScriptBlock]{
- Export-AllGraphObjects $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- }
- }
-
- if($Extension.Script)
- {
- Invoke-Command -ScriptBlock $Extension.Script -ArgumentList $exportGrid
- }
-
- $btnDoExport.Add_Click($ExportAllScript)
-
- if($global:dgObjects.SelectedItem.Object -and $ExportSelectedScript -ne $false)
- {
- if(-not $ExportSelectedScript)
- {
- $ExportSelectedScript = [ScriptBlock]{
- Export-SelectedGraphObjects $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- }
- }
-
- $btnDoSelectedExport.Add_Click($ExportSelectedScript)
- if($displayColumn -and $global:dgObjects.SelectedItem."$displayColumn")
- {
- $objName = $global:dgObjects.SelectedItem."$displayColumn"
- }
- elseif($global:dgObjects.SelectedItem.Object.displayName)
- {
- $objName = $global:dgObjects.SelectedItem.Object.displayName
- }
- elseif($global:dgObjects.SelectedItem."$($global:dgObjects.Columns[0].Header)")
- {
- $objName = $global:dgObjects.SelectedItem."$($global:dgObjects.Columns[0].Header)"
- }
-
- $lblSelectedObject.Content = "Selected item: $objName"
- }
- else
- {
- $btnDoSelectedExport.Visibility = "Collapsed"
- $lblSelectedObject.Visibility = "Collapsed"
- }
-
- Set-ObjectGrid $exportGrid
-}
-
-function Export-AllGraphObjects
-{
- param($path = "$env:Temp")
-
- Export-AllGraphObjectsFromSource $path $global:dgObjects.ItemsSource
-}
-
-function Export-AllGraphObjectsFromSource
-{
- param($path = "$env:Temp", $source, $fileNameProperty = "displayName")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($obj in ($source))
- {
- Export-SingleGraphObjects $obj.Object $path $fileNameProperty
- }
- }
-}
-
-function Export-SingleGraphObjects
-{
- param($obj, $path, $fileNameProperty = "displayName")
-
- if(-not $obj -or -not $path) { return }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($obj."$fileNameProperty")"
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj."$fileNameProperty")).json"
- ConvertTo-Json $obj -Depth 5| Out-File $fileName -Force
- $global:exportedObjects++
- }
-}
-
-function Export-SelectedGraphObjects
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Export-SingleGraphObjects $global:dgObjects.SelectedItem.Object $path
- }
-}
-
-function Invoke-GraphExportAll
-{
- param($rootPath)
-
- if(-not $rootPath) { return }
-
- $global:exportedObjects = 0
-
- $rootDir = $rootPath
-
- $global:runningBulkExport = $true
-
- if($global:chkAddCompanyName.IsChecked)
- {
- $dirObj = Get-AzureADOrganization
- if($dirObj.Object.displayName)
- {
- $rootDir = Join-Path $rootDir $dirObj.Object.displayName
- }
- }
-
- foreach($obj in $global:exportObjects)
- {
- if($obj.Selected -ne $true -or -not $obj.Script) { continue }
-
- Invoke-Command $obj.Script -ArgumentList @($rootDir)
- }
-
- $global:runningBulkExport = $false
-}
-
-function Invoke-GraphImportAll
-{
- param($rootPath)
-
- if(-not $rootPath) { return }
-
- $global:importedObjects = 0
-
- $rootDir = $rootPath
-
- $global:runningBulkImport = $true
-
- if($global:chkAddCompanyName.IsChecked)
- {
- $dirObj = Get-AzureADOrganization
- if($dirObj.Object.displayName)
- {
- $rootDir = Join-Path $rootDir $dirObj.Object.displayName
- }
- }
-
- foreach($obj in $global:importObjects)
- {
- if($obj.Selected -ne $true -or -not $obj.Script) { continue }
-
- Invoke-Command $obj.Script -ArgumentList @($rootDir)
- }
-
- $global:runningBulkImport = $false
-}
-
-
-########################################################################
-#
-# Export functions
-#
-########################################################################
-function Show-DefaultImportGrid
-{
- param(
- [ScriptBlock]$ImportAll,
- [ScriptBlock]$ImportSelected,
- [ScriptBlock]$GetFiles,
- $Extension)
-
- if(-not $script:lastUsedImportFolder)
- {
- # Do use root folder each time. Import of single objects are normally under objecy (and company) folder
- $script:lastUsedImportFolder = Get-SettingValue "IntuneRootFolder"
- }
-
- $importGrid = [System.Windows.Markup.XamlReader]::Parse(@"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- $($Extension.Xaml)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@)
-
- $btnDoImport = $importGrid.FindName("btnDoImport")
- $btnCancel = $importGrid.FindName("btnCancel")
- $btnGetFiles = $importGrid.FindName("btnGetFiles")
- $btnImportSelected = $importGrid.FindName("btnImportSelected")
-
- $global:lstFiles = $importGrid.FindName("lstFiles")
- $global:grdFilesHeader = $importGrid.FindName("grdFilesHeader")
- $global:txtImportPath = $importGrid.FindName("txtImportPath")
- $global:grdObjectsMenu = $importGrid.FindName("grdObjectsMenu")
- $global:chkCheckAll = $importGrid.FindName("chkCheckAll")
- $global:chkImportAssignments = $importGrid.FindName("chkImportAssignments")
-
- $script:btnBrowse = $importGrid.FindName("browsePath")
- $btnBrowse.Tag = $global:txtImportPath
- $btnBrowse.Add_Click({
- $folder = Get-Folder $global:txtImportPath.Text
- if($folder)
- {
- $this.Tag.Text = $folder
- $script:lastUsedImportFolder = $global:txtImportPath.Text
- }
- })
-
- $btnCancel.Add_Click({
- if($global:txtImportPath.Text)
- {
- $script:lastUsedImportFolder = $global:txtImportPath.Text
- }
- Set-ObjectGrid
- })
-
- if($Extension.Script)
- {
- Invoke-Command -ScriptBlock $Extension.Script -ArgumentList $importGrid
- }
-
- $global:chkCheckAll.Add_Click({
- foreach($obj in $global:lstFiles.Items)
- {
- $obj.Selected = $global:chkCheckAll.IsChecked
- }
- $global:lstFiles.Items.Refresh()
- })
-
- $btnGetFiles.Add_Click({ $script:lastUsedImportFolder = $global:txtImportPath.Text })
- $btnDoImport.Add_Click({ $script:lastUsedImportFolder = $global:txtImportPath.Text })
- $btnImportSelected.Add_Click({ $script:lastUsedImportFolder = $global:txtImportPath.Text })
-
- $btnGetFiles.Add_Click($GetFiles)
-
- $btnDoImport.Add_Click($ImportAll)
-
- $btnImportSelected.Add_Click($ImportSelected)
-
- Set-ObjectGrid $importGrid
-}
-
-function Show-FileListBox
-{
- $global:grdFilesHeader.Visibility = "Visible"
- $global:lstFiles.Visibility = "Visible"
- $global:grdObjectsMenu.Visibility = "Visible"
-}
-
-########################################################################
-#
-# Migration functions
-#
-########################################################################
-
-# Called during export to add migration info for the assignment
-function Add-MigrationInfo
-{
- param($obj)
-
- if(-not $obj) { return }
-
- foreach($objInfo in $obj.target)
- {
- if(-not $objInfo."@odata.type") { continue }
-
- $objType = $objInfo."@odata.type".Trim('#')
-
- if($objType -eq "microsoft.graph.groupAssignmentTarget" -or
- $objType -eq "microsoft.graph.exclusionGroupAssignmentTarget")
- {
- Add-GroupMigrationObject $objInfo.groupid
- }
- elseif($objType -eq "microsoft.graph.allLicensedUsersAssignmentTarget" -or
- $objType -eq "microsoft.graph.allDevicesAssignmentTarget")
- {
- # No need to migrate All Users or All Devices
- }
- else
- {
- Write-Log "Unsupported migration object: $objType" 3
- }
- }
-}
-
-function Add-GroupMigrationObject
-{
- param($groupId)
-
- if(-not $groupId) { return }
-
- $path = $global:txtExportPath.Text
-
- if($global:chkAddCompanyName.IsChecked)
- {
- $path = Join-Path $path $global:organization.displayName
- }
-
- # Check if group is already processed
- if((Get-MigrationObject $groupId)) { return }
-
- # Get group info
- $groupObj = Get-AADGroup -groupId $groupId -ErrorAction SilentlyContinue
- if($groupObj)
- {
- # Add group to cache
- $global:AADObjectCache.Add($groupId, $groupObj)
-
- # Add group to migration file
- if((Add-MigrationObject $groupObj $path "Group"))
- {
- # Export group info to json file for possible import
- $grouspPath = Join-Path $path "Groups"
- if(-not (Test-Path $grouspPath)) { mkdir -Path $grouspPath -Force -ErrorAction SilentlyContinue | Out-Null }
- $fileName = "$grouspPath\$((Remove-InvalidFileNameChars $groupObj.displayName)).json"
- ConvertTo-Json $groupObj -Depth 5 | Out-File $fileName -Force
- }
- }
-}
-
-function Get-MigrationObject
-{
- param($objId)
-
- if(-not $global:AADObjectCache)
- {
- $global:AADObjectCache = @{}
- }
-
- if($global:AADObjectCache.ContainsKey($objId)) { return $global:AADObjectCache[$objId] }
-}
-
-# Adds an object to migration file if not added previously
-function Add-MigrationObject
-{
- param($obj, $path, $objType)
-
- if(-not $objType) { $objType = $obj."@odata.type" }
-
- $migFileName = Join-Path $path "MigrationTable.json"
-
- if(-not $global:migFileObj)
- {
- if(-not ([IO.File]::Exists($migFileName)))
- {
- # Create new file
- $global:migFileObj = (New-Object PSObject -Property @{
- TenantId = $global:organization.Id
- Organization = $global:organization.displayName
- Objects = @()
- })
- }
- else
- {
- # Add to existing file
- $global:migFileObj = ConvertFrom-Json (Get-Content $migFileName -Raw)
- }
- }
-
- # Make sure Objects property actually exists
- if(($global:migFileObj | GM -MemberType NoteProperty -Name "Objects") -eq $false)
- {
- $global:migFileObj | Add-Member -MemberType NoteProperty -Name "Objects" -Value (@())
- }
-
- # Get current object
- $curObj = $global:migFileObj.Objects | Where Id -eq $obj.Id
-
- if($curObj) { return $false } # Existing object found so return false to tell that the object was not added
-
- $global:migFileObj.Objects += (New-Object PSObject -Property @{
- Id = $obj.Id
- DisplayName = $obj.displayName
- Type = $objType
- })
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
- ConvertTo-Json $global:migFileObj -Depth 10 | Out-File $migFileName -Force
-
- $true # New object was added
-}
-
-function Get-MigrationObjectsFromFile
-{
- if($global:MigrationTableCache -or $global:UpdateJsonForMigration -ne $true) { return }
-
- # Migration table must be located in the root of the import path
- $path = $global:txtImportPath.Text
- $found = $false
- for($i = 0;$i -lt 2;$i++)
- {
- if($i -gt 0)
- {
- # Get parent directory
- $path = [io.path]::GetDirectoryName($path)
- }
-
- $migFileName = Join-Path $path "MigrationTable.json"
- try
- {
- if([IO.File]::Exists($migFileName))
- {
- $found = $true
- break
- }
- }
- catch {}
- }
-
- if($found -eq $false)
- {
- return
- }
-
- $global:MigrationTableCache = @()
-
- $migFileObj = ConvertFrom-Json (Get-Content $migFileName -Raw)
-
- # No need to translate migrated objects in the same environment as exported
- if($migFileObj.TenantId -eq $global:organization.Id) { return }
-
- Write-Status "Loading migration objects"
-
- foreach($migObj in $migFileObj.Objects)
- {
- if($migObj.Type -like "*group*")
- {
- $obj = Get-AADGroup -Filter "displayName eq '$($migObj.DisplayName)'"
- if(-not $obj)
- {
- # This might not be ok:
- # The original gour might be synched from on-prem AD. This will create a group with manual assigned membership
- # ToDo: Add support for goup import from json. This could create dynamic groups
- Write-Log "Create AAD Group $($migObj.DisplayName)"
- $obj = New-AADGroup -displayName $($migObj.DisplayName) -mailEnabled $false -mailNickname "NotSet" -securityEnabled $true
- }
- $global:MigrationTableCache += (New-Object PSObject -Property @{
- OriginalId = $migObj.Id
- Id = $obj.Id
- })
- }
- }
-}
-
-function Update-JsonForEnvironment
-{
- param($json)
-
- if($global:UpdateJsonForMigration -ne $true) { return $json }
-
- # Load file unless previously loaded
- Get-MigrationObjectsFromFile
-
- if(-not $global:MigrationTableCache -or $global:MigrationTableCache.Count -eq 0) { return $json }
-
- # Enumerate all objects in the migration table and replace all exported Id's to Id's in the new environment
- foreach($migInfo in $global:MigrationTableCache)
- {
- $json = $json -replace $migInfo.OriginalId,$migInfo.Id
- }
-
- #return updated json
- $json
-}
-
-########################################################################
-#
-# Assignment functions
-#
-########################################################################
-
-function Import-GraphAssignmentsFile
-{
- param($obj, $assignmentFile, $assignmentType, $assignmentURL)
-
- if(-not (Test-Path $assignmentsFile)) { return }
-
- $assignmentsObj = ConvertFrom-Json (Get-Content $assignmentsFile -Raw)
- if($assignmentsObj)
- {
- Import-GraphAssignments $response $assignmentsObj $assignmentType $assignmentURL
- }
-
-}
-
-# This uses /assign to create an assignment for an object
-# It will update the json with local information if migration table is used
-function Import-GraphAssignments
-{
- param($assignments, $assignmentType, $assignmentURL, $assignmentObjectType)
-
- if(-not $assignments -or -not $assignmentType -or -not $assignmentURL) { return }
-
- if($global:chkImportAssignments.IsChecked -eq $false) { return }
-
- $targets = ""
- $assignments | ForEach-Object {
- Remove-ObjectProperty $PSItem "Id"
- if($assignmentObjectType)
- {
- $PSItem | Add-Member -MemberType NoteProperty -Name "@odata.type" -Value $assignmentObjectType
- }
- $targets += (ConvertTo-Json $PSItem.Target -Depth 5)
- }
- $targets = $targets.TrimEnd(',')
-
-$jsonAssignments = $(ConvertTo-Json $assignments -Depth 5)
-if($jsonAssignments.Trim() -notmatch "^[[]|$[]]")
-{
- $jsonAssignments = "[ $jsonAssignments ]"
-}
-
-$json = @"
-{
- "$($assignmentType)": $jsonAssignments
-}
-
-"@
-
- $json = Update-JsonForEnvironment $json
- $response2 = Invoke-GraphRequest -Url $assignmentURL -Content $json -HttpMethod POST
-}
-
-# This uses /assignments to create an assignment for an object
-# It will update the json with local information if migration table is used
-function Import-GraphAssignments2
-{
- param($assignments, $assignmentURL)
-
- if(-not $assignments -or -not $assignmentURL) { return }
-
- if($global:chkImportAssignments.IsChecked -eq $false) { return }
-
- $assignments | ForEach-Object {
- Invoke-GraphRequest -Url $assignmentURL -Content (Update-JsonForEnvironment (ConvertTo-Json $PSItem)) -HttpMethod POST
- }
-}
-
-function Get-GraphAssignmentsObject
-{
- param($obj, $fileName)
-
- $tmpAssignments = $null
-
- Remove-ObjectProperty $obj "assignments@odata.context"
-
- if(($obj | GM -MemberType NoteProperty -Name 'assignments'))
- {
- $tmpAssignments = $obj.assignments
- $obj.PSObject.Properties.Remove('assignments')
- }
-
- if(-not $tmpAssignments -and $fileName -and (Test-Path $fileName))
- {
- $tmpAssignments = ConvertFrom-Json (Get-Content $fileName -Raw)
- }
-
- $tmpAssignments
-}
-
-#region Policy Functions
-function Start-PreImport
-{
- param($obj, $removeProperties = @())
-
-
- foreach($removeProp in @('lastModifiedDateTime','createdDateTime','supportsScopeTags','id'))
- {
- if($removeProperties -notcontains $removeProp)
- {
- $removeProperties += $removeProp
- }
- }
-
- foreach($prop in $removeProperties)
- {
- if(($obj | GM -MemberType NoteProperty -Name $prop))
- {
- Write-Log "Remove property $prop"
- $obj.PSObject.Properties.Remove($prop)
- }
- }
-}
-
-#endregion
diff --git a/Extensions/PowerShellScripts.psm1 b/Extensions/PowerShellScripts.psm1
deleted file mode 100644
index 6bd6976..0000000
--- a/Extensions/PowerShellScripts.psm1
+++ /dev/null
@@ -1,314 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-PowerShellScriptName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-PowerShellScripts}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-PowerShellScriptName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all powershell scripts"
- Import-AllPowerShellScriptObjects (Join-Path $rootFolder (Get-PowerShellScriptFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-PowerShellScriptName)
- Script = [ScriptBlock]{
- param($rootFolder)
- Write-Status "Export all powershell scripts"
- Get-PowerShellScriptObjects | ForEach-Object { Export-SinglePowerShellScript $PSItem.Object (Join-Path $rootFolder (Get-PowerShellScriptFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-PowerShellScriptFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-PowerShellScriptName
-{
- return "PowerShell Script"
-}
-
-function Get-PowerShellScriptFolderName
-{
- return "PowerShell"
-}
-
-function Get-PowerShellScripts
-{
- Write-Status "Loading PowerShell objects"
- $dgObjects.ItemsSource = @(Get-PowerShellScriptObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllPowerShellScripts $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedPowerShellScript $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllPowerShellScriptObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-PowerShellScriptObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- $exportExtension = (New-Object PSObject -Property @{
- Xaml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
- Script = [ScriptBlock]{
- param($form)
- $script:chkExportScript = $form.FindName("chkExportScript")
- }
- })
-
- $script:exportParams.Add("Extension", $exportExtension)
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-PowerShellScript}) -ViewFullObject ([scriptblock]{Get-PowerShellScriptObject $global:dgObjects.SelectedItem.Object})
-
- #Add download button
- $btnDownload = New-Object System.Windows.Controls.Button
- $btnDownload.Content = 'Download'
- $btnDownload.Name = 'btnDownload'
- $btnDownload.Margin = "5,0,0,0"
- $btnDownload.Width = "100"
- $spSubMenu.Children.Insert(0, $btnDownload)
-
- $btnDownload.Add_Click({
- Invoke-DownloadScript
- })
-}
-
-function Get-PowerShellScriptObjects
-{
- Get-GraphObjects -Url "/deviceManagement/deviceManagementScripts"
-}
-
-function Get-PowerShellScriptObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
- Invoke-GraphRequest -Url "/deviceManagement/deviceManagementScripts/$($object.id)$additional"
-}
-
-function Export-AllPowerShellScripts
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SinglePowerShellScript $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedPowerShellScript
-{
- param($path = "$env:Temp")
-
- Export-SinglePowerShellScript $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SinglePowerShellScript
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-PowerShellScriptFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Get-PowerShellScriptObject -object $psObj -additional "?`$expand=assignments"
- #$obj = Invoke-GraphRequest -Url "/deviceManagement/deviceManagementScripts/$($psObj.id)?`$expand=assignments"
- if($obj)
- {
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
- if($script:chkExportScript.IsChecked)
- {
- $fileName = "$path\$($obj.FileName)"
- [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($obj.scriptContent)) | Out-File $fileName -Force
- }
- Add-MigrationInfo $obj.assignments
- $global:exportedObjects++
- }
- }
-}
-
-function Copy-PowerShellScript
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect PowerShell script you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy PowerShell script" "Select name for the new object" "$($global:dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- $obj = Get-PowerShellScriptObject -object $dgObjects.SelectedItem.Object
- #$obj = Invoke-GraphRequest -Url "/deviceManagement/deviceManagementScripts/$($dgObjects.SelectedItem.id)"
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-PowerShellScript $obj | Out-null
-
- $dgObjects.ItemsSource = @(Get-PowerShellScriptObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-PowerShellScript
-{
- param($obj)
-
- Start-PreImport $obj -RemoveProperties @("id","assignments@odata.context","assignments")
-
- Write-Status "Import $($obj.displayName)"
-
- Invoke-GraphRequest -Url "/deviceManagement/deviceManagementScripts" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
-
-}
-
-function Import-AllPowerShellScriptObjects
-{
- param(
- $path = "$env:Temp"
- )
-
- Import-PowerShellScriptObjects (Get-JsonFileObjects $path)
-}
-
-function Import-PowerShellScriptObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import PowerShell scripts"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import PowerShell script: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-PowerShellScript $obj.Object
-
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments $assignments "deviceManagementScriptAssignments" "/deviceManagement/deviceManagementScripts/$($response.Id)/assign"
- }
- }
-
- $dgObjects.ItemsSource = @(Get-PowerShellScriptObjects)
- Write-Status ""
-}
-
-function Invoke-DownloadScript
-{
- if(-not $global:dgObjects.SelectedItem.Object.id) { return }
-
- $obj = Get-PowerShellScriptObject -object $dgObjects.SelectedItem.Object
- #$obj = Invoke-GraphRequest -Url "/deviceManagement/deviceManagementScripts/$($global:dgObjects.SelectedItem.Object.id)"
- if($obj.scriptContent)
- {
- Write-Log "Download PowerShell script '$($obj.FileName)' from $($obj.displayName)"
- $fileName = "$path\$($obj.FileName)"
-
- $dlgSave = New-Object -Typename System.Windows.Forms.SaveFileDialog
- $dlgSave.InitialDirectory = Get-SettingValue "IntuneRootFolder" $env:Temp
- $dlgSave.FileName = $obj.FileName
- if($dlgSave.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK -and $dlgSave.Filename)
- {
- [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($obj.scriptContent)) | Out-File $dlgSave.Filename -Force
- }
- }
-}
\ No newline at end of file
diff --git a/Extensions/TermsAndConditions.psm1 b/Extensions/TermsAndConditions.psm1
deleted file mode 100644
index 2a99949..0000000
--- a/Extensions/TermsAndConditions.psm1
+++ /dev/null
@@ -1,253 +0,0 @@
-########################################################
-#
-# Common module functions
-#
-########################################################
-function Add-ModuleMenuItems
-{
- Add-MenuItem (New-Object PSObject -Property @{
- Title = (Get-TermsAndConditionName)
- MenuID = "IntuneGraphAPI"
- Script = [ScriptBlock]{Get-TermsAndConditions}
- })
-}
-
-function Get-SupportedImportObjects
-{
- $global:importObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-TermsAndConditionName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Import all terms and conditions"
- Import-AllTermsAndConditionObjects (Join-Path $rootFolder (Get-TermsAndConditionFolderName))
- }
- })
-}
-
-function Get-SupportedExportObjects
-{
- $global:exportObjects += (New-Object PSObject -Property @{
- Selected = $true
- Title = (Get-TermsAndConditionName)
- Script = [ScriptBlock]{
- param($rootFolder)
-
- Write-Status "Export all Intune terms and conditions"
- Get-TermsAndConditionObjects | ForEach-Object { Export-SingleTermsAndCondition $PSItem.Object (Join-Path $rootFolder (Get-TermsAndConditionFolderName)) }
- }
- })
-}
-
-function Export-AllObjects
-{
- param($addObjectSubfolder)
-
- $subFolder = ""
- if($addObjectSubfolder) { $subFolder = Get-TermsAndConditionFolderName }
-}
-
-########################################################
-#
-# Object specific functions
-#
-########################################################
-function Get-TermsAndConditionName
-{
- return "Terms and Conditions"
-}
-
-function Get-TermsAndConditionFolderName
-{
- return "TermsAndConditions"
-}
-
-function Get-TermsAndConditions
-{
- Write-Status "Loading terms and conditions"
- $dgObjects.ItemsSource = @(Get-TermsAndConditionObjects)
-
- #Scriptblocks that will perform the export tasks. empty by default
- $script:exportParams = @{}
- $script:exportParams.Add("ExportAllScript", [ScriptBlock]{
- Export-AllTermsAndConditions $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- $script:exportParams.Add("ExportSelectedScript", [ScriptBlock]{
- Export-SelectedTermsAndCondition $global:txtExportPath.Text
- Set-ObjectGrid
- Write-Status ""
- })
-
- #Scriptblock that will perform the import all files
- $script:importAll = [ScriptBlock]{
- Import-AllTermsAndConditionObjects $global:txtImportPath.Text
- Set-ObjectGrid
- }
-
- #Scriptblock that will perform the import of selected files
- $script:importSelected = [ScriptBlock]{
- Import-TermsAndConditionObjects $global:lstFiles.ItemsSource -Selected
- Set-ObjectGrid
- }
-
- #Scriptblock that will read json files
- $script:getImportFiles = [ScriptBlock]{
- Show-FileListBox
- $global:lstFiles.ItemsSource = @(Get-JsonFileObjects $global:txtImportPath.Text -Exclude "*_Settings.json")
- }
-
- Add-DefaultObjectButtons -export ([scriptblock]{Show-DefaultExportGrid @script:exportParams}) -import ([scriptblock]{Show-DefaultImportGrid -ImportAll $script:importAll -ImportSelected $script:importSelected -GetFiles $script:getImportFiles}) -copy ([scriptblock]{Copy-TermsAndCondition}) -ViewFullObject ([scriptblock]{Get-TermsAndConditionObject $global:dgObjects.SelectedItem.Object})
-}
-
-function Get-TermsAndConditionObjects
-{
- Get-GraphObjects -Url "/deviceManagement/termsAndConditions"
-}
-
-function Get-TermsAndConditionObject
-{
- param($object, $additional = "")
-
- if(-not $Object.id) { return }
-
- Invoke-GraphRequest -Url "/deviceManagement/termsAndConditions/$($Object.id)$additional"
-}
-
-function Export-AllTermsAndConditions
-{
- param($path = "$env:Temp")
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- foreach($objTmp in ($global:dgObjects.ItemsSource))
- {
- Export-SingleTermsAndCondition $objTmp.Object $path
- }
- }
-}
-
-function Export-SelectedTermsAndCondition
-{
- param($path = "$env:Temp")
-
- Export-SingleTermsAndCondition $global:dgObjects.SelectedItem.Object $path
-}
-
-function Export-SingleTermsAndCondition
-{
- param($psObj, $path = "$env:Temp")
-
- if(-not $psObj) { return }
-
- if($global:runningBulkExport -ne $true)
- {
- if($global:chkAddCompanyName.IsChecked) { $path = Join-Path $path $global:organization.displayName }
- if($global:chkAddObjectType.IsChecked) { $path = Join-Path $path (Get-TermsAndConditionFolderName) }
- }
-
- if(-not (Test-Path $path)) { mkdir -Path $path -Force -ErrorAction SilentlyContinue | Out-Null }
-
- if(Test-Path $path)
- {
- Write-Status "Export $($psObj.displayName)"
- $obj = Invoke-GraphRequest -Url "/deviceManagement/termsAndConditions/$($psObj.id)" #?`$expand=assignments"
- if($obj)
- {
- # ?`$expand=assignments is not working so get assignments
- $assignments = Invoke-GraphRequest -Url "/deviceManagement/termsAndConditions/$($obj.id)/assignments"
- if($assignments.value)
- {
- $obj | Add-Member -NotePropertyName "assignments" -NotePropertyValue $assignments.value
- }
-
- $fileName = "$path\$((Remove-InvalidFileNameChars $obj.displayName)).json"
- ConvertTo-Json $obj -Depth 5 | Out-File $fileName -Force
-
- Add-MigrationInfo $obj.assignments
- }
- $global:exportedObjects++
- }
-}
-
-function Copy-TermsAndCondition
-{
- if(-not $dgObjects.SelectedItem)
- {
- [System.Windows.MessageBox]::Show("No object selected`n`nSelect terms and conditions item you want to copy", "Error", "OK", "Error")
- return
- }
-
- $ret = Show-InputDialog "Copy terms and conditions" "Select name for the new object" "$($dgObjects.SelectedItem.displayName) - Copy"
-
- if($ret)
- {
- # Export profile
- Write-Status "Export $($dgObjects.SelectedItem.displayName)"
- # Get full object for export
- $obj = Invoke-GraphRequest -Url "/deviceManagement/termsAndConditions/$($dgObjects.SelectedItem.Object.id)"
- if($obj)
- {
- # Import new profile
- $obj.displayName = $ret
- Import-TermsAndCondition $obj | Out-Null
-
- $dgObjects.ItemsSource = @(Get-TermsAndConditionObjects)
- }
- Write-Status ""
- }
- $dgObjects.Focus()
-}
-
-function Import-TermsAndCondition
-{
- param($obj)
-
- Write-Status "Import $($obj.displayName)"
-
- Start-PreImport $obj
-
- Invoke-GraphRequest -Url "/deviceManagement/termsAndConditions" -Content (ConvertTo-Json $obj -Depth 5) -HttpMethod POST
-}
-
-function Import-AllTermsAndConditionObjects
-{
- param($path = "$env:Temp")
-
- Import-TermsAndConditionObjects (Get-JsonFileObjects $path)
-}
-
-function Import-TermsAndConditionObjects
-{
- param(
- $Objects,
-
- [switch]
- $Selected
- )
-
- Write-Status "Import terms and conditions"
-
- foreach($obj in $objects)
- {
- if($Selected -and $obj.Selected -ne $true) { continue }
-
- Write-Log "Import Terms and Conditions: $($obj.Object.displayName)"
-
- $assignments = Get-GraphAssignmentsObject $obj.Object ($obj.FileInfo.DirectoryName + "\" + $obj.FileInfo.BaseName + "_assignments.json")
-
- $response = Import-TermsAndCondition $obj.Object
- if($response)
- {
- $global:importedObjects++
- Import-GraphAssignments2 $assignments "/deviceManagement/termsAndConditions/$($response.Id)/assignments"
- }
- }
- $dgObjects.ItemsSource = @(Get-TermsAndConditionObjects)
- Write-Status ""
-}
\ No newline at end of file
diff --git a/Intune.ico b/Intune.ico
new file mode 100644
index 0000000..63f7d47
Binary files /dev/null and b/Intune.ico differ
diff --git a/IntuneManagement.PNG b/IntuneManagement.PNG
index 3d40f8d..dcf4e8c 100644
Binary files a/IntuneManagement.PNG and b/IntuneManagement.PNG differ
diff --git a/MSALInfo.md b/MSALInfo.md
new file mode 100644
index 0000000..1225fc6
--- /dev/null
+++ b/MSALInfo.md
@@ -0,0 +1,49 @@
+# Microsoft Authentication Library (MSAL)
+
+Microsoft Authentication Library (MSAL) is used for authenticating to Microsoft Graph and other APIs used by the script. Microsoft.Identity.Client.dll** is the library file that contains the authentication functions. This script is depending on the file to be able to authenticate to Microsoft Graph.
+
+See the GitHub repository [MSAL.PS](https://github.com/AzureAD/MSAL.PS) for more information on using MSAL with PowerShell. This script does not use the module directly for various reasons but the MSAL.PS repository is a great source of information and the best place to start for using MSAL with PowerShell.
+
+See GitHub repository [MSAL for .Net](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) for additional information and source code. Latest version of MSAL can be downloaded [here](https://www.nuget.org/packages/Microsoft.Identity.Client/).
+
+## Applications
+
+MSAL uses OAuth2 to authenticate to an Application in Azure. This script has two applications pre-defined in Settings:
+
+- Microsoft Intune PowerShell (d1ddf0e4-d672-4dae-b554-9d5bdfd93547)
+- Microsoft Graph PowerShell (14d82eec-204b-4c2f-b7e8-296a70dab67e)
+
+Microsoft Intune PowerShell is the same application as the Intune PowerShell module uses and this is the default application for the script.
+
+The script will detect if the selected app is missing permissions and prompt for Consent if additional permissions are required. The script will also prompt for Consent if the application is not approved in the Tenant.
+
+**Note:** Permissions in an app is just a filter and decides what can be done via the app. If a user only has Read permission but the app has ReadWrite, the user will not be able to update anything.
+
+A Custom application can be specified in Settings. This could theoretically be a custom created app in Azure. However, if an App is registered in Azure, it will be single tenant only. This can be used to backup an existing environment but the Azure App cannot be used to import data in another tenant. Use Enterprise Apps and Common/Organizations authority to allow access to multiple tenants.
+
+## Token
+
+The MSAL authentication will create a token that is used when calling APIs in Microsoft Graph. This token is cached in an encrypted **msalcahce.bin3** file in the **%LOCALAPPDATA%\CloudAPIPowerShellManagement** folder. The file can only be decrypted by the same user. Caching the token can be disabled in Settings.
+
+**Note:** Only the token is cached. Credentials are never stored.
+
+The token expire after 1 hour. The script will do a "login" every time it calls an API. MSAL will manage the refresh of the token and only refresh it when it is about to expire or after it has expired. If the token needs to be refreshed e.g. the user was added to a new role, a forced refresh can be triggered in the Profile Info popup.
+
+The Token info will show information like role memberships, expiry time, scope etc. There are three toke information available:
+
+* MSAL Token - Token created when authenticating with MSAL. Contains the Access and ID tokes
+* Access token - Token contains permissions information and used when calling Microsoft Graph APIs
+* ID Token - Token contains user information and used when logging in
+
+Access and ID Tokens are encoded (**NOT** encrypted) Java Web Token (JWT) tokens. JWT tokens are based on three Base64Url strings separated with a dot (.) e.g. Header.Payload.VerifySignature.
+
+See [JWT.IO](https://jwt.io/) for more information about JWT tokens.
+
+## Multi Tenant Support
+
+Support for switching to other tenants can be enabled in Settings. This can be used if the user has a guest account in one or more tenants. This is disabled by default for the following reasons:
+
+* Reduce login time - Getting the list of accessible tenants takes a few seconds extra
+* Reduce prompts - There is no API in Microsoft Graph that returns a list of tenants the current user has access to. Instead, a Azure management API is used. This will require permissions to Azure management which might cause an additional prompt for Consent when logging in.
+
+**Note:** This is only used when a user has access to multiple tenants. Users from other tenants can always be used without enabling the 'Get Tenant List' setting.
\ No newline at end of file
diff --git a/Microsoft.Identity.Client.dll b/Microsoft.Identity.Client.dll
new file mode 100644
index 0000000..35a76a6
Binary files /dev/null and b/Microsoft.Identity.Client.dll differ
diff --git a/Microsoft.Identity.Client.xml b/Microsoft.Identity.Client.xml
new file mode 100644
index 0000000..c2f613f
--- /dev/null
+++ b/Microsoft.Identity.Client.xml
@@ -0,0 +1,19770 @@
+
+
+
+ Microsoft.Identity.Client
+
+
+
+
+ Contains information of a single account. A user can be present in multiple directories and thus have multiple accounts.
+ This information is used for token cache lookup and enforcing the user session on the STS authorize endpoint.
+
+
+
+
+ Constructor
+
+ Home account id in "uid.utid" format; can be null, for example when migrating the ADAL v3 cache
+ UPN style , can be null
+ Identity provider for this account, e.g. login.microsoftonline.com
+ Map of (client_id, wam_account_id)
+
+
+
+ An identifier for an account in a specific tenant. Returned by
+
+
+
+
+ Unique identifier for the account
+
+
+ For the Microsoft identity platform (formerly named Azure AD v2.0), the identifier is the concatenation of
+ and separated by a dot.
+ Contrary to what was happening in ADAL.NET, these two segments are no longer base64 encoded.
+ Note that there are some legitimate cases (for instance domain takeover), where the same ObjectId may show up in multiple tenants.
+
+
+
+
+ For Azure AD, a string representation for a GUID which is the Object ID of the user owning the account in the tenant
+
+
+
+
+ For Azure AD, a string representation for a GUID, which is the ID of the tenant where the account resides.
+
+
+
+
+ Constructor of an AccountId
+
+ Unique identifier for the account.
+ A string representation for a GUID which is the ID of the user owning the account in the tenant
+ A string representation for a GUID, which is the ID of the tenant where the account resides
+
+
+
+ Constructor of an AccountId meant for ADFS scenarios since ADFS instances lack tenant ids.
+
+ Unique identifier for the account if authority is ADFS
+
+
+
+ Two accounts are equal when their properties match
+
+
+
+
+ GetHashCode implementation to match
+
+
+
+
+ Textual description of an
+
+
+
+
+ Base class for builders of token requests, which attempt to acquire a token
+ based on the provided parameters.
+
+
+
+
+
+ Default constructor for AbstractAcquireTokenParameterBuilder.
+
+
+
+
+ Executes the Token request asynchronously, with a possibility of cancelling the
+ asynchronous method.
+
+ Cancellation token. See
+ Authentication result containing a token for the requested scopes and parameters
+ set in the builder.
+ Cancellation is not guaranteed, it is best effort. If the operation reaches a point of no return, e.g.
+ tokens are acquired and written to the cache, the task will complete even if cancellation was requested.
+ Do not rely on cancellation tokens for strong consistency.
+
+
+
+ Executes the Token request asynchronously.
+
+ Authentication result containing a token for the requested scopes and parameters
+ set in the builder.
+
+
+
+ Specifies which scopes to request. This method is used when your application needs
+ to specify the scopes needed to call a protected API. See
+ https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent to learn
+ more about scopes, permissions and consent, and
+ https://docs.microsoft.com/azure/active-directory/develop/msal-v1-app-scopes to learn how
+ to create scopes for legacy applications which used to expose OAuth2 permissions.
+
+ Scopes requested to access a protected API
+ The builder to chain the .With methods.
+
+
+
+ Sets Extra Query Parameters for the query string in the HTTP authentication request.
+
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority
+ as a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ The builder to chain the .With methods.
+
+
+
+ Sets claims in the query. Use when the AAD admin has enabled conditional access. Acquiring the token normally will result in a
+ with the property set. Retry the
+ token acquisition, and use this value in the method. See https://aka.ms/msal-exceptions for details
+ as well as https://aka.ms/msal-net-claim-challenge.
+
+ A string with one or multiple claims.
+ The builder to chain .With methods.
+
+
+
+ Sets Extra Query Parameters for the query string in the HTTP authentication request.
+
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ The string needs to be properly URL-encoded and ready to send as a string of segments of the form key=value separated by an ampersand character.
+
+ The builder to chain .With methods.
+
+
+
+ Specific authority for which the token is requested. Passing a different value than configured
+ at the application constructor narrows down the selection to a specific tenant.
+ This does not change the configured value in the application. This is specific
+ to applications managing several accounts (like a mail client with several mailboxes).
+ See https://aka.ms/msal-net-application-configuration.
+
+ Uri for the authority. In the case when the authority URI is
+ a known Azure AD URI, this setting needs to be consistent with what is declared in
+ the application registration portal.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
+
+ Azure Cloud instance.
+ GUID of the tenant from which to sign-in users.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
+
+ Uri to the Azure Cloud instance (for instance
+ https://login.microsoftonline.com).
+ Tenant Id associated with the tenant from which to sign-in users.
+ Whether the authority should be validated against the server metadata.
+
+ can also contain the string representation of a GUID (tenantId),
+ or even common, organizations or consumers but in this case
+ it's recommended to use another override (
+ and
+
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) described by its cloud instance and its tenant ID.
+ See https://aka.ms/msal-net-application-configuration.
+
+ Instance of Azure Cloud (for instance Azure
+ worldwide cloud, Azure German Cloud, US government ...).
+ Tenant Id of the tenant from which to sign-in users.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) described by its cloud instance and its domain
+ name or tenant ID. See https://aka.ms/msal-net-application-configuration.
+
+ Instance of Azure Cloud (for instance Azure
+ worldwide cloud, Azure German Cloud, US government ...).
+ Tenant Id of the tenant from which to sign-in users. This can also be a GUID.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users specifying
+ the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.
+
+ Instance of Azure Cloud (for instance Azure
+ worldwide cloud, Azure German Cloud, US government ...).
+ Sign-in audience (one AAD organization,
+ any work and school accounts, or any work and school accounts and Microsoft personal
+ accounts.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users specifying
+ the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
+
+ Sign-in audience (one AAD organization,
+ any work and school accounts, or any work and school accounts and Microsoft personal
+ accounts.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs.
+
+ Authority URL for an ADFS server.
+ Whether the authority should be validated against the server metadata.
+ MSAL.NET will only support ADFS 2019 or later.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known authority corresponding to an Azure AD B2C policy.
+ See https://aka.ms/msal-net-b2c-specificities
+
+ Azure AD B2C authority, including the B2C policy (for instance
+ "https://fabrikamb2c.b2clogin.com/tfp/{Tenant}/{policy}).
+ The builder to chain the .With methods.
+
+
+
+ Sets the correlation id to be used in the authentication request.
+
+ Correlation id of the authentication request.
+ The builder to chain the .With methods.
+
+
+
+ Validates the parameters of the AcquireToken operation.
+
+
+
+
+ Base class for parameter builders common to public client application and confidential
+ client application token acquisition operations
+
+
+
+
+
+
+
+
+ Base class for confidential client application token request builders
+
+
+
+
+
+
+
+
+ Modifies the token acquisition request so that the acquired token is a Proof of Possession token (PoP), rather than a Bearer token.
+ PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
+ See https://aka.ms/msal-net-pop
+
+ Configuration properties used to construct a proof of possession request.
+
+
+ An Authentication header is automatically added to the request
+ The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
+ MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.
+ This is an experimental API. The method signature may change in the future without involving a major version upgrade.
+
+
+
+
+
+ Base class for public client application token request builders
+
+
+
+
+
+
+
+
+
+
+
+
+ Builder for AcquireTokenByAuthorizationCode
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
+ Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
+ this method will send the public certificate to Azure AD along with the token request,
+ so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
+
+ true if the x5c should be sent. Otherwise false.
+ The default is false
+ The builder to chain the .With methods
+
+
+
+ Builder for AcquireTokenByIntegratedWindowsAuth
+
+
+
+
+
+
+
+ Specifies the username.
+
+ Identifier of the user account for which to acquire a token with
+ Integrated Windows authentication. Generally in UserPrincipalName (UPN) format,
+ e.g. john.doe@contoso.com
+ The builder to chain the .With methods
+
+
+
+
+
+
+ Parameter builder for the
+ method. See https://aka.ms/msal-net-migration-adal2-msal2
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
+ Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
+ this method will send the public certificate to Azure AD along with the token request,
+ so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
+
+ true if the x5c should be sent. Otherwise false.
+ The default is false
+ The builder to chain the .With methods
+
+
+
+ Parameter builder for the
+ operation. See https://aka.ms/msal-net-up
+
+
+
+
+
+
+
+
+
+
+ Builder for AcquireTokenForClient (used in client credential flows, in daemon applications).
+ See https://aka.ms/msal-net-client-credentials
+
+
+
+
+
+
+
+ Specifies if the token request will ignore the access token in the application token cache
+ and will attempt to acquire a new access token using client credentials.
+ By default the token is taken from the application token cache (forceRefresh=false)
+
+ If true, the request will ignore the token cache. The default is false
+
+ The builder to chain the .With methods
+
+
+
+ Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
+ Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
+ this method will send the public certificate to Azure AD along with the token request,
+ so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
+
+ true if the x5c should be sent. Otherwise false.
+ The default is false
+ The builder to chain the .With methods
+
+
+
+ Please use WithAzureRegion on the ConfidentialClientApplicationBuilder object
+
+
+
+
+ Please use WithAzureRegion on the ConfidentialClientApplicationBuilder object
+
+
+
+
+
+
+
+
+
+
+ Builder for an Interactive token request. See https://aka.ms/msal-net-acquire-token-interactively
+
+
+
+
+ Specifies if the public client application should used an embedded web browser
+ or the system default browser
+
+ If true, will use an embedded web browser,
+ otherwise will attempt to use a system web browser. The default depends on the platform:
+ false for Xamarin.iOS and Xamarin.Android, and true for .NET Framework,
+ and UWP
+ The builder to chain the .With methods
+
+
+
+ Specifies options for using the system OS browser handle interactive authentication.
+
+ Data object with options
+ The builder to chain the .With methods
+
+
+
+ Specifies options for using the embedded wevbiew for interactive authentication.
+
+ Data object with options
+ The builder to chain the .With methods
+
+
+
+ Sets the , in order to avoid select account
+ dialogs in the case the user is signed-in with several identities. This method is mutually exclusive
+ with . If both are used, an exception will be thrown
+
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ The builder to chain the .With methods
+
+
+
+ Sets the account for which the token will be retrieved. This method is mutually exclusive
+ with . If both are used, an exception will be thrown
+
+ Account to use for the interactive token acquisition. See for ways to get an account
+ The builder to chain the .With methods
+
+
+
+
+ Scopes that you can request the end user to consent upfront,
+ in addition to the scopes for the protected Web API for which you want to acquire a security token.
+ The builder to chain the .With methods
+
+
+
+ Specifies the what the interactive experience is for the user.
+
+ Requested interactive experience. The default is
+
+ The builder to chain the .With methods
+
+
+
+ Sets a reference to the ViewController (if using Xamarin.iOS), Activity (if using Xamarin.Android)
+ IWin32Window or IntPtr (if using .Net Framework). Used for invoking the browser.
+
+ Mandatory only on Android. Can also be set via the PublicClientApplcation builder.
+ The parent as an object, so that it can be used from shared NetStandard assemblies
+ The builder to chain the .With methods
+
+
+
+ Sets a reference to the current IWin32Window that triggers the browser to be shown.
+ Used to center the browser (embedded webview and Windows broker) that pop-up onto this window.
+
+ The current window as a IWin32Window
+ The builder to chain the .With methods
+
+
+
+ Sets a reference to the IntPtr to a window that triggers the browser to be shown.
+ Used to center the browser that pop-up onto this window.
+ The center of the screen or the foreground app if a value is configured.
+
+ The current window as IntPtr
+ The builder to chain the .With methods
+
+
+
+
+
+
+
+
+
+
+ Builder for AcquireTokenOnBehalfOf (OBO flow)
+ See https://aka.ms/msal-net-on-behalf-of
+
+
+
+
+
+
+
+ Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
+ Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
+ this method will send the public certificate to Azure AD along with the token request,
+ so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
+
+ true if the x5c should be sent. Otherwise false.
+ The default is false
+ The builder to chain the .With methods
+
+
+
+ Specifies if the client application should force refreshing the
+ token from the user token cache. By default the token is taken from the
+ the user token cache (forceRefresh=false)
+
+ If true, ignore any access token in the user token cache
+ and attempt to acquire new access token using the refresh token for the account
+ if one is available. This can be useful in the case when the application developer wants to make
+ sure that conditional access policies are applied immediately, rather than after the expiration of the access token.
+ The default is false
+ The builder to chain the .With methods
+ Avoid unnecessarily setting to true true in order to
+ avoid negatively affecting the performance of your application
+
+
+
+
+
+
+
+
+
+
+ Parameter builder for the
+ operation. See https://aka.ms/msal-net-acquiretokensilent
+
+
+
+
+ Specifies if the client application should force refreshing the
+ token from the user token cache. By default the token is taken from the
+ the application token cache (forceRefresh=false)
+
+ If true, ignore any access token in the user token cache
+ and attempt to acquire new access token using the refresh token for the account
+ if one is available. This can be useful in the case when the application developer wants to make
+ sure that conditional access policies are applied immediately, rather than after the expiration of the access token.
+ The default is false
+ The builder to chain the .With methods
+ Avoid unnecessarily setting to true true in order to
+ avoid negatively affecting the performance of your application
+
+
+
+
+
+
+
+
+
+ Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
+ Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
+ this method will send the public certificate to Azure AD along with the token request,
+ so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
+
+ true if the x5c should be sent. Otherwise false.
+ The default is false
+ The builder to chain the .With methods
+
+
+
+ Modifies the token acquisition request so that the acquired token is a Proof of Possession token (PoP), rather than a Bearer token.
+ PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
+ See https://aka.ms/msal-net-pop
+
+ Configuration properties used to construct a proof of possession request.
+
+
+ An Authentication header is automatically added to the request
+ The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
+ MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.
+ This is an experimental API. The method signature may change in the future without involving a major version upgrade.
+
+
+
+
+
+ Parameters builder for the
+ operation. See https://aka.ms/msal-net-device-code-flow
+
+
+
+
+
+
+
+ Sets the Callback delegate so your application can
+ interact with the user to direct them to authenticate (to a specific URL, with a code)
+
+ callback containing information to show the user about how to authenticate
+ and enter the device code.
+ The builder to chain the .With methods
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Options for using the modern Windows embedded browser WebView2.
+ For more details see https://aka.ms/msal-net-webview2
+
+
+
+
+
+
+
+
+ Forces a static title to be set on the window hosting the browser. If not configured, the widow's title is set to the web page title.
+
+ Currently only affects WebView2 browser on Windows.
+
+
+
+ It is possible for applications to bundle a fixed version of the runtime, and ship it side-by-side.
+ For this you need to tell MSAL (so it can tell WebView2) where to find the runtime bits by setting this property. If you don't set it, MSAL will attempt to use a system-wide "evergreen" installation of the runtime."
+ For more details see: https://docs.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2environment.createasync?view=webview2-dotnet-1.0.705.50
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ NOTE: a few of the methods in AbstractAcquireTokenParameterBuilder (e.g. account) don't make sense here.
+ Do we want to create a further base that contains ALL of the common methods, and then have another one including
+ account, etc
+ that are only used for AcquireToken?
+
+
+
+
+ Sets the redirect URI to add to the Authorization request URL
+
+ Address to return to upon receiving a response from the authority.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Options for using the default OS browser as a separate process to handle interactive auth.
+ MSAL will be listening for the OS browser to finish authenticating, but it cannot close the browser.
+ It can however respond with a 200 OK message or a 302 Redirect, which can be configured here.
+ For more details see https://aka.ms/msal-net-os-browser
+
+
+
+
+ Constructor
+
+
+
+
+ When the user finishes authenticating, MSAL will respond with a 200 OK message,
+ which the browser will show to the user.
+
+
+
+
+ When the user finishes authenticating, but an error occurred,
+ MSAL will respond with a 200 OK message, which the browser will show to the user.
+ You can use a string format e.g. "An error has occurred: {0} details: {1}"
+
+
+
+
+ When the user finishes authenticating, MSAL will redirect the browser to the given Uri
+
+ Takes precedence over
+
+
+
+ When the user finishes authenticating, but an error occurred, MSAL will redirect the browser to the given Uri
+
+ Takes precedence over
+
+
+
+ Allows developers to implement their own logic for starting a browser and navigating to a specific Uri. MSAL
+ will use this when opening the browser. Leave it null and the user configured browser will be used.
+ Consider using the static helpers OpenWithEdgeBrowserAsync and OpenWithChromeEdgeBrowserAsync
+
+
+
+
+ Use Microsoft Edge to navigate to the given URI. On non-windows platforms it uses
+ whatever browser is the default.
+
+
+
+
+ Use Microsoft Edge Chromium to navigate to the given URI. Requires the browser to be installed.
+ On Linux, uses the default system browser instead, as Edge is not available.
+
+
+
+
+ Advanced options for using the Windows 10 broker.
+ For more details see https://aka.ms/msal-net-wam
+
+
+
+
+
+
+
+
+
+ A legacy option available only to old Microsoft applications. Should be avoided where possible.
+
+
+
+
+ Allow the Windows broker to list Work and School accounts as part of the
+
+ On UWP, accounts are not listed due to privacy concerns
+
+
+
+ Specifies which Microsoft accounts can be used for sign-in with a given application.
+ See https://aka.ms/msal-net-application-configuration
+
+
+
+
+ The sign-in audience was not specified
+
+
+
+
+ Users with a Microsoft work or school account in my organization’s Azure AD tenant (i.e. single tenant).
+ Maps to https://[instance]/[tenantId]
+
+
+
+
+ Users with a personal Microsoft account, or a work or school account in any organization’s Azure AD tenant
+ Maps to https://[instance]/common/
+
+
+
+
+ Users with a Microsoft work or school account in any organization’s Azure AD tenant (i.e. multi-tenant).
+ Maps to https://[instance]/organizations/
+
+
+
+
+ Users with a personal Microsoft account. Maps to https://[instance]/consumers/
+
+
+
+
+
+
+
+
+
+ Uses a specific to communicate
+ with the IdP. This enables advanced scenarios such as setting a proxy,
+ or setting the Agent.
+
+ HTTP client factory
+ MSAL does not guarantee that it will not modify the HttpClient, for example by adding new headers.
+ Prior to the changes needed in order to make MSAL's httpClients thread safe (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/2046/files),
+ the httpClient had the possibility of throwing an exception stating "Properties can only be modified before sending the first request".
+ MSAL's httpClient will no longer throw this exception after 4.19.0 (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.19.0)
+ see (https://aka.ms/msal-httpclient-info) for more information.
+
+ The builder to chain the .With methods
+
+
+
+ Allows developers to configure their own valid authorities. A json string similar to https://aka.ms/aad-instance-discovery should be provided.
+ MSAL uses this information to:
+
+ Call REST APIs on the environment specified in the preferred_network
+ Identify an environment under which to save tokens and accounts in the cache
+ Use the environment aliases to match tokens issued to other authorities
+
+ For more details see https://aka.ms/msal-net-custom-instance-metadata
+
+
+ Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not know in advance.
+ Has no effect on ADFS or B2C authorities, only for AAD authorities
+
+
+
+
+
+ Allows developers to configure their own valid authorities. A json string similar to https://aka.ms/aad-instance-discovery should be provided.
+ MSAL uses this information to:
+
+ Call REST APIs on the environment specified in the preferred_network
+ Identify an environment under which to save tokens and accounts in the cache
+ Use the environment aliases to match tokens issued to other authorities
+
+ For more details see https://aka.ms/msal-net-custom-instance-metadata
+
+
+ Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not known in advance.
+ Has no effect on ADFS or B2C authorities, only for AAD authorities
+
+
+
+
+
+ Lets an organization setup their own service to handle instance discovery, which enables better caching for microservice/service environments.
+ A Uri that returns a response similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
+
+ Call REST APIs on the environment specified in the preferred_network
+ Identify an environment under which to save tokens and accounts in the cache
+ Use the environment aliases to match tokens issued to other authorities
+
+ For more details see https://aka.ms/msal-net-custom-instance-metadata
+
+
+ Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not know in advance.
+ Has no effect on ADFS or B2C authorities, only for AAD authorities
+
+
+
+
+
+ Lets an organization setup their own service to handle instance discovery, which enables better caching for microservice/service environments.
+ A Uri that returns a response similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
+
+ Call REST APIs on the environment specified in the preferred_network
+ Identify an environment under which to save tokens and accounts in the cache
+ Use the environment aliases to match tokens issued to other authorities
+
+ For more details see https://aka.ms/msal-net-custom-instance-metadata
+
+
+ Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not known in advance.
+ Has no effect on ADFS or B2C authorities, only for AAD authorities
+
+
+
+
+
+ Enables legacy ADAL cache serialization and deserialization.
+
+ Enable legacy ADAL cache compatibility.
+ The builder to chain the .With methods.
+
+ ADAL is a previous legacy generation of MSAL.NET authentication library.
+ If you don't use .WithLegacyCacheCompatibility(false), then by default, the ADAL cache is used
+ (along with MSAL cache). true flag is only needed for specific migration scenarios
+ from ADAL.NET to MSAL.NET when both library versions are running side-by-side.
+ To improve performance add .WithLegacyCacheCompatibility(false) unless you care about migration scenarios.
+
+
+
+
+ Sets the logging callback. For details see https://aka.ms/msal-net-logging
+
+
+ Desired level of logging. The default is LogLevel.Info
+ Boolean used to enable/disable logging of
+ Personally Identifiable Information (PII).
+ PII logs are never written to default outputs like Console, Logcat or NSLog
+ Default is set to false, which ensures that your application is compliant with GDPR.
+ You can set it to true for advanced debugging requiring PII
+
+ Flag to enable/disable logging to platform defaults.
+ In Desktop/UWP, Event Tracing is used. In iOS, NSLog is used.
+ In android, Logcat is used. The default value is false
+
+ The builder to chain the .With methods
+ is thrown if the loggingCallback
+ was already set on the application builder
+
+
+
+ Sets the Debug logging callback to a default debug method which displays
+ the level of the message and the message itself. For details see https://aka.ms/msal-net-logging
+
+ Desired level of logging. The default is LogLevel.Info
+ Boolean used to enable/disable logging of
+ Personally Identifiable Information (PII).
+ PII logs are never written to default outputs like Console, Logcat or NSLog
+ Default is set to false, which ensures that your application is compliant with GDPR.
+ You can set it to true for advanced debugging requiring PII
+
+ Flag to enable/disable logging to platform defaults.
+ In Desktop/UWP, Event Tracing is used. In iOS, NSLog is used.
+ In android, logcat is used. The default value is false
+
+ The builder to chain the .With methods
+ is thrown if the loggingCallback
+ was already set on the application builder by calling
+
+
+
+
+ Sets the telemetry callback. For details see https://aka.ms/msal-net-telemetry
+
+ Delegate to the callback sending the telemetry
+ elaborated by the library to the telemetry endpoint of choice
+ The builder to chain the .With methods
+ is thrown if the method was already
+ called on the application builder.
+
+
+
+ Sets the Client ID of the application
+
+ Client ID (also known as Application ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)
+ The builder to chain the .With methods
+
+
+
+ Sets the redirect URI of the application. See https://aka.ms/msal-net-application-configuration
+
+ URL where the STS will call back the application with the security token.
+ This parameter is not required for desktop or UWP applications (as a default is used).
+ It's not required for mobile applications that don't use a broker
+ It is required for web apps
+ The builder to chain the .With methods
+
+
+
+ Sets the Tenant Id of the organization from which the application will let
+ users sign-in. This is classically a GUID or a domain name. See https://aka.ms/msal-net-application-configuration.
+ Although it is also possible to set to common,
+ organizations, and consumers, it's recommended to use one of the
+ overrides of
+
+ tenant ID of the Azure AD tenant
+ or a domain associated with this Azure AD tenant, in order to sign-in a user of a specific organization only
+ The builder to chain the .With methods
+
+
+
+ Sets the name of the calling application for telemetry purposes.
+
+ The name of the application for telemetry purposes.
+
+
+
+
+ Sets the version of the calling application for telemetry purposes.
+
+ The version of the calling application for telemetry purposes.
+
+
+
+
+ Sets application options, which can, for instance have been read from configuration files.
+ See https://aka.ms/msal-net-application-configuration.
+
+ Application options
+ The builder to chain the .With methods
+
+
+
+ Sets Extra Query Parameters for the query string in the HTTP authentication request
+
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority
+ as a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ The builder to chain the .With methods
+
+
+
+ Sets Extra Query Parameters for the query string in the HTTP authentication request
+
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ The string needs to be properly URL-encoded and ready to send as a string of segments of the form key=value separated by an ampersand character.
+
+
+
+
+
+ Allows usage of experimental features and APIs. If this flag is not set, experimental features
+ will throw an exception. For details see https://aka.ms/msal-net-experimental-features
+
+
+ Changes in the public API of experimental features will not result in an increment of the major version of this library.
+ For these reason we advise against using these features in production.
+
+
+
+
+ Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
+ Allows configuration of one or more client capabilities, e.g. "llt"
+
+
+ MSAL will transform these into special claims request. See https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter for
+ details on claim requests.
+ For more details see https://aka.ms/msal-net-claims-request
+
+
+
+
+ Generate telemetry aggregation events.
+
+
+
+
+
+
+ Adds a known authority to the application from its Uri. See https://aka.ms/msal-net-application-configuration.
+ This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority,
+ nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in national and sovereign clouds, prefer
+ using other overrides such as
+
+ Uri of the authority
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users specifying
+ the full authority Uri. See https://aka.ms/msal-net-application-configuration.
+
+ URL of the security token service (STS) from which MSAL.NET will acquire the tokens.
+ Usual authorities endpoints for the Azure public Cloud are:
+
+ https://login.microsoftonline.com/tenant/ where tenant is the tenant ID of the Azure AD tenant
+ or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only
+ https://login.microsoftonline.com/common/ to sign-in users with any work and school accounts or Microsoft personal account
+ https://login.microsoftonline.com/organizations/ to sign-in users with any work and school accounts
+ https://login.microsoftonline.com/consumers/ to sign-in users with only personal Microsoft accounts (live)
+
+ Note that this setting needs to be consistent with what is declared in the application registration portal
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
+
+ Azure Cloud instance.
+ GUID of the tenant from which to sign-in users.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
+
+ Uri to the Azure Cloud instance (for instance
+ https://login.microsoftonline.com)
+ domain name associated with the tenant from which to sign-in users
+ Whether the authority should be validated against the server metadata.
+
+ can also contain the string representation of a GUID (tenantId),
+ or even common, organizations or consumers but in this case
+ it's recommended to use another override (
+ and
+
+ The builder to chain the .With methods
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) described by its cloud instance and its tenant ID.
+ See https://aka.ms/msal-net-application-configuration.
+
+ Instance of Azure Cloud (for instance Azure
+ worldwide cloud, Azure German Cloud, US government ...)
+ Tenant Id of the tenant from which to sign-in users
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users from a single
+ organization (single tenant application) described by its cloud instance and its domain
+ name or tenant ID. See https://aka.ms/msal-net-application-configuration.
+
+ Instance of Azure Cloud (for instance Azure
+ worldwide cloud, Azure German Cloud, US government ...).
+ Domain name associated with the Azure AD tenant from which
+ to sign-in users. This can also be a GUID.
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods.
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users specifying
+ the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.
+
+ Instance of Azure Cloud (for instance Azure
+ worldwide cloud, Azure German Cloud, US government ...)
+ Sign-in audience (one AAD organization,
+ any work and school accounts, or any work and school accounts and Microsoft personal
+ accounts
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods
+
+
+
+ Adds a known Azure AD authority to the application to sign-in users specifying
+ the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
+
+ Sign-in audience (one AAD organization,
+ any work and school accounts, or any work and school accounts and Microsoft personal
+ accounts
+ Whether the authority should be validated against the server metadata.
+ The builder to chain the .With methods
+
+
+
+ Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs
+
+ Authority URL for an ADFS server
+ Whether the authority should be validated against the server metadata.
+ MSAL.NET will only support ADFS 2019 or later.
+ The builder to chain the .With methods
+
+
+
+ Adds a known authority corresponding to an Azure AD B2C policy.
+ See https://aka.ms/msal-net-b2c-specificities
+
+ Azure AD B2C authority, including the B2C policy (for instance
+ "https://fabrikamb2c.b2clogin.com/tfp/{Tenant}/{policy})
+ The builder to chain the .With methods
+
+
+
+ Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
+
+
+
+
+ Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
+
+
+
+
+ Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
+
+
+
+
+ Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
+
+
+
+
+ Base class for options objects with string values loadable from a configuration file
+ (for instance a JSON file, as in an asp.net configuration scenario)
+ See https://aka.ms/msal-net-application-configuration
+ See also derived classes
+ and
+
+
+
+
+ Client ID (also known as App ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)
+
+
+
+
+ Tenant from which the application will allow users to sign it. This can be:
+ a domain associated with a tenant, a GUID (tenant id), or a meta-tenant (e.g. consumers).
+ This property is mutually exclusive with . If both
+ are provided, an exception will be thrown.
+
+ The name of the property was chosen to ensure compatibility with AzureAdOptions
+ in ASP.NET Core configuration files (even the semantics would be tenant)
+
+
+
+ Sign-in audience. This property is mutually exclusive with TenantId. If both
+ are provided, an exception will be thrown.
+
+
+
+
+ STS instance (for instance https://login.microsoftonline.com for the Azure public cloud).
+ The name was chosen to ensure compatibility with AzureAdOptions in ASP.NET Core.
+ This property is mutually exclusive with . If both
+ are provided, an exception will be thrown.
+
+
+
+
+ Specific instance in the case of Azure Active Directory.
+ It allows users to use the enum instead of the explicit URL.
+ This property is mutually exclusive with . If both
+ are provided, an exception will be thrown.
+
+
+
+
+ This redirect URI needs to be registered in the app registration. See https://aka.ms/msal-net-register-app for
+ details on which redirect URIs are defined by default by MSAL.NET and how to register them.
+ Also use: which provides
+ a good default for public client applications for all platforms.
+
+ For web apps and web APIs, the redirect URI is computed from the URL where the application is running
+ (for instance, baseUrl//signin-oidc for ASP.NET Core web apps).
+
+ For daemon applications (confidential client applications using only the Client Credential flow
+ that is calling AcquireTokenForClient), no reply URI is needed.
+
+ This is especially important when you deploy an application that you have initially tested locally;
+ you then need to add the reply URL of the deployed application in the application registration portal
+
+
+
+
+ Enables you to configure the level of logging you want. The default value is . Setting it to will only get errors
+ Setting it to will get errors and warning, etc..
+ See https://aka.ms/msal-net-logging
+
+
+
+
+ Flag to enable/disable logging of Personally Identifiable Information (PII).
+ PII logs are never written to default outputs like Console, Logcat or NSLog
+ Default is set to false, which ensures that your application is compliant with GDPR. You can set
+ it to true for advanced debugging requiring PII. See https://aka.ms/msal-net-logging
+
+
+
+
+
+ Flag to enable/disable logging to platform defaults. In Desktop/UWP, Event Tracing is used. In iOS, NSLog is used.
+ In Android, logcat is used. The default value is false. See https://aka.ms/msal-net-logging
+
+
+
+
+
+ Identifier of the component (libraries/SDK) consuming MSAL.NET.
+ This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries.
+
+
+
+
+ The name of the calling application for telemetry purposes.
+
+
+
+
+ The version of the calling application for telemetry purposes.
+
+
+
+
+ Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
+ Allows configuration of one or more client capabilities, e.g. "llt"
+
+
+ MSAL will transform these into special claims request. See https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter for
+ details on claim requests.
+ For more details see https://aka.ms/msal-net-claims-request
+
+
+
+
+ Enables legacy ADAL cache serialization and deserialization.
+
+
+
+
+ This class must be kept immutable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Value communicating that the AzureCloudInstance is not specified.
+
+
+
+
+ Microsoft Azure public cloud. Maps to https://login.microsoftonline.com
+
+
+
+
+ Microsoft Chinese national cloud. Maps to https://login.chinacloudapi.cn
+
+
+
+
+ Microsoft German national cloud ("Black Forest"). Maps to https://login.microsoftonline.de
+
+
+
+
+ US Government cloud. Maps to https://login.microsoftonline.us
+
+
+
+
+
+
+
+
+
+
+
+ Constructor of a ConfidentialClientApplicationBuilder from application configuration options.
+ See https://aka.ms/msal-net-application-configuration
+
+ Confidential client applications configuration options
+ A from which to set more
+ parameters, and to create a confidential client application instance
+
+
+
+ Creates a ConfidentialClientApplicationBuilder from a clientID.
+ See https://aka.ms/msal-net-application-configuration
+
+ Client ID (also known as App ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)/.
+ A from which to set more
+ parameters, and to create a confidential client application instance
+
+
+
+ Sets the certificate associated with the application
+
+ The X509 certificate used as credentials to prove the identity of the application to Azure AD.
+ You should use certificates with a private key size of at least 2048 bytes. Future versions of this library might reject certificates with smaller keys.
+
+
+
+ Sets the certificate associated with the application along with the specific claims to sign.
+ By default, this will merge the with the default required set of claims needed for authentication.
+ If is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion
+
+ The X509 certificate used as credentials to prove the identity of the application to Azure AD.
+ The claims to be signed by the provided certificate.
+ Determines whether or not to merge with the default claims required for authentication.
+ You should use certificates with a private key size of at least 2048 bytes. Future versions of this library might reject certificates with smaller keys.
+
+
+
+ Sets the application secret
+
+ Secret string previously shared with AAD at application registration to prove the identity
+ of the application (the client) requesting the tokens
+
+
+
+
+ Sets the application client assertion. See https://aka.ms/msal-net-client-assertion.
+ This will create an assertion that will be held within the client application's memory for the duration of the client.
+ You can use to set a delegate that will be executed for each authentication request.
+ This will allow you to update the client asserion used by the client application once the assertion expires.
+
+ The client assertion used to prove the identity of the application to Azure AD. This is a Base-64 encoded JWT.
+
+
+
+
+ Configures a delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion
+
+ delegate computing the client assertion used to prove the identity of the application to Azure AD.
+ This is a delegate that computes a Base-64 encoded JWT for each authentication call.
+ The ConfidentialClientApplicationBuilder to chain more .With methods
+ Callers can use this mechanism to cache their assertions
+
+
+
+ Instructs MSAL.NET to use an Azure regional token service.
+
+ Either the string with the region (preferred) or
+ use and MSAL.NET will attempt to auto-detect the region.
+
+
+ Region names as per https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.resourcemanager.fluent.core.region?view=azure-dotnet.
+ Not all auth flows can use the regional token service.
+ Service To Service (client credential flow) tokens can be obtained from the regional service.
+ Requires configuration at the tenant level.
+ Auto-detection works on a limited number of Azure artifacts (VMs, Azure functions).
+ If auto-detection fails, the non-regional endpoint will be used.
+ If an invalid region name is provided, the non-regional endpoint MIGHT be used or the token request MIGHT fail.
+ See https://aka.ms/msal-net-region-discovery for more details.
+
+ The builder to chain the .With methods
+
+
+
+
+
+
+ Builds the ConfidentialClientApplication from the parameters set
+ in the builder
+
+
+
+
+
+
+
+
+
+
+ Configuration options for a confidential client application
+ (web app / web API / daemon app). See https://aka.ms/msal-net/application-configuration
+
+
+
+
+ Client secret for the confidential client application. This secret (application password)
+ is provided by the application registration portal, or provided to Azure AD during the
+ application registration with PowerShell AzureAD, PowerShell AzureRM, or Azure CLI.
+
+
+
+
+ Instructs MSAL.NET to use an Azure regional token service.
+ This setting should be set to either the string with the region (preferred) or to
+ "TryAutoDetect" and MSAL.NET will attempt to auto-detect the region.
+
+
+ Region names as per https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.resourcemanager.fluent.core.region?view=azure-dotnet.
+ Not all auth flows can use the regional token service.
+ Service To Service (client credential flow) tokens can be obtained from the regional service.
+ Requires configuration at the tenant level.
+ Auto-detection works on a limited number of Azure artifacts (VMs, Azure functions).
+ If auto-detection fails, the non-regional endpoint will be used.
+ If an invalid region name is provided, the non-regional endpoint MIGHT be used or the token request MIGHT fail.
+ See https://aka.ms/msal-net-region-discovery for more details.
+
+
+
+
+ Configuration properties used to build a public or confidential client application.
+
+
+
+
+ Client ID (also known as App ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app).
+
+
+
+
+ Flag telling if logging of Personally Identifiable Information (PII) is enabled/disabled for
+ the application. See https://aka.ms/msal-net-logging.
+
+
+
+
+
+ used to get HttpClient instances to communicate
+ with the identity provider.
+
+
+
+
+ Level of logging requested for the app.
+ See https://aka.ms/msal-net-logging.
+
+
+
+
+ Flag telling if logging to platform defaults is enabled/disabled for the app.
+ In Desktop/UWP, Event Tracing is used. In iOS, NSLog is used.
+ In Android, logcat is used. See https://aka.ms/msal-net-logging.
+
+
+
+
+ Redirect URI for the application. See
+
+
+
+
+ Audience for the application. See
+
+
+
+
+ Callback used for logging. It was set with
+ See https://aka.ms/msal-net-logging
+
+
+
+
+ Extra query parameters that will be applied to every acquire token operation.
+ See
+
+
+
+
+ Indicates whether or not the current application object is configured to use brokered authentication.
+
+
+
+
+ The name of the calling application for telemetry purposes.
+
+
+
+
+ The version of the calling application for telemetry purposes.
+
+
+
+
+
+
+
+
+ Allows usage of features that are experimental and would otherwise throw a specific exception.
+ Use of experimental features in production is not recommended and are subject to be removed between builds.
+ For details see https://aka.ms/msal-net-experimental-features.
+
+
+
+
+ Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
+ Allows configuration of one or more client capabilities, e.g. "llt"
+
+
+ MSAL will transform these into a "access_token" claims request. See https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter for
+ details on claim requests.
+ For more details see https://aka.ms/msal-net-claims-request
+
+
+
+
+ Enables legacy ADAL cache serialization and deserialization.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Factory responsible for creating HttpClient
+ .Net recommends to use a single instance of HttpClient.
+
+
+ Implementations must be thread safe. Consider creating and configuring an HttpClient in the constructor
+ of the factory, and returning the same object in
+
+
+
+
+ Method returning an HTTP client that will be used to
+ communicate with Azure AD. This enables advanced scenarios.
+ See https://aka.ms/msal-net-application-configuration.
+
+ An HTTP client.
+
+
+
+ Describes the types of audiences for telemetry.
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ Indicates a PreProduction environment. PreProd environments are not sampled.
+
+
+
+
+ Indicates a Production environment. These environments are sampled based on the platforms' device info to reduce data load.
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ Communicates which audience the telemetry is for (e.g. Production or Pre-Production) so that MSAL.NET can change sampling
+ and filtering behavior.
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ ID for the telemetry session.
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ Implementers of the interface will receive this callback when telemetry data is available. The implementation should transfer
+ the data in ITelemetryEventPayload to a specific telemetry uploader instance.
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ Data that represents a single snapshot in the series of events that are collected
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ Used for debugging and testing.
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+ Configuration properties used to construct a proof of possession request.
+
+
+
+
+ Constructs the configuration properties used to construct a proof of possession request
+
+ An Uri to the protected resource which requires a PoP token. The PoP token will be cryptographically bound to the request uri
+
+
+
+ An Uri to the protected resource which requires a PoP token. The PoP token will be cryptographically bound to the request uri (to the host and query parts of it)
+
+
+
+
+ The HTTP method ("GET", "POST" etc.) method that will be bound to the token. Leave null and the POP token will not be bound to the method.
+
+
+
+
+ An extensibility point that allows developers to define their own key management.
+ Leave null and MSAL will use a default implementation, which generates an RSA key pair in memory and refreshes it every 8 hours.
+ Important note: if you want to change the key (e.g. rotate the key), you should create a new instance of this object,
+ as MSAL.NET will keep a thumbprint of keys in memory.
+
+
+
+
+
+
+
+
+
+
+
+ Creates a PublicClientApplicationBuilder from public client application
+ configuration options. See https://aka.ms/msal-net-application-configuration
+
+ Public client applications configuration options
+ A from which to set more
+ parameters, and to create a public client application instance
+
+
+
+ Creates a PublicClientApplicationBuilder from a clientID.
+ See https://aka.ms/msal-net-application-configuration
+
+ Client ID (also known as App ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)/.
+ A from which to set more
+ parameters, and to create a public client application instance
+
+
+
+ Configures the public client application to use the recommended reply URI for the platform.
+ See https://aka.ms/msal-net-default-reply-uri.
+
+
+ Platform
+ Default Reply URI
+
+
+ .NET desktop
+ https://login.microsoftonline.com/common/oauth2/nativeclient
+
+
+ UWP
+ value of WebAuthenticationBroker.GetCurrentApplicationCallbackUri()
+
+
+ For system browser on .NET Core
+ http://localhost
+
+
+ NOTE:There will be an update to the default redirect URI in the future to accommodate for system browsers on the
+ .NET desktop and .NET Core platforms.
+
+ A from which to set more
+ parameters, and to create a public client application instance
+
+
+
+ You can specify a Keychain Access Group to use for persisting the token cache across multiple applications.
+ This enables you to share the token cache between several applications having the same Keychain access group.
+ Sharing the token cache allows single sign-on between all of the applications that use the same Keychain access Group.
+ See https://aka.ms/msal-net-ios-keychain-security-group for more information.
+
+
+ A from which to set more
+ parameters, and to create a public client application instance
+
+
+
+ Brokers enable Single-Sign-On, device identification,
+ and application identification verification. To enable one of these features,
+ you need to set the WithBroker() parameters to true. See https://aka.ms/msal-net-brokers
+ for more information on platform specific settings required to enable the broker.
+
+ On iOS and Android, Authenticator and Company Portal serve as brokers.
+ On Windows, WAM (Windows Account Manager) serves as broker. See https://aka.ms/msal-net-wam
+
+ Determines whether or not to use broker with the default set to true.
+ A from which to set more
+ parameters, and to create a public client application instance
+ If your app uses .NET classic or .NET Core 3.x, and you wish to use the Windows broker,
+ please install the nuget package Microsoft.Identity.Client.Desktop and call .WithDesktopFeatures()
+
+
+
+ Allows customization of the Windows 10 Broker experience
+
+
+
+
+ Sets a reference to the ViewController (if using Xamarin.iOS), Activity (if using Xamarin.Android)
+ IWin32Window or IntPtr (if using .Net Framework). Used for invoking the browser.
+
+
+ Mandatory only on Android to be set either from here or from AcquireTokenInteractive builder.
+ See https://aka.ms/msal-net-android-activity for further documentation and details.
+
+ The parent as an object, so that it can be used from shared NetStandard assemblies
+ The builder to chain the .With methods
+
+
+
+
+ Sets a reference to the current IWin32Window that triggers the browser to be shown.
+ Used to center the browser that pop-up onto this window.
+
+ A function to return the current window
+ The builder to chain the .With methods
+
+
+
+ Sets a reference to the IntPtr to a window that triggers the browser to be shown.
+ Used to center the browser that pop-up onto this window.
+
+ A function to return the current window
+ The builder to chain the .With methods
+
+
+
+ Returns true if a broker can be used.
+
+
+ On Windows, the broker (WAM) can be used on Win10 and is always installed. See https://aka.ms/msal-net-wam
+ On Mac, Linux and older versions of Windows a broker is not available.
+ If your application is .NET5, please use the target .net5.0-windows10.0.17763.0 for all Windows versions and target net5.0 to target Linux and Mac.
+ If your application is .NET classic or .NET Core 3.1 and you wish to use the Windows Broker, please install Microsoft.Identity.Client.Desktop first and call WithDesktopFeatures().
+
+ On mobile, the device must be Intune joined and Authenticator or Company Portal must be installed. See https://aka.ms/msal-brokers
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Configuration options for a public client application (desktop/mobile app).
+ See https://aka.ms/msal-net/application-configuration
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A simple implementation that writes data using System.Diagnostics.Trace.
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+
+
+ This API is experimental and it may change in future versions of the library without an major version increment
+
+
+
+ Contains the results of one token acquisition operation in
+ or ConfidentialClientApplication. For details see https://aka.ms/msal-net-authenticationresult
+
+
+
+
+ Constructor meant to help application developers test their apps. Allows mocking of authentication flows.
+ App developers should never new-up in product code.
+
+ Access Token that can be used as a bearer token to access protected web APIs
+ Account information
+ Expiry date-time for the access token
+ See
+ ID token
+ See
+ Granted scope values as returned by the service
+ Identifier for the Azure AD tenant from which the token was acquired. Can be null
+ Unique Id of the account. It can be null. When the is not null, this is its ID, that is its ObjectId claim, or if that claim is null, the Subject claim.
+ The correlation id of the authentication request
+ The token type, defaults to Bearer. Note: this property is experimental and may change in future versions of the library.
+ Contains metadata related to the Authentication Result.
+
+
+
+ Constructor meant to help application developers test their apps. Allows mocking of authentication flows.
+ App developers should never new-up in product code.
+
+ Access Token that can be used as a bearer token to access protected web APIs
+ Account information
+ Expiry date-time for the access token
+ See
+ ID token
+ See
+ Granted scope values as returned by the service
+ Identifier for the Azure AD tenant from which the token was acquired. Can be null
+ Unique Id of the account. It can be null. When the is not null, this is its ID, that is its ObjectId claim, or if that claim is null, the Subject claim.
+ The correlation id of the authentication request
+ Contains metadata related to the Authentication Result.
+ The token type, defaults to Bearer. Note: this property is experimental and may change in future versions of the library.
+ For backwards compatibility with MSAL 4.17-4.20
+
+
+
+ Access Token that can be used as a bearer token to access protected web APIs
+
+
+
+
+ In case when Azure AD has an outage, to be more resilient, it can return tokens with
+ an expiration time, and also with an extended expiration time.
+ The tokens are then automatically refreshed by MSAL when the time is more than the
+ expiration time, except when ExtendedLifeTimeEnabled is true and the time is less
+ than the extended expiration time. This goes in pair with Web APIs middleware which,
+ when this extended life time is enabled, can accept slightly expired tokens.
+ Client applications accept extended life time tokens only if
+ the ExtendedLifeTimeEnabled Boolean is set to true on ClientApplicationBase.
+
+
+
+
+ Gets the Unique Id of the account. It can be null. When the is not null, this is its ID, that
+ is its ObjectId claim, or if that claim is null, the Subject claim.
+
+
+
+
+ Gets the point in time in which the Access Token returned in the property ceases to be valid.
+ This value is calculated based on current UTC time measured locally and the value expiresIn received from the
+ service.
+
+
+
+
+ Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in MSAL's extended LifeTime.
+ This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service.
+
+
+
+
+ Gets an identifier for the Azure AD tenant from which the token was acquired. This property will be null if tenant information is
+ not returned by the service.
+
+
+
+
+ Gets the account information. Some elements in might be null if not returned by the
+ service. The account can be passed back in some API overloads to identify which account should be used such
+ as or
+ for instance
+
+
+
+
+ Gets the Id Token if returned by the service or null if no Id Token is returned.
+
+
+
+
+ Gets the granted scope values returned by the service.
+
+
+
+
+ Gets the correlation id used for the request.
+
+
+
+
+ Identifies the type of access token. By default tokens returned by Azure Active Directory are Bearer tokens.
+ for getting an HTTP authorization header from an AuthenticationResult.
+
+
+
+
+ Contains metadata for the Authentication result.
+
+
+
+
+ Creates the content for an HTTP authorization header from this authentication result, so
+ that you can call a protected API
+
+ Created authorization header of the form "Bearer {AccessToken}"
+
+ Here is how you can call a protected API from this authentication result (in the result
+ variable):
+
+ HttpClient client = new HttpClient();
+ client.DefaultRequestHeaders.Add("Authorization", result.CreateAuthorizationHeader());
+ HttpResponseMessage r = await client.GetAsync(urlOfTheProtectedApi);
+
+
+
+
+
+ In MSAL.NET 1.x, returned the user who signed in to get the authentication result. From MSAL 2.x
+ rather use instead. See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ Contains metadata of the authentication result.
+
+
+
+
+ Constructor for the class AuthenticationResultMetadata
+ The token source.
+
+
+
+
+ The source of the token in the result.
+
+
+
+
+ For backwards compatibility reasons, keep the cache key unchanged for Bearer and SSH tokens.
+ For PoP and future tokens, the cache should support both several types of tokens for the same scope (e.g. PoP and Bearer)
+
+
+
+
+
+
+ Used to modify the experience depending on the type of token asked.
+
+
+
+
+ Prefix for the HTTP header that has the token. E.g. "Bearer" or "POP"
+
+
+
+
+ Extra parameters that are added to the request to the /token endpoint.
+
+ Name and values of params
+
+
+
+ Key ID of the public / private key pair used by the encryption algorithm, if any.
+ Tokens obtained by authentication schemes that use this are bound to the KeyId, i.e.
+ if a different kid is presented, the access token cannot be used.
+
+
+
+
+ Creates the access token that goes into an Authorization HTTP header.
+
+
+
+
+ Expected to match the token_type parameter returned by ESTS. Used to disambiguate
+ between ATs of different types (e.g. Bearer and PoP) when loading from cache etc.
+
+
+
+
+ The default implementation will store a key in memory
+
+
+
+
+ Creates the canonical representation of the JWK. See https://tools.ietf.org/html/rfc7638#section-3.
+ The number of parameters as well as the lexicographic order is important, as this string will be hashed to get a thumbprint.
+
+
+
+
+ An abstraction over an the asymmetric key operations needed by POP, that encapsulates a pair of
+ public and private keys and some typical crypto operations.
+ All symmetric operations are SHA256.
+
+
+ Important: The 2 methods on this interface will be called at different times but MUST return details of
+ the same private / public key pair, i.e. do not change to a different key pair mid way. Best to have this class immutable.
+
+ Ideally there should be a single public / private key pair associated with a machine, so implementers of this interface
+ should consider exposing a singleton.
+
+
+
+
+ The canonical representation of the JWK. See https://tools.ietf.org/html/rfc7638#section-3
+
+
+
+
+ Algorithm used to sign proof of possession request.
+ See https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys#signverify for ECD
+ See https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys#signverify-1 for RSA
+
+
+
+
+ Signs the byte array using the private key
+
+
+
+
+ Names for Json Web Key Values
+
+
+
+
+ Constants for JsonWebAlgorithms "kty" Key Type (sec 6.1)
+ http://tools.ietf.org/html/rfc7518#section-6.1
+
+
+
+
+ Creates POP tokens, i.e. tokens that are bound to an HTTP request and are digitally signed.
+
+
+ Currently the signing credential algorithm is hard-coded to RSA with SHA256. Extensibility should be done
+ by integrating Wilson's SigningCredentials
+
+
+
+
+ For PoP, we chose to use the base64(jwk_thumbprint)
+
+
+
+
+ A key ID that uniquely describes a public / private key pair. While KeyID is not normally
+ strict, AAD support for PoP requires that we use the base64 encoded JWK thumbprint, as described by
+ https://tools.ietf.org/html/rfc7638
+
+
+
+
+ Creates a JWS (json web signature) as per: https://tools.ietf.org/html/rfc7515
+ Format: header.payload.signed_payload
+
+
+
+
+ Access token with response cnf
+ https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
+
+
+
+
+ Http method (GET or POST)
+ https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
+
+
+
+
+ Timestamp
+ https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
+
+
+
+
+ Uri host
+ https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
+
+
+
+
+ Uri path
+ https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
+
+
+
+
+ Uri path
+ https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
+
+
+
+
+ Confirmation claim. By including this in a JWT, the issuer states that the presenter
+ possesses a particular key (i.e. the private key) and that the recepient can confirm this
+ cryptographycally.
+ https://tools.ietf.org/html/rfc7800
+
+
+
+
+ Also part of the confirmation claim.
+
+
+
+
+ Non-standard claim representing a nonce that protects against replay attacks.
+
+
+
+
+ This factory ensures key rotation every 8h
+
+
+
+
+ Contains the results of an ADAL token acquisition. Access Tokens from ADAL are not compatible
+ with MSAL, only Refresh Tokens are.
+
+
+
+
+ Gets user information including user Id. Some elements in UserInfo might be null if not returned by the service.
+
+
+
+
+ Gets the Refresh Token associated with the requested Access Token. Note: not all operations will return a Refresh Token.
+
+
+
+
+ Gets a value indicating whether the refresh token can be used for requesting access token for other resources.
+
+
+
+
+ Serializes the object to a JSON string
+
+ Deserialized authentication result
+
+
+
+ Serializes the object to a JSON string
+
+ Serialized authentication result
+
+
+
+ Determines what type of subject the token was issued for.
+
+
+
+
+ User
+
+
+
+
+ Client
+
+
+
+
+ UserPlusClient: This is for confidential clients used in middle tier.
+
+
+
+
+ can be used with Linq to access items from the TokenCache dictionary.
+
+
+
+
+ For the purposes of MSAL, the resource is irrelevant, since only RTs can be migrated.
+
+
+
+
+ Determines whether the specified object is equal to the current object.
+
+
+ true if the specified object is equal to the current object; otherwise, false.
+
+ The object to compare with the current object. 2
+
+
+
+ Determines whether the specified TokenCacheKey is equal to the current object.
+
+
+ true if the specified TokenCacheKey is equal to the current object; otherwise, false.
+
+ The TokenCacheKey to compare with the current object. 2
+
+
+
+ Returns the hash code for this TokenCacheKey.
+
+
+ A 32-bit signed integer hash code.
+
+
+
+
+ Contains information of a single user. This information is used for token cache lookup. Also if created with userId, userId is sent to the service when login_hint is accepted.
+
+
+
+
+ Create user information for token cache lookup
+
+
+
+
+ Create user information copied from another UserInfo object
+
+
+
+
+ Gets identifier of the user authenticated during token acquisition.
+
+
+
+
+ Gets a displayable value in UserPrincipalName (UPN) format. The value can be null.
+
+
+
+
+ Gets given name of the user if provided by the service. If not, the value is null.
+
+
+
+
+ Gets family name of the user if provided by the service. If not, the value is null.
+
+
+
+
+ Gets the time when the password expires. Default value is 0.
+
+
+
+
+ Gets the URL where the user can change the expiring password. The value can be null.
+
+
+
+
+ Gets identity provider if returned by the service. If not, the value is null.
+
+
+
+
+ Data class, common to ADAL.NET and MSAL.NET V2 used for the token cache serialization
+ in a dual format: the ADAL V3 cache format, and the new unified cache format, common
+ to ADAL.NET 4.x, MSAL.NET 2.x and other libraries in the same Operating System
+ (for instance ADAL and MSAL for objective C in iOS)
+
+
+
+
+ Array of bytes containing the serialized cache in ADAL.NET V3 format
+
+
+
+
+ Array of bytes containing the serialized MSAL.NET V2 cache
+
+
+
+
+ Returns a tuple where
+
+ Item1 is a map of ClientInfo -> AdalUserInfo for those users that have ClientInfo
+ Item2 is a list of AdalUserInfo for those users that do not have ClientInfo
+
+
+
+
+ Algorithm to delete:
+
+ DisplayableId cannot be null
+ Removal is scoped by environment and clientId;
+
+ If accountId != null then delete everything with the same clientInfo
+ otherwise, delete everything with the same displayableId
+
+ Notes:
+ - displayableId can change rarely
+ - ClientCredential Grant uses the app token cache, not the user token cache, so this algorithm does not apply
+ (nor will GetAccounts / RemoveAccount work)
+
+
+
+
+
+ MSAL should only interact with the cache though this object. It is responsible for firing cache notifications.
+ Flows should only perform (at most) 2 cache accesses: one to read data and one to write tokens. Reading data multiple times
+ (e.g. read all ATs, read all RTs) should not refresh the cache from disk because of performance impact.
+ Write operations are still the responsibility of TokenCache.
+
+
+
+
+ Possibly refreshes the internal cache by calling OnBeforeAccessAsync and OnAfterAccessAsync delegates.
+
+
+
+
+ Used when the token is bound to a public / private key pair which is identified by a key id (kid).
+ Currently used by PoP tokens
+
+
+
+
+ If set, AT should be refreshed earlier to make sure the token cache
+ always has ATs with a long life.
+
+
+
+
+ Example account json:
+
+ "authority_type":"MSSTS",
+ "client_info":"",
+ "environment":"login.windows.net",
+ "family_name":"",
+ "given_name":"Some Name",
+ "home_account_id":"69c374a4-1df6-46f8-b83a-a2fcd8823ee2.49f548d0-12b7-4169-a390-bb5304d24462",
+ "local_account_id":"69c374a4-1df6-46f8-b83a-a2fcd8823ee2",
+ "middle_name":"",
+ "name":"Some Name",
+ "realm":"49f548d0-12b7-4169-a390-bb5304d24462",
+ "username":"subzero@bogavrilltd.onmicrosoft.com",
+ "wam_account_ids":"{\"00000000480FA373\":\"ob7b8h79td9gs6hfqoh2r37m\",\"4b0db8c2-9f26-4417-8bde-3f0e3656f8e0\":\"ob7b8h79td9gs6hfqoh2r37m\"}"
+
+
+
+
+
+ WAM special implementation: MSA accounts (and also AAD accounts on UWP) cannot be discovered through WAM
+ however the broker offers an interactive experience for the user to login, even with an MSA account.
+ After an interactive login, MSAL must be able to silently login the MSA user. To do this, MSAL must save the
+ account ID in its token cache. Accounts with associated WAM account ID can be used in silent WAM flows.
+
+
+
+
+ Apps shouldn't rely on its presence, unless the app itself wrote it. It means that SDK should translate absence of app metadata to the default values of its required fields.
+ Other apps that don't support app metadata should never remove existing app metadata.
+ App metadata is a non-removable entity.It means there's no need for a public API to remove app metadata, and it shouldn't be removed when removeAccount is called.
+ App metadata is a non-secret entity. It means that it cannot store any secret information, like tokens, nor PII, like username etc.
+ App metadata can be extended by adding additional fields when required.Absense of any non-required field should translate to default values for those field.
+
+
+
+ mandatory
+
+
+ mandatory
+
+
+
+ The family id of which this application is part of. This is an internal feature and there is currently a single app,
+ with id 1. If familyId is empty, it means an app is not part of a family. A missing entry means unknown status.
+
+
+
+
+ Important: order matters. This MUST be the last one called since it will extract the
+ remaining fields out.
+
+
+
+
+ Optional. A value here means the token in an FRT.
+
+
+
+
+ Family Refresh Tokens, can be used for all clients part of the family
+
+
+
+
+ An object representing the key of the token cache AT dictionary. The
+ format of the key is not important for this library, as long as it is unique.
+
+ The format of the key is platform dependent
+
+
+
+ An object representing the key of the token cache Account dictionary. The
+ format of the key is not important for this library, as long as it is unique.
+
+
+
+
+ App metadata is an optional entity in cache and can be used by apps to store additional metadata applicable to a particular client.
+
+
+
+
+ Ex: appmetadata-login.microsoftonline.com-b6c69a37-df96-4db0-9088-2ab96e1d8215
+
+
+
+
+
+ An object representing the key of the token cache Id Token dictionary. The
+ format of the key is not important for this library, as long as it is unique.
+
+
+
+
+ An object representing the key of the token cache RT dictionary. The
+ format of the key is not important for this library, as long as it is unique.
+
+
+ Normal RTs are scoped by env, account_id and clientID
+ FRTs are scoped by env, account_id and familyID (clientID exists, but is irrelevant)
+
+
+
+
+ Constructor
+
+
+
+
+ Can be null or empty, denoting a normal RT. A value signifies an FRT.
+
+
+
+ The dictionary serializer does not handle unknown nodes.
+
+
+
+
+ Abstract class containing common API methods and properties. Both and
+ ConfidentialClientApplication
+ extend this class. For details see https://aka.ms/msal-net-client-applications
+
+
+ Abstract class containing common API methods and properties. Both and
+ extend this class. For details see https://aka.ms/msal-net-client-applications
+
+
+
+
+ Default Authority used for interactive calls.
+
+
+
+
+ Details on the configuration of the ClientApplication for debugging purposes.
+
+
+
+
+ Gets the URL of the authority, or security token service (STS) from which MSAL.NET will acquire security tokens
+ The return value of this property is either the value provided by the developer in the constructor of the application, or otherwise
+ the value of the static member (that is https://login.microsoftonline.com/common/)
+
+
+
+
+ User token cache. This case holds id tokens, access tokens and refresh tokens for accounts. It's used
+ and updated silently if needed when calling
+ or one of the overrides of .
+ It is updated by each AcquireTokenXXX method, with the exception of AcquireTokenForClient which only uses the application
+ cache (see IConfidentialClientApplication).
+
+ On .NET Framework and .NET Core you can also customize the token cache serialization.
+ See https://aka.ms/msal-net-token-cache-serialization. This is taken care of by MSAL.NET on other platforms.
+
+
+
+
+ Returns all the available accounts in the user token cache for the application.
+
+
+
+
+ Get the collection by its identifier among the accounts available in the token cache,
+ based on the user flow. This is for Azure AD B2C scenarios.
+
+ The identifier is the user flow being targeted by the specific B2C authority/>.
+
+
+
+
+ Get the by its identifier among the accounts available in the token cache.
+
+ Account identifier. The identifier is typically the
+ value of the property of .
+ You typically get the account id from an by using the property>
+
+
+
+
+ Removes all tokens in the cache for the specified account.
+
+ Instance of the account that needs to be removed
+
+
+
+ [V3 API] Attempts to acquire an access token for the from the user token cache.
+ See https://aka.ms/msal-net-acquiretokensilent for more details
+
+ Scopes requested to access a protected API
+ Account for which the token is requested.
+ An used to build the token request, adding optional
+ parameters
+ will be thrown in the case where an interaction is required with the end user of the application,
+ for instance, if no refresh token was in the cache, or the user needs to consent, or re-sign-in (for instance if the password expired),
+ or the user needs to perform two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes. This means that an access token with more scopes than
+ requested could be returned. If the access token is expired or close to expiration - within a 5 minute window -
+ then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+
+ You can set additional parameters by chaining the builder with:
+ or one of its
+ overrides to request a token for a different authority than the one set at the application construction
+ to bypass the user token cache and
+ force refreshing the token, as well as
+ to
+ specify extra query parameters
+
+
+
+
+
+ [V3 API] Attempts to acquire an access token for the
+ having the match the given , from the user token cache.
+ See https://aka.ms/msal-net-acquiretokensilent for more details
+
+ Scopes requested to access a protected API
+ Typically the username, in UPN format, e.g. johnd@contoso.com
+ An used to build the token request, adding optional
+ parameters
+ will be thrown in the case where an interaction is required with the end user of the application,
+ for instance, if no refresh token was in the cache, or the user needs to consent, or re-sign-in (for instance if the password expired),
+ or the user needs to perform two factor authentication
+
+ If multiple match the , or if there are no matches, an exception is thrown.
+
+ The access token is considered a match if it contains at least all the requested scopes. This means that an access token with more scopes than
+ requested could be returned. If the access token is expired or close to expiration - within a 5 minute window -
+ then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+
+ You can set additional parameters by chaining the builder with:
+ or one of its
+ overrides to request a token for a different authority than the one set at the application construction
+ to bypass the user token cache and
+ force refreshing the token, as well as
+ to
+ specify extra query parameters
+
+
+
+
+
+ In MSAL 1.x returned an enumeration of . From MSAL 2.x, use instead.
+ See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ In MSAL 1.x, return a user from its identifier. From MSAL 2.x, use instead.
+ See https://aka.ms/msal-net-2-released for more details.
+
+ Identifier of the user to retrieve
+ the user in the cache with the identifier passed as an argument
+
+
+
+ In MSAL 1.x removed a user from the cache. From MSAL 2.x, use instead.
+ See https://aka.ms/msal-net-2-released for more details.
+
+ User to remove from the cache
+
+
+
+ Identifier of the component (libraries/SDK) consuming MSAL.NET.
+ This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries.
+
+
+
+
+ Sets or Gets a custom query parameters that may be sent to the STS for dogfood testing or debugging. This is a string of segments
+ of the form key=value separated by an ampersand character.
+ Unless requested otherwise, this parameter should not be set by application developers as it may have adverse effect on the application.
+
+
+
+
+ Gets/sets a boolean value telling the application if the authority needs to be verified against a list of known authorities. The default
+ value is true. It should currently be set to false for Azure AD B2C authorities as those are customer specific
+ (a list of known B2C authorities cannot be maintained by MSAL.NET). This property can be set just after the construction of the application
+ and before an operation acquiring a token or interacting with the STS.
+
+
+
+
+ The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens.
+ This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app).
+ In MSAL.NET, define the following default RedirectUri values:
+
+ https://login.microsoftonline.com/common/oauth2/nativeclient for desktop (.NET Framework and .NET Core) applications
+ msal{ClientId} for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these
+ platforms to call back the application)
+
+
+ These default URIs could change in the future.
+ In Microsoft.Identity.Client.ConfidentialClientApplication, this can be the URL of the web application / web API.
+
+ This is especially important when you deploy an application that you have initially tested locally;
+ you then need to add the reply URL of the deployed application in the application registration portal
+
+
+
+ Gets the Client ID (also known as Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)
+ and as passed in the constructor of the application
+
+
+
+
+ [V2 API] Attempts to acquire an access token for the from the user token cache, with advanced parameters controlling network call.
+
+ Scopes requested to access a protected API
+ Account for which the token is requested.
+ Specific authority for which the token is requested. Passing a different value than configured in the application constructor
+ narrows down the selection to a specific tenant. This does not change the configured value in the application. This is specific
+ to applications managing several accounts (like a mail client with several mailboxes)
+ If true, ignore any access token in the cache and attempt to acquire new access token
+ using the refresh token for the account if this one is available. This can be useful in the case when the application developer wants to make
+ sure that conditional access policies are applied immediately, rather than after the expiration of the access token
+ An containing the requested access token
+ can be thrown in the case where an interaction is required with the end user of the application,
+ for instance, if no refresh token was in the cache,a or the user needs to consent, or re-sign-in (for instance if the password expired),
+ or performs two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes. This means that an access token with more scopes than
+ requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window),
+ then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+
+ See https://aka.ms/msal-net-acquiretokensilent for more details
+
+
+
+
+ [V2 API] Attempts to acquire an access token for the from the user token cache.
+
+ Scopes requested to access a protected API
+ Account for which the token is requested.
+ An containing the requested token
+ can be thrown in the case where an interaction is required with the end user of the application,
+ for instance so that the user consents, or re-signs-in (for instance if the password expired), or performs two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes.
+ This means that an access token with more scopes than requested could be returned as well. If the access token is expired or
+ close to expiration (within a 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+
+ See https://aka.ms/msal-net-acquiretokensilent for more details
+
+
+
+
+ Class to be used for confidential client applications (web apps, web APIs, and daemon applications).
+
+
+ Confidential client applications are typically applications which run on servers (web apps, web API, or even service/daemon applications).
+ They are considered difficult to access, and therefore capable of keeping an application secret (hold configuration
+ time secrets as these values would be difficult for end users to extract).
+ A web app is the most common confidential client. The clientId is exposed through the web browser, but the secret is passed only in the back channel
+ and never directly exposed. For details see https://aka.ms/msal-net-client-applications
+
+
+
+
+ Instructs MSAL to try to auto discover the Azure region.
+
+
+
+
+ Acquires a security token from the authority configured in the app using the authorization code
+ previously received from the STS.
+ It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code).
+ It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users,
+ and can request an authorization code.
+ This method does not lookup the token cache, but stores the result in it, so it can be looked up
+ using other methods such as .
+
+ Scopes requested to access a protected API
+ The authorization code received from the service authorization endpoint.
+ A builder enabling you to add optional parameters before executing the token request
+ You can set optional parameters by chaining the builder with:
+ ,
+ ,
+
+
+
+
+ Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
+ using the client credentials flow. See https://aka.ms/msal-net-client-credentials.
+
+ scopes requested to access a protected API. For this flow (client credentials), the scopes
+ should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default or, for Microsoft
+ Graph, https://graph.microsoft.com/.default as the requested scopes are defined statically with the application registration
+ in the portal, and cannot be overriden in the application.
+ A builder enabling you to add optional parameters before executing the token request
+ You can also chain the following optional parameters:
+
+
+
+
+
+
+ Acquires an access token for this application (usually a Web API) from the authority configured in the application,
+ in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
+ See https://aka.ms/msal-net-on-behalf-of.
+ This confidential client application was itself called with a token which will be provided in the
+ userAssertion parameter.
+
+ Scopes requested to access a protected API
+ Instance of containing credential information about
+ the user on behalf of whom to get a token.
+ A builder enabling you to add optional parameters before executing the token request
+ You can also chain the following optional parameters:
+
+
+
+
+
+ Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
+ the user's name. The URL targets the /authorize endpoint of the authority configured in the application.
+ This override enables you to specify a login hint and extra query parameter.
+
+ Scopes requested to access a protected API
+ A builder enabling you to add optional parameters before executing the token request to get the
+ URL of the STS authorization endpoint parametrized with the parameters
+ You can also chain the following optional parameters:
+
+
+
+
+
+
+
+
+ Application token cache. This case holds access tokens and refresh tokens for the application. It's maintained
+ and updated silently if needed when calling
+
+ On .NET Framework and .NET Core you can also customize the token cache serialization.
+ See https://aka.ms/msal-net-token-cache-serialization. This is taken care of by MSAL.NET on other platforms
+
+
+
+
+ The certificate used to create this , if any.
+
+
+
+
+ [V2 API] Constructor for a confidential client application requesting tokens with the default authority ()
+
+ Client ID (also known as App ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED
+ URL where the STS will call back the application with the security token. REQUIRED
+ Credential, previously shared with Azure AD during the application registration and proving the identity
+ of the application. An instance of can be created either from an application secret, or a certificate. REQUIRED.
+ Token cache for saving user tokens. Can be set to null if the confidential client
+ application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users).
+ Otherwise should be provided. REQUIRED
+ Token cache for saving application (that is client token). Can be set to null except if the application
+ uses the client credentials grants
+
+ See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications)
+ Client credential grants are overrides of
+
+ See also for the V3 API way of building a confidential client application
+ with a builder pattern. It offers building the application from configuration options, and a more fluid way of providing parameters.
+
+ which
+ enables app developers to specify the authority
+
+
+
+ [V2 API] Constructor for a confidential client application requesting tokens with a specified authority
+
+ Client ID (also named Application ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED
+ Authority of the security token service (STS) from which MSAL.NET will acquire the tokens.
+ Usual authorities are:
+
+ https://login.microsoftonline.com/tenant/, where tenant is the tenant ID of the Azure AD tenant
+ or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only
+ https://login.microsoftonline.com/common/ to sign-in users with any work and school accounts or Microsoft personal accounts
+ https://login.microsoftonline.com/organizations/ to sign-in users with any work and school accounts
+ https://login.microsoftonline.com/consumers/ to sign-in users with only personal Microsoft accounts(live)
+
+ Note that this setting needs to be consistent with what is declared in the application registration portal
+
+ URL where the STS will call back the application with the security token. REQUIRED
+ Credential, previously shared with Azure AD during the application registration and proving the identity
+ of the application. An instance of can be created either from an application secret, or a certificate. REQUIRED.
+ Token cache for saving user tokens. Can be set to null if the confidential client
+ application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users).
+ Otherwise should be provided. REQUIRED
+ Token cache for saving application (that is client token). Can be set to null except if the application
+ uses the client credentials grants
+
+ See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications)
+ Client credential grants are overrides of
+
+ See also for the V3 API way of building a confidential client application
+ with a builder pattern. It offers building the application from configuration options, and a more fluid way of providing parameters.
+
+ which
+ enables app developers to create a confidential client application requesting tokens with the default authority.
+
+
+
+ [V2 API] Acquires an access token for this application (usually a web API) from the authority configured in the application, in order to access
+ another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of).
+ This confidential client application was itself called with a token which will be provided in the
+ userAssertion parameter.
+
+ Scopes requested to access a protected API
+ Instance of containing credential information about
+ the user on behalf of whom to get a token.
+ Authentication result containing a token for the requested scopes and account
+ for the on-behalf-of flow when specifying the authority
+ which is the corresponding V3 API.
+
+
+
+ [V2 API] Acquires an access token for this application (usually a web API) from a specific authority, in order to access
+ another downstream protected web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of).
+ This confidential client application was itself called with a token which will be provided in the
+ userAssertion parameter.
+
+ Scopes requested to access a protected API
+ Instance of containing credential information about
+ the user on behalf of whom to get a token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing a token for the requested scopes and account
+ for the on-behalf-of flow without specifying the authority
+ which is the corresponding V3 API.
+
+
+
+ [V2 API] Acquires an access token for this application (usually a web API) from the authority configured in the application, in order to access
+ another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of).
+ This confidential client application was itself called with a token which will be provided in the
+ userAssertion parameter.
+ This override sends the certificate, which helps certificate rotation in Azure AD
+
+ Scopes requested to access a protected API
+ Instance of containing credential information about
+ the user on behalf of whom to get a token.
+ Authentication result containing a token for the requested scopes and account
+ which is the corresponding V3 API
+
+
+
+ [V2 API] Acquires an access token for this application (usually a web API) from a specific authority, in order to access
+ another downstream protected web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of).
+ This confidential client application was itself called with a token which will be provided in the
+ This override sends the certificate, which helps certificate rotation in Azure AD
+ userAssertion parameter.
+
+ Scopes requested to access a protected API
+ Instance of containing credential information about
+ the user on behalf of whom to get a token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing a token for the requested scopes and account
+ which is the corresponding V3 API
+
+
+
+ [V2 API] Acquires a security token from the authority configured in the app using the authorization code previously received from the STS. It uses
+ the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code).
+ It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users, and therefore receive an authorization code.
+ This method does not lookup the token cache, but stores the result in it, so it can be looked up using other methods
+ such as .
+
+ The authorization code received from service authorization endpoint.
+ Scopes requested to access a protected API
+ Authentication result containing token of the user for the requested scopes
+ which is the corresponding V2 API
+
+
+
+ [V3 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
+ using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
+
+ scopes requested to access a protected API. For this flow (client credentials), the scopes
+ should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default or, for Microsoft
+ Graph, https://graph.microsoft.com/.default as the requested scopes are really defined statically at application registration
+ in the portal, and cannot be overridden in the application. See also
+ Authentication result containing the token of the user for the requested scopes
+
+
+
+ [V2 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
+ using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
+
+ Scopes requested to access a protected API. For this flow (client credentials), the scopes
+ should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default or, for Microsoft
+ Graph, https://graph.microsoft.com/.default as the requested scopes are really defined statically at application registration
+ in the portal, and cannot be overridden in the application
+ If true, API will ignore the access token in the cache and attempt to acquire new access token using client credentials.
+ This override can be used in case the application knows that conditional access policies changed
+ Authentication result containing token of the user for the requested scopes
+ which is the corresponding V3 API
+
+
+
+ [V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
+ This method enables application developers to achieve easy certificate roll-over
+ in Azure AD: this method will send the public certificate to Azure AD
+ along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation)
+
+ Scopes requested to access a protected API
+ Authentication result containing application token for the requested scopes
+ which is the corresponding V3 API
+
+
+
+ [V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
+ This method attempts to look up valid access token in the cache unless is true
+ This method enables application developers to achieve easy certificate roll-over
+ in Azure AD: this method will send the public certificate to Azure AD
+ along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation)
+
+ Scopes requested to access a protected API
+ If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials
+ Authentication result containing application token for the requested scopes
+ which is the corresponding V3 API
+
+
+
+ Acquires an access token from an existing refresh token and stores it and the refresh token into
+ the application user token cache, where it will be available for further AcquireTokenSilentAsync calls.
+ This method can be used in migration to MSAL from ADAL v2 and in various integration
+ scenarios where you have a RefreshToken available.
+ (see https://aka.ms/msal-net-migration-adal2-msal2)
+
+ Scope to request from the token endpoint.
+ Setting this to null or empty will request an access token, refresh token and ID token with default scopes
+ The refresh token (for example previously obtained from ADAL 2.x)
+
+
+
+ [V2 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
+ the user's name. The URL targets the /authorize endpoint of the authority configured in the application.
+ This override enables you to specify a login hint and extra query parameter.
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally a UPN. This can be empty
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ URL of the authorize endpoint including the query parameters.
+ which is the corresponding V3 API
+
+
+
+ [V2 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
+ the user's name. The URL targets the /authorize endpoint of the authority specified as the parameter.
+ This override enables you to specify a redirectUri, login hint extra query parameters, extra scope to consent (which are not for the
+ same resource as the ), and an authority.
+
+ Scopes requested to access a protected API (a resource)
+ Address to return to upon receiving a response from the authority.
+ Identifier of the user. Generally a UPN.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Scopes for additional resources (other than the resource for which are requested),
+ which a developer can request the user to consent to upfront.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ URL of the authorize endpoint including the query parameters.
+ which is the corresponding V3 API
+
+
+
+ This object is returned as part of the device code flow
+ and has information intended to be shown to the user about
+ where to navigate to login and what the device code needs
+ to be entered on that device.
+ See https://aka.ms/msal-device-code-flow.
+
+ and
+ the other overrides
+
+
+
+
+ User code returned by the service
+
+
+
+
+ Device code returned by the service
+
+
+
+
+ Verification URL where the user must navigate to authenticate using the device code and credentials.
+
+
+
+
+ Time when the device code will expire.
+
+
+
+
+ Polling interval time to check for completion of authentication flow.
+
+
+
+
+ User friendly text response that can be used for display purpose.
+
+
+
+
+ Identifier of the client requesting device code.
+
+
+
+
+ List of the scopes that would be held by token.
+
+
+
+
+
+
+
+
+ Extension method enabling MSAL.NET extenders for public client applications to set a custom web UI
+ that will let the user sign-in with Azure AD, present consent if needed, and get back the authorization
+ code
+
+ Builder for an AcquireTokenInteractive
+ Customer implementation for the Web UI
+ the builder to be able to chain .With methods
+
+
+
+ Interface that an MSAL.NET extender can implement to provide their own web UI in public client applications
+ to sign-in user and have them consented part of the Authorization code flow.
+ MSAL.NET provides an embedded web view for Windows and Mac, but there are other scenarios not yet supported.
+ This extensibility point enables them to provide such UI in a secure way
+
+
+
+
+ Method called by MSAL.NET to delegate the authentication code web with the Secure Token Service (STS)
+
+ URI computed by MSAL.NET that will let the UI extension
+ navigate to the STS authorization endpoint in order to sign-in the user and have them consent
+
+ The redirect URI that was configured. The auth code will be appended to this redirect URI and the browser
+ will redirect to it.
+
+ The cancellation token to which you should respond to.
+ See https://docs.microsoft.com/en-us/dotnet/standard/parallel-programming/task-cancellation for details.
+
+ The URI returned back from the STS authorization endpoint. This URI contains a code=CODE
+ parameters that MSAL.NET will extract and redeem.
+
+
+ The authorizationUri"/> is crafted to
+ leverage PKCE in order to protect the token from a man in the middle attack.
+ Only MSAL.NET can redeem the code.
+
+ In the event of cancellation, the implementer should return OperationCanceledException.
+
+
+
+
+ Extensions that add support for SSH certificates
+
+
+
+
+ Instructs AAD to return an SSH certificate instead of a Bearer token. The SSH certificate
+ (not the same as public / private key pair used by SSH), can be used to securely deploy
+ a public SSH key to a machine. See https://aka.ms/msal-net-ssh for details.
+
+ Interactive authentication builder
+ The public SSH key in JWK format (https://tools.ietf.org/html/rfc7517).
+ Currently only RSA is supported, and the JWK should contain only the RSA modulus and exponent
+ A key identifier, it can be in any format. Used to distinguish between
+ different keys when fetching an SSH certificate from the token cache.
+
+
+
+ Instructs AAD to return an SSH certificate instead of a Bearer token. Attempts to retrieve
+ the certificate from the token cache, and if one is not found, attempts to acquire one silently,
+ using the refresh token. See https://aka.ms/msal-net-ssh for details.
+
+
+ The same keyID must be used to distinguish between various
+
+ Silent authentication builder
+ The public SSH key in JWK format (https://tools.ietf.org/html/rfc7517).
+ Currently only RSA is supported, and the JWK should contain only the RSA modulus and exponent
+
+
+
+
+
+ We invoke this class from different threads and they all use the same HttpClient.
+ To prevent race conditions, make sure you do not get / set anything on HttpClient itself,
+ instead rely on HttpRequest objects which are thread specific.
+
+ In particular, do not change any properties on HttpClient such as BaseAddress, buffer sizes and Timeout. You should
+ also not access DefaultRequestHeaders because the getters are not thread safe (use HttpRequestMessage.Headers instead).
+
+
+
+
+ Performs the POST request just like
+ but does not throw a ServiceUnavailable service exception. Instead, it returns the associated
+ with the request.
+
+
+
+
+ Check common redirect URI problems.
+ Optionally check that the redirect URI is not the OAuth2 standard redirect URI https://login.microsoftonline.com/common/oauth2/nativeclientb
+ when using a system browser, because the browser cannot redirect back to the app.
+
+
+
+
+ The IAccount interface represents information about a single account.
+ The same user can be present in different tenants, that is, a user can have multiple accounts.
+ An IAccount is returned in the . property, and can be used as parameters
+ of PublicClientApplication and ConfidentialClientApplication methods acquiring tokens such as
+
+
+
+
+ Gets a string containing the displayable value in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com.
+ This can be null.
+
+ This property replaces the DisplayableId property of IUser in previous versions of MSAL.NET
+
+
+
+ Gets a string containing the identity provider for this account, e.g. login.microsoftonline.com.
+
+ This property replaces the IdentityProvider property of IUser in previous versions of MSAL.NET
+ except that IdentityProvider was a URL with information about the tenant (in addition to the cloud environment), whereas Environment is only the
+
+
+
+ AccountId of the home account for the user. This uniquely identifies the user across AAD tenants.
+
+ Can be null, for example if this account was migrated to MSAL.NET from ADAL.NET v3's token cache
+
+
+
+
+
+
+
+
+ Acquires an access token from an existing refresh token and stores it, and the refresh token, in
+ the user token cache, where it will be available for further AcquireTokenSilent calls.
+ This method can be used in migration to MSAL from ADAL v2, and in various integration
+ scenarios where you have a RefreshToken available.
+ See https://aka.ms/msal-net-migration-adal2-msal2.
+
+ Scope to request from the token endpoint.
+ Setting this to null or empty will request an access token, refresh token and ID token with default scopes
+ The refresh token from ADAL 2.x
+ A builder enabling you to add optional parameters before executing the token request
+
+
+
+ Acquires an access token from an existing refresh token and stores it and the refresh token into
+ the user token cache, where it will be available for further AcquireTokenSilentAsync calls.
+ This method can be used in migration to MSAL from ADAL v2 and in various integration
+ scenarios where you have a RefreshToken available.
+ (see https://aka.ms/msal-net-migration-adal2-msal2)
+
+ Scope to request from the token endpoint.
+ Setting this to null or empty will request an access token, refresh token and ID token with default scopes
+ The refresh token from ADAL 2.x
+
+
+
+ Abstract class containing common API methods and properties. Both and
+ extend this class. For details see https://aka.ms/msal-net-client-applications.
+
+
+ Interface defining common API methods and properties. Both and
+ extend this class. For details see https://aka.ms/msal-net-client-applications
+
+
+
+
+ Details on the configuration of the ClientApplication for debugging purposes.
+
+
+
+
+ User token cache. This case holds id tokens, access tokens and refresh tokens for accounts. It's used
+ and updated silently if needed when calling
+ It is updated by each AcquireTokenXXX method, with the exception of AcquireTokenForClient which only uses the application
+ cache (see IConfidentialClientApplication).
+
+ On .NET Framework and .NET Core you can also customize the token cache serialization.
+ See https://aka.ms/msal-net-token-cache-serialization. This is taken care of by MSAL.NET on other platforms.
+
+
+
+
+ Gets the URL of the authority, or the security token service (STS) from which MSAL.NET will acquire security tokens.
+ The return value of this property is either the value provided by the developer in the constructor of the application, or otherwise
+ the value of the static member (that is https://login.microsoftonline.com/common/)
+
+
+
+
+ Returns all the available accounts in the user token cache for the application.
+
+
+
+
+ Get the by its identifier among the accounts available in the token cache.
+
+ Account identifier. The value of the identifier will probably have been stored value from the
+ value of the property of .
+ You typically get the account id from an by using the property>
+
+
+
+ Get the collection by its identifier among the accounts available in the token cache,
+ based on the user flow. This is for Azure AD B2C scenarios.
+
+ The identifier is the user flow being targeted by the specific B2C authority/>.
+
+
+
+
+ Attempts to acquire an access token for the from the user token cache,
+ with advanced parameters controlling the network call. See https://aka.ms/msal-net-acquiretokensilent for more details
+
+ Scopes requested to access a protected API
+ Account for which the token is requested.
+ An used to build the token request, adding optional
+ parameters
+ will be thrown in the case where an interaction is required with the end user of the application,
+ for instance, if no refresh token was in the cache,a or the user needs to consent, or re-sign-in (for instance if the password expired),
+ or the user needs to perform two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes. This means that an access token with more scopes than
+ requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window),
+ then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+
+ See also the additional parameters that you can set chain:
+ or one of its
+ overrides to request a token for a different authority than the one set at the application construction
+ to bypass the user token cache and
+ force refreshing the token, as well as
+ to
+ specify extra query parameters
+
+
+
+
+ Attempts to acquire an access token for the from the user token cache,
+ with advanced parameters controlling the network call. See https://aka.ms/msal-net-acquiretokensilent for more details
+
+ Scopes requested to access a protected API
+ Typically the username, in UPN format, e.g. johnd@contoso.com
+ An used to build the token request, adding optional
+ parameters
+ will be thrown in the case where an interaction is required with the end user of the application,
+ for instance, if no refresh token was in the cache,a or the user needs to consent, or re-sign-in (for instance if the password expired),
+ or the user needs to perform two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes. This means that an access token with more scopes than
+ requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window),
+ then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+
+ See also the additional parameters that you can set chain:
+ or one of its
+ overrides to request a token for a different authority than the one set at the application construction
+ to bypass the user token cache and
+ force refreshing the token, as well as
+ to
+ specify extra query parameters
+
+
+
+
+ Removes all tokens in the cache for the specified account.
+
+ instance of the account that needs to be removed
+
+
+
+ In MSAL 1.x returned an enumeration of . From MSAL 2.x, use instead.
+ See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ In MSAL 1.x, return a user from its identifier. From MSAL 2.x, use instead.
+ See https://aka.ms/msal-net-2-released for more details.
+
+ Identifier of the user to retrieve
+ the user in the cache with the identifier passed as an argument
+
+
+
+ In MSAL 1.x removed a user from the cache. From MSAL 2.x, use instead.
+ See https://aka.ms/msal-net-2-released for more details.
+
+ User to remove from the cache
+
+
+
+ Identifier of the component (libraries/SDK) consuming MSAL.NET.
+ This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries.
+
+
+
+
+ Sets or Gets a custom query parameters that may be sent to the STS for dogfood testing or debugging. This is a string of segments
+ of the form key=value separated by an ampersand character.
+ Unless requested otherwise, this parameter should not be set by application developers as it may have adverse effect on the application.
+
+
+
+
+ Gets a boolean value telling the application if the authority needs to be verified against a list of known authorities. The default
+ value is true. It should currently be set to false for Azure AD B2C authorities as those are customer specific
+ (a list of known B2C authorities cannot be maintained by MSAL.NET)
+
+
+
+
+ The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens.
+ This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app)
+ In MSAL.NET, define the following default RedirectUri values:
+
+ urn:ietf:wg:oauth:2.0:oob for desktop (.NET Framework and .NET Core) applications
+ msal{ClientId} for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these
+ platforms to call back the application)
+
+
+ These default URIs could change in the future.
+ In , this can be the URL of the web application / web API.
+
+ This is especially important when you deploy an application that you have initially tested locally;
+ you then need to add the reply URL of the deployed application in the application registration portal.
+
+
+
+
+ Attempts to acquire an access token for the from the user token cache.
+
+ Scopes requested to access a protected API
+ Account for which the token is requested.
+ An containing the requested token
+ can be thrown in the case where an interaction is required with the end user of the application,
+ for instance so that the user consents, or re-signs-in (for instance if the password expirred), or performs two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes.
+ This means that an access token with more scopes than requested could be returned as well. If the access token is expired or
+ close to expiration (within 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+ See https://aka.ms/msal-net-acuiretokensilent for more details
+
+
+
+
+ Attempts to acquire and access token for the from the user token cache, with advanced parameters making a network call.
+
+ Scopes requested to access a protected API
+ Account for which the token is requested.
+ Specific authority for which the token is requested. Passing a different value than configured in the application constructor
+ narrows down the selection of tenants for which to get a tenant, but does not change the configured value
+ If true, the will ignore the access token in the cache and attempt to acquire new access token
+ using the refresh token for the account if this one is available. This can be useful in the case when the application developer wants to make
+ sure that conditional access policies are applies immediately, rather than after the expiration of the access token
+ An containing the requested token
+ can be thrown in the case where an interaction is required with the end user of the application,
+ for instance, if no refresh token was in the cache, or the user needs to consents, or re-sign-in (for instance if the password expirred),
+ or performs two factor authentication
+
+ The access token is considered a match if it contains at least all the requested scopes. This means that an access token with more scopes than
+ requested could be returned as well. If the access token is expired or close to expiration (within 5 minute window),
+ then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
+ See https://aka.ms/msal-net-acquiretokensilent for more details
+
+
+
+
+ Gets the Client ID (also known as Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)
+ and as passed in the constructor of the application.
+
+
+
+
+ Component to be used with confidential client applications like web apps/API.
+
+
+ Component to be used with confidential client applications like web apps/APIs.
+
+
+
+
+ Application token cache. This case holds access tokens and refresh tokens for the application. It's maintained
+ and updated silently if needed when calling
+
+ On .NET Framework and .NET Core you can also customize the token cache serialization.
+ See https://aka.ms/msal-net-token-cache-serialization. This is taken care of by MSAL.NET on other platforms.
+
+
+
+
+ [V3 API] Acquires a security token from the authority configured in the app using the authorization code
+ previously received from the STS.
+ It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code).
+ It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users,
+ and can request an authorization code.
+ This method does not lookup the token cache, but stores the result in it, so it can be looked up
+ using other methods such as .
+
+ Scopes requested to access a protected API
+ The authorization code received from the service authorization endpoint.
+ A builder enabling you to add optional parameters before executing the token request
+ You can set optional parameters by chaining the builder with:
+ ,
+ ,
+
+
+
+
+ [V3 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
+ using the client credentials flow. See https://aka.ms/msal-net-client-credentials.
+
+ scopes requested to access a protected API. For this flow (client credentials), the scopes
+ should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default or, for Microsoft
+ Graph, https://graph.microsoft.com/.default as the requested scopes are really defined statically at application registration
+ in the portal, and cannot be overridden in the application.
+ A builder enabling you to add optional parameters before executing the token request
+ You can also chain the following optional parameters:
+
+
+
+
+
+
+ [V3 API] Acquires an access token for this application (usually a Web API) from the authority configured in the application,
+ in order to access another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
+ See https://aka.ms/msal-net-on-behalf-of.
+ This confidential client application was itself called with a token which will be provided in the
+ userAssertion parameter.
+
+ Scopes requested to access a protected API
+ Instance of containing credential information about
+ the user on behalf of whom to get a token.
+ A builder enabling you to add optional parameters before executing the token request
+ You can also chain the following optional parameters:
+
+
+
+
+
+ [V3 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
+ the user's name. The URL targets the /authorize endpoint of the authority configured in the application.
+ This override enables you to specify a login hint and extra query parameter.
+
+ Scopes requested to access a protected API
+ A builder enabling you to add optional parameters before executing the token request to get the
+ URL of the STS authorization endpoint parameterized with the parameters
+ You can also chain the following optional parameters:
+
+
+
+
+
+
+
+
+
+
+
+ [V3 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
+
+ Array of scopes requested for resource
+ Instance of UserAssertion containing user's token.
+ Authentication result containing token of the user for the requested scopes
+
+
+
+ [V3 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
+
+ Array of scopes requested for resource
+ Instance of UserAssertion containing user's token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing token of the user for the requested scopes
+
+
+
+ [V2 API] Acquires security token from the authority using authorization code previously received.
+ This method does not lookup token cache, but stores the result in it, so it can be looked up using other methods such as .
+
+ The authorization code received from service authorization endpoint.
+ Array of scopes requested for resource
+ Authentication result containing token of the user for the requested scopes
+
+
+
+ [V2 API] Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache.
+
+ Array of scopes requested for resource
+ Authentication result containing application token for the requested scopes
+
+
+
+ [V2 API] Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache.
+
+ Array of scopes requested for resource
+ If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials
+ Authentication result containing application token for the requested scopes
+
+
+
+ [V2 API] URL of the authorize endpoint including the query parameters.
+
+ Array of scopes requested for resource
+ Identifier of the user. Generally a UPN.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.
+ URL of the authorize endpoint including the query parameters.
+
+
+
+ [V2 API] Gets URL of the authorize endpoint including the query parameters.
+
+ Array of scopes requested for resource
+ Address to return to upon receiving a response from the authority.
+ Identifier of the user. Generally a UPN.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.
+ Array of scopes for which a developer can request consent upfront.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ URL of the authorize endpoint including the query parameters.
+
+
+
+ Must be kept immutable
+
+
+
+
+ Figures out the authority based on the authority from the config and the authority from the request,
+ and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent
+
+ The algorithm is:
+
+ 1. If there is no request authority (i.e. no authority override), use the config authority.
+ 1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID
+ 2. If there is a request authority, try to use it.
+ 2.1. If the request authority is not "common", then use it
+ 2.2 If the request authority is "common", ignore it, and use 1.1
+
+ Special cases:
+
+ - if the authority is not defined at the application level and the request level is not AAD, use the request authority
+ - if the authority is defined at app level, and the request level authority of is of different type, throw an exception
+
+
+
+
+
+ Gets a tenanted authority if the current authority is tenant-less.
+ Returns the original authority on B2C and ADFS
+
+
+
+
+ Gets the authority endpoints based on the host and tenant id. Does not rely on OIDC discovery.
+
+
+
+
+ Responsible for figuring out authority endpoints
+
+
+
+
+ Provides instance metadata across all authority types. Deals with metadata caching.
+
+
+
+
+ Priority order of metadata providers:
+
+ If user provided metadata via use it exclusively. Otherwise:
+
+ 1. Static cache (this is populated from the network)
+ 2. Well-known cache if all environments present in the token cache are known (this is hard-coded into MSAL)
+ 3. Cache stored in token cache (Not currently implemented)
+ 5. AAD discovery endpoint
+ 6. If going to the network fails with an error different than "invalid_instance" (i.e.authority validation failed), use the well-known instance metadata entry for the given authority
+ 7. On failure, use the authority itself(i.e.preferred cache = preferred network = aliases = configured_authority)
+
+ Spec: https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview?path=%2FInstance%20Discovery%20Caching%2Fdesktop_web_caching.md
+
+
+
+
+ AAD performs authority validation by calling the instance metadata endpoint. This is a bit unfortunate,
+ because instance metadata is used for aliasing, and authority validation is orthogonal to that.
+ MSAL must figure out aliasing even if ValidateAuthority is set to false.
+
+
+
+
+
+
+
+ Validates the authority. This is specific to each authority type.
+
+
+
+
+ Gets the azure region and adds telemetry to the ApiEvents
+
+ Returns null if region should not be used or cannot be discovered.
+
+
+
+ Indicates where the region information came from.
+
+
+
+
+ Indicates that the API .WithAzureRegion() was not used
+
+
+
+
+ Auto-detected from Env Variable
+
+
+
+
+ Auto-detected from IMDS
+
+
+
+
+ Auto-detected from MSAL's static cache
+
+
+
+
+ Region was configured by the user
+
+
+
+
+ Auto-detection failed, fallback to global
+
+
+
+
+ For Android there are from: https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/dev/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerResult.java
+
+
+
+
+ If device auth is required but the broker is not enabled, AAD will
+ signal this by returning an URL pointing to the broker app that needs to be installed.
+
+
+
+
+ For platforms that do not support a broker
+
+
+
+
+ Meant to be used in confidential client applications, an instance of ClientCredential is passed
+ to the constructors of ()
+ as credentials proving that the application (the client) is what it claims it is. These credentials can be
+ either a client secret (an application password) or a certificate.
+ This class has one constructor for each case.
+ These credentials are added in the application registration portal (in the secret section).
+
+
+
+
+ x5t = base64 URL encoded cert thumbprint
+
+
+ Mandatory for ADFS 2019
+
+
+
+
+ kid (key id) = cert thumbprint
+
+
+ Key Id is an optional param, but recommended. Wilson adds both kid and x5t to JWT header
+
+
+
+
+ Encryption algorithm used, e.g. ES256
+ https://tools.ietf.org/html/rfc7515#section-4.1.1
+
+
+
+
+ The type of token e.g. JWT
+ https://tools.ietf.org/html/rfc7519#section-5.1
+
+
+
+
+ Key ID, can be an X509 cert thumbprint. When used with a JWK, the "kid" value is used to match a JWK "kid"
+ parameter value
+ https://tools.ietf.org/html/rfc7515#section-4.1.4
+
+
+
+
+ MSAL Flavor: .NET or WinRT
+
+
+
+
+ MSAL assembly version
+
+
+
+
+ CPU platform with x86, x64 or ARM as value
+
+
+
+
+ Version of the operating system. This will not be sent on WinRT
+
+
+
+
+ Device model. This will not be sent on .NET
+
+
+
+
+ This class adds additional query parameters or headers to the requests sent to STS. This can help us in
+ collecting statistics and potentially on diagnostics.
+
+
+
+
+ One and only one ApiEvent is associated with each request.
+
+
+
+
+ This class is responsible for merging app level and request level params.
+ Not all params need to be merged - app level params can be accessed via AppConfig property
+
+
+
+
+ Authority is the URI used by MSAL for communication and storage
+ During a request it can be updated:
+ - with the preffered enviroment
+ - with actual tenant
+
+
+
+
+ Original authority configured by the user
+
+
+
+
+ Indicates if the user configured claims via .WithClaims. Not affected by Client Capabilities
+
+ If user configured claims, request should bypass cache
+
+
+
+ Determines whether or not the cached client assertion can be used again for the next authentication request by
+ checking its values against incoming request parameters.
+
+ Returns true if the previously cached client assertion is valid
+
+
+
+ Handles requests that are non-interactive. Currently MSAL supports Integrated Windows Auth (IWA).
+
+
+
+
+ This class decides the workflow of an interactive request. The business rules are:
+
+ 1. If WithBroker is set to true
+ 1.1. Attempt to invoke the broker and get the token
+ 1.2. If this fails, e.g. if broker is not installed, the use a web view (goto 2)
+
+ 2. Use a webview and get an auth code and look at the auth code
+ 2.1. If the auth code has a special format, showing that a broker is needed then. Invoke the broker flow (step 1) with a broker installation URL
+ 2.2. Otherwise exchange the auth code for tokens (normal authorize_code grant)
+
+
+
+
+ Base class for all flows. Use by implementing
+ and optionally calling protected helper methods such as SendTokenRequestAsync, which know
+ how to use all params when making the request.
+
+
+
+
+ Return a custom set of scopes to override the default MSAL logic of merging
+ input scopes with reserved scopes (openid, profile etc.)
+ Leave as is / return null otherwise
+
+
+
+
+ Handles requests that are non-interactive. Currently MSAL supports Integrated Windows Auth.
+
+
+
+
+ Responsible for getting an auth code
+
+
+
+
+ This logger does not contain a correlation ID and should be used only when the correlation ID is not available
+ i.e. before a request exists
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ For expensive logging messsages (e.g. when the log message evaluates a variable),
+ it is better to check the log level ahead of time so as not to evaluate the expensive message and then discard it.
+
+
+
+
+ Interface to be used with desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android).
+ public client applications are not trusted to safely keep application secrets, and therefore they only access web APIs in the name of the user only.
+ For details see https://aka.ms/msal-net-client-applications.
+
+
+ Interface defining common API methods and properties.
+ For details see https://aka.ms/msal-net-client-applications
+
+
+
+
+ Tells if the application can use the system web browser, therefore getting single-sign-on with web applications.
+ By default, MSAL will try to use a system browser on the mobile platforms, if it is available.
+ See https://aka.ms/msal-net-uses-web-browser.
+
+
+
+
+ Interactive request to acquire a token for the specified scopes. The interactive window will be parented to the specified
+ window. The user will be required to select an account
+
+ Scopes requested to access a protected API
+ A builder enabling you to add optional parameters before executing the token request
+ The user will be signed-in interactively if needed,
+ and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.
+ You can also pass optional parameters by calling:
+
+
+
+ to specify the user experience
+ when signing-in
+
+
+
+ to specify
+ if you want to use the embedded web browser or the system default browser
+
+
+
+ to configure
+ the user experience when using the Default browser
+
+
+ or
+ to prevent the select account dialog from appearing in the case you want to sign-in a specific accounts
+
+
+
+ if you want to let the
+ user pre-consent to additional scopes (which won't be returned in the access token)
+
+
+
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction
+
+
+
+
+
+
+ Acquires a security token on a device without a Web browser, by letting the user authenticate on
+ another device. This is done in two steps:
+
+ The method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ Callback containing information to show the user about how to authenticate and enter the device code.
+ A builder enabling you to add optional parameters before executing the token request
+
+ You can also pass optional parameters by calling:
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Non-interactive request to acquire a security token for the signed-in user in Windows,
+ via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa.
+ The account used in this overrides is pulled from the operating system as the current user principal name.
+
+ Scopes requested to access a protected API
+ A builder enabling you to add optional parameters before executing the token request
+
+ You can also pass optional parameters by calling:
+ to pass the identifier
+ of the user account for which to acquire a token with Integrated Windows authentication. This is generally in
+ UserPrincipalName (UPN) format, e.g. john.doe@contoso.com. This is normally not needed, but some Windows administrators
+ set policies preventing applications from looking-up the signed-in user in Windows, and in that case the username
+ needs to be passed.
+ You can also chain with
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Non-interactive request to acquire a security token from the authority, via Username/Password Authentication.
+ Available only on .net desktop and .net core. See https://aka.ms/msal-net-up for details.
+
+ Scopes requested to access a protected API
+ Identifier of the user application requests token on behalf.
+ Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ User password as a secure string.
+ A builder enabling you to add optional parameters before executing the token request
+ You can also pass optional parameters by chaining the builder with:
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Interactive request to acquire token for the specified scopes. The user is required to select an account
+
+ Scopes requested to access a protected API
+ Authentication result containing a token for the requested scopes and account
+ The user will be signed-in interactively if needed,
+ and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.
+
+
+
+ Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
+ based on the
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
+ based on the provided
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a login with control of the UI behavior and possiblity of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for an account with control of the UI behavior and possiblity of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
+ window. The user will be required to select an account
+
+ Scopes requested to access a protected API
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+ The user will be signed-in interactively if needed,
+ and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.
+
+
+
+ Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
+ window. . The user will need to sign-in but an account will be proposed
+ based on the
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and login
+
+
+
+ Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
+ based on the provided
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a login with control of the UI behavior and possiblity of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for an account with control of the UI behavior and possiblity of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Non-interactive request to acquire a security token from the authority, via Username/Password Authentication.
+ See https://aka.ms/msal-net-up.
+
+ Scopes requested to access a protected API
+ Identifier of the user application requests token on behalf.
+ Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ User password.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ Callback containing information to show the user about how to authenticate and enter the device code.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device, with possibility of passing extra parameters. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Callback containing information to show the user about how to authenticate and enter the device code.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device, with possibility of cancelling the token acquisition before it times out. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information. This step is cancelable
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ The callback containing information to show the user about how to authenticate and enter the device code.
+ A CancellationToken which can be triggered to cancel the operation in progress.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device, with possibility of passing extra query parameters and cancelling the token acquisition before it times out. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information. This step is cancelable
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ The callback containing information to show the user about how to authenticate and enter the device code.
+ A CancellationToken which can be triggered to cancel the operation in progress.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
+ See https://aka.ms/msal-net-iwa.
+ The account used in this overrides is pulled from the operating system as the current user principal name
+
+
+ On Windows Universal Platform, the following capabilities need to be provided:
+ Enterprise Authentication, Private Networks (Client and Server), User Account Information
+
+ Scopes requested to access a protected API
+ Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows
+
+
+
+ Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
+ See https://aka.ms/msal-net-iwa.
+ The account used in this overrides is pulled from the operating system as the current user principal name
+
+ Scopes requested to access a protected API
+ Identifier of the user account for which to acquire a token with Integrated Windows authentication.
+ Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows
+
+
+
+ Notification for certain token cache interactions during token acquisition. This delegate is
+ used in particular to provide a custom token cache serialization.
+ See https://aka.ms/aka.ms/msal-net-token-cache-serialization
+
+ Arguments related to the cache item impacted
+
+
+
+ This is the interface that implements the public access to cache operations.
+ With CacheV2, this should only be necessary if the caller is persisting
+ the cache in their own store, since this will provide the serialize/deserialize
+ and before/after notifications used in that scenario.
+ See https://aka.ms/aka.ms/msal-net-token-cache-serialization
+
+
+
+
+ Sets a delegate to be notified before any library method accesses the cache. This gives an option to the
+ delegate to deserialize a cache entry for the application and accounts specified in the .
+ See https://aka.ms/msal-net-token-cache-serialization.
+ If you need async/task-based callbacks, please use SetBeforeAccessAsync instead.
+
+ Delegate set in order to handle the cache deserialization
+ When the delegate is used to deserialize the cache, it might
+ want to call
+
+
+
+ Sets a delegate to be notified after any library method accesses the cache. This gives an option to the
+ delegate to serialize a cache entry for the application and accounts specified in the .
+ See https://aka.ms/msal-net-token-cache-serialization.
+ If you need async/task-based callbacks, please use SetAfterAccessAsync instead.
+
+ Delegate set in order to handle the cache serialization in the case where the
+ member of the cache is true
+ In the case where the delegate is used to serialize the cache entirely (not just a row), it might
+ want to call
+
+
+
+ Sets a delegate called before any library method writes to the cache. This gives an option to the delegate
+ to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate
+ registered with
+ If you need async/task-based callbacks, please use SetBeforeWriteAsync instead.
+
+ Delegate set in order to prepare the cache serialization
+
+
+
+ Sets a delegate to be notified before any library method accesses the cache. This gives an option to the
+ delegate to deserialize a cache entry for the application and accounts specified in the .
+ See https://aka.ms/msal-net-token-cache-serialization.
+ This provides the same functionality as SetBeforeAccess but it provides for an async/task-based callback.
+
+ Delegate set in order to handle the cache deserialization
+ In the case where the delegate is used to deserialize the cache, it might
+ want to call
+
+
+
+ Sets a delegate to be notified after any library method accesses the cache. This gives an option to the
+ delegate to serialize a cache entry for the application and accounts specified in the .
+ See https://aka.ms/msal-net-token-cache-serialization.
+ This provides the same functionality as SetAfterAccess but it provides for an async/task-based callback.
+
+ Delegate set in order to handle the cache serialization in the case where the
+ member of the cache is true
+ In the case where the delegate is used to serialize the cache entirely (not just a row), it might
+ want to call
+
+
+
+ Sets a delegate called before any library method writes to the cache. This gives an option to the delegate
+ to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate
+ registered with
+ This provides the same functionality as SetBeforeWrite but it provides for an async/task-based callback.
+
+ Delegate set in order to prepare the cache serialization
+
+
+
+ Functionality replaced by and is accessible in TokenCacheNotificationArgs.
+
+ Byte stream representation of the cache
+
+ This is the recommended format for maintaining SSO state between applications.
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Functionality replaced by and is accessible in TokenCacheNotificationArgs.
+
+ Byte stream representation of the cache
+
+ Set to true to clear MSAL cache contents. Defaults to false.
+ You would want to set this to true if you want the cache contents in memory to be exactly what's on disk.
+ You would want to set this to false if you want to merge the contents of what's on disk with your current in memory state.
+
+
+ This is the recommended format for maintaining SSO state between applications.
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Functionality replaced by and is accessible in TokenCacheNotificationArgs.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Functionality replaced by and is accessible in TokenCacheNotificationArgs.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Functionality replaced by and is accessible in TokenCacheNotificationArgs.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Functionality replaced by and is accessible in TokenCacheNotificationArgs.
+ See https://aka.ms/msal-net-4x-cache-breaking-change
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Functionality replaced by . See https://aka.ms/msal-net-4x-cache-breaking-change
+ ///
+
+
+
+
+ Functionality replaced by . See https://aka.ms/msal-net-4x-cache-breaking-change ///
+
+
+
+
+ Functionality replaced by and
+ See https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+
+ Functionality replaced by and
+ See https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+
+ Returns a RT for the request. If familyId is specified, it tries to return the FRT.
+
+
+
+
+ FOCI - check in the app metadata to see if the app is part of the family
+
+ null if unknown, true or false if app metadata has details
+
+
+
+ Shows if MSAL's in-memory token cache has any kind of RT or non-expired AT. Does not trigger a cache notification.
+ Ignores ADAL's cache.
+
+
+
+
+ This interface will be available in TokenCacheNotificationArgs callback to enable serialization/deserialization of the cache.
+
+
+ The methods in this class are not thread safe. It is expected that they will be called from the token cache callbacks,
+ registered via SetBeforeAccess, SetAfterAccess. These callbacks thread safe because they are triggered sequentially.
+
+
+
+
+ Serializes the token cache to the MSAL.NET 3.x cache format, which is compatible with other MSAL desktop libraries, including MSAL.NET 4.x, MSAL for Python and MSAL for Java.
+ If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
+ you might also want to serialize and deserialize with /,
+ otherwise just use /.
+
+ Byte stream representation of the cache
+
+ This is the recommended format for maintaining SSO state between applications.
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Deserializes the token cache to the MSAL.NET 3.x cache format, which is compatible with other MSAL desktop libraries, including MSAL.NET 4.x, MSAL for Python and MSAL for Java.
+ If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
+ you might also want to serialize and deserialize with /,
+ otherwise just use /.
+
+ Byte stream representation of the cache
+
+ Set to true to clear MSAL cache contents. Defaults to false.
+ You would want to set this to true if you want the cache contents in memory to be exactly what's on disk.
+ You would want to set this to false if you want to merge the contents of what's on disk with your current in memory state.
+
+
+ This is the recommended format for maintaining SSO state between applications.
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Serializes the token cache to the ADAL.NET 3.x cache format.
+ If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
+ you might also want to serialize and deserialize with /,
+ otherwise just use /.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Deserializes the token cache to the ADAL.NET 3.x cache format.
+ If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
+ you might also want to serialize and deserialize with /,
+ otherwise just use /.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Serializes the token cache to the MSAL.NET 2.x unified cache format, which is compatible with ADAL.NET v4 and other MSAL.NET v2 applications.
+ If you need to maintain SSO between an application using ADAL 3.x or MSAL 2.x and this application using MSAL 3.x,
+ you might also want to serialize and deserialize with / or /,
+ otherwise just use /.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Deserializes the token cache to the MSAL.NET 2.x cache format, which is compatible with ADAL.NET v4 and other MSAL.NET v2 applications.
+ If you need to maintain SSO between an application using ADAL 3.x or MSAL 2.x and this application using MSAL 3.x,
+ you might also want to serialize and deserialize with / or /,
+ otherwise just use /.
+
+ Byte stream representation of the cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Callback delegate that allows application developers to consume logs, and handle them in a custom manner. This
+ callback is set using .
+ If PiiLoggingEnabled is set to true, when registering the callback this method will receive the messages twice:
+ once with the containsPii parameter equals false and the message without PII,
+ and a second time with the containsPii parameter equals to true and the message might contain PII.
+ In some cases (when the message does not contain PII), the message will be the same.
+ For details see https://aka.ms/msal-net-logging
+
+ Log level of the log message to process
+ Pre-formatted log message
+ Indicates if the log message contains Organizational Identifiable Information (OII)
+ or Personally Identifiable Information (PII) nor not.
+ If is set to false then this value is always false.
+ Otherwise it will be true when the message contains PII.
+
+
+
+
+ Level of the log messages.
+ For details see https://aka.ms/msal-net-logging
+
+
+
+
+ Error Log level
+
+
+
+
+ Warning Log level
+
+
+
+
+ Information Log level
+
+
+
+
+ Verbose Log level
+
+
+
+
+ In MSAL.NET 1.x, was representing a User. From MSAL 2.x use which represents an account
+ (a user has several accounts). See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ In MSAL.NET 1.x was the displayable ID of a user. From MSAL 2.x use the of an account.
+ See https://aka.ms/msal-net-2-released for more details
+
+
+
+
+ In MSAL.NET 1.x was the name of the user (which was not very useful as the concatenation of
+ some claims). From MSAL 2.x rather use . See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ In MSAL.NET 1.x was the URL of the identity provider (e.g. https://login.microsoftonline.com/tenantId).
+ From MSAL.NET 2.x use which retrieves the host only (e.g. login.microsoftonline.com).
+ See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ In MSAL.NET 1.x was an identifier for the user in the guest tenant.
+ From MSAL.NET 2.x, use to get
+ the user identifier (globally unique across tenants). See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ Contains parameters used by the MSAL call accessing the cache.
+ See also which contains methods
+ to customize the cache serialization.
+ For more details about the token cache see https://aka.ms/msal-net-web-token-cache
+
+
+
+
+ In MSAL.NET 1.x, returned the user who signed in to get the authentication result. From MSAL 2.x
+ rather use instead. See https://aka.ms/msal-net-2-released for more details.
+
+
+
+
+ Gets the involved in the transaction
+
+ objects implement this interface.
+
+
+
+ Gets the ClientId (application ID) of the application involved in the cache transaction
+
+
+
+
+ Gets the account involved in the cache transaction.
+
+
+
+
+ Indicates whether the state of the cache has changed, for example when tokens are being added or removed.
+ Not all cache operations modify the state of the cache.
+
+
+
+
+ Indicates whether the cache change occurred in the UserTokenCache or in the AppTokenCache.
+
+
+ The Application Cache is used in Client Credential grant, which is not available on all platforms.
+ See https://aka.ms/msal-net-app-cache-serialization for details.
+
+
+
+
+ A suggested token cache key, which can be used with general purpose storage mechanisms that allow
+ storing key-value pairs and key based retrieval. Useful in applications that store 1 token cache per user,
+ the recommended pattern for web apps.
+
+ The value is:
+
+
+ the homeAccountId for AcquireTokenSilent, GetAccount(homeAccountId), RemoveAccount and when writing tokens on confidential client calls
+ clientID + "_AppTokenCache" for AcquireTokenForClient
+ clientID_tenantID + "_AppTokenCache" for AcquireTokenForClient when tenant specific authority
+ the hash of the original token for AcquireTokenOnBehalfOf
+
+
+
+
+
+
+
+
+ If this flag is false in the OnAfterAccessAsync notification, the token cache can be deleted.
+ MSAL takes into consideration access tokens expiration when computing this flag, but not refresh token expiration, which is not known to MSAL.7
+
+
+
+
+ Abstract class containing common API methods and properties.
+ For details see https://aka.ms/msal-net-client-applications
+
+
+ Class to be used to acquire tokens in desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android).
+ public client applications are not trusted to safely keep application secrets, and therefore they only access web APIs in the name of the user only.
+ For details see https://aka.ms/msal-net-client-applications
+
+
+
+ Contrary to , public clients are unable to hold configuration time secrets,
+ and as a result have no client secret
+ The redirect URL is pre-proposed by the library. It does not need to be passed in the constructor
+
+
+
+
+
+ In ADAL.NET, acquires security token from the authority, using the username/password authentication,
+ with the password sent in clear.
+ In MSAL 2.x, only the method that accepts a SecureString parameter is supported.
+
+ See https://aka.ms/msal-net-up for more details.
+
+ Scopes requested to access a protected API
+ Identifier of the user application requests token on behalf.
+ User password.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Constructor of the application. It will use https://login.microsoftonline.com/common as the default authority.
+
+ Client ID (also known as App ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED
+
+
+
+ Constructor of the application.
+
+ Client ID (also named Application ID) of the application as registered in the
+ application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED
+ Authority of the security token service (STS) from which MSAL.NET will acquire the tokens.
+ Usual authorities are:
+
+ https://login.microsoftonline.com/tenant/, where tenant is the tenant ID of the Azure AD tenant
+ or a domain associated with this Azure AD tenant, in order to sign-in user of a specific organization only
+ https://login.microsoftonline.com/common/ to signing users with any work and school accounts or Microsoft personal account
+ https://login.microsoftonline.com/organizations/ to signing users with any work and school accounts
+ https://login.microsoftonline.com/consumers/ to signing users with only personal Microsoft account (live)
+
+ Note that this setting needs to be consistent with what is declared in the application registration portal
+
+
+
+
+ Interactive request to acquire token for the specified scopes. The user is required to select an account
+
+ Scopes requested to access a protected API
+ Authentication result containing a token for the requested scopes and account
+ The user will be signed-in interactively if needed,
+ and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.
+
+
+
+ Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
+ based on the
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
+ based on the provided
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a login with control of the UI prompt and possibility of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for an account with control of the UI prompt and possibility of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
+ window. The user will be required to select an account
+
+ Scopes requested to access a protected API
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+ The user will be signed-in interactively if needed,
+ and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.
+
+
+
+ Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
+ window. The user will need to sign-in but an account will be proposed
+ based on the
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and login
+
+
+
+ Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
+ based on the provided
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a login with control of the UI prompt and possiblity of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for an account with control of the UI prompt and possiblity of passing extra query parameters like additional claims
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
+ parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
+
+ Scopes requested to access a protected API
+ Account to use for the interactive token acquisition. See for ways to get an account
+ Designed interactive experience for the user.
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
+ for which you want to acquire a security token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Non-interactive request to acquire a security token from the authority, via Username/Password Authentication.
+ Available only on .net desktop and .net core. See https://aka.ms/msal-net-up for details.
+
+ Scopes requested to access a protected API
+ Identifier of the user application requests token on behalf.
+ Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ User password.
+ Authentication result containing a token for the requested scopes and account
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ Callback containing information to show the user about how to authenticate and enter the device code.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device, with possibility of passing extra parameters. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ Callback containing information to show the user about how to authenticate and enter the device code.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device, with possibility of cancelling the token acquisition before it times out. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information. This step is cancelable
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ The callback containing information to show the user about how to authenticate and enter the device code.
+ A CancellationToken which can be triggered to cancel the operation in progress.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device, with possibility of passing extra query parameters and cancelling the token acquisition before it times out. This is done in two steps:
+
+ the method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information. This step is cancelable
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
+ This is expected to be a string of segments of the form key=value separated by an ampersand character.
+ The parameter can be null.
+ The callback containing information to show the user about how to authenticate and enter the device code.
+ A CancellationToken which can be triggered to cancel the operation in progress.
+ Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code
+
+
+
+ Acquires an access token from an existing refresh token and stores it and the refresh token into
+ the application user token cache, where it will be available for further AcquireTokenSilentAsync calls.
+ This method can be used in migration to MSAL from ADAL v2 and in various integration
+ scenarios where you have a RefreshToken available.
+ (see https://aka.ms/msal-net-migration-adal2-msal2)
+
+ Scope to request from the token endpoint.
+ Setting this to null or empty will request an access token, refresh token and ID token with default scopes
+ The refresh token (for example previously obtained from ADAL 2.x)
+
+
+
+ Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
+ See https://aka.ms/msal-net-iwa.
+ The account used in this overrides is pulled from the operating system as the current user principal name
+
+
+ On Windows Universal Platform, the following capabilities need to be provided:
+ Enterprise Authentication, Private Networks (Client and Server), User Account Information
+ Supported on .net desktop and UWP
+
+ Scopes requested to access a protected API
+ Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows
+
+
+
+ Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
+ See https://aka.ms/msal-net-iwa.
+ The account used in this overrides is pulled from the operating system as the current user principal name
+
+ Scopes requested to access a protected API
+ Identifier of the user account for which to acquire a token with Integrated Windows authentication.
+ Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows
+
+
+
+ Constructor to create application instance. This constructor is only available for Desktop and NetCore apps
+
+ Client id of the application
+ Default authority to be used for the application
+ Instance of TokenCache.
+
+
+
+ Currently only the Windows broker is able to login with the current user, see https://aka.ms/msal-net-wam for details.
+
+ A special account value that indicates that the current Operating System account should be used
+ to login the user. Not all operating systems and authentication flows support this concept, in which
+ case calling `AcquireTokenSilent` will throw an .
+
+
+
+
+ Returns true if MSAL can use a system browser.
+
+
+ On Windows, Mac and Linux a system browser can always be used, except in cases where there is no UI, e.g. SSH connection.
+ On Android, the browser must support tabs.
+
+
+
+
+ Returns true if MSAL can use an embedded webview (browser).
+
+
+ Currently there are no embedded webviews on Mac and Linux. On Windows, app developers or users should install
+ the WebView2 runtime and this property will inform if the runtime is available, see https://aka.ms/msal-net-webview2
+
+
+
+
+ Returns false when the program runs in headless OS, for example when SSH-ed into a Linux machine.
+ Browsers (webviews) and brokers cannot be used if there is no UI support. Instead, please use
+
+
+
+
+ Returns true if a broker can be used.
+
+
+ On Windows, the broker (WAM) can be used on Win10 and is always installed.
+ On Mac, Linux and older versions of Windows a broker is not available.
+ On mobile, the device must be Intune joined and Authenticator or Company Portal must be installed.
+
+
+
+
+ Interactive request to acquire a token for the specified scopes. The interactive window will be parented to the specified
+ window. The user will be required to select an account.
+
+ Scopes requested to access a protected API
+ A builder enabling you to add optional parameters before executing the token request
+ The user will be signed-in interactively if needed,
+ and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.
+
+ You can also pass optional parameters by calling:
+
+ to specify the user experience
+ when signing-in, to specify
+ if you want to use the embedded web browser or the system default browser,
+ to configure
+ the user experience when using the Default browser,
+ or
+ to prevent the select account dialog from appearing in the case you want to sign-in a specific account,
+ if you want to let the
+ user pre-consent to additional scopes (which won't be returned in the access token),
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Acquires a security token on a device without a web browser, by letting the user authenticate on
+ another device. This is done in two steps:
+
+ The method first acquires a device code from the authority and returns it to the caller via
+ the . This callback takes care of interacting with the user
+ to direct them to authenticate (to a specific URL, with a code)
+ The method then proceeds to poll for the security
+ token which is granted upon successful login by the user based on the device code information
+
+ See https://aka.ms/msal-device-code-flow.
+
+ Scopes requested to access a protected API
+ Callback containing information to show the user about how to authenticate and enter the device code.
+ A builder enabling you to add optional parameters before executing the token request
+
+ You can also pass optional parameters by calling:
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Non-interactive request to acquire a security token for the signed-in user in Windows,
+ via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa.
+ The account used in this overrides is pulled from the operating system as the current user principal name.
+
+ Scopes requested to access a protected API
+ A builder enabling you to add optional parameters before executing the token request
+
+ You can also pass optional parameters by calling:
+ to pass the identifier
+ of the user account for which to acquire a token with Integrated Windows authentication. This is generally in
+ UserPrincipalName (UPN) format, e.g. john.doe@contoso.com. This is normally not needed, but some Windows administrators
+ set policies preventing applications from looking-up the signed-in user in Windows, and in that case the username
+ needs to be passed.
+ You can also chain with
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Non-interactive request to acquire a security token from the authority, via Username/Password Authentication.
+ See https://aka.ms/msal-net-up for details.
+
+ Scopes requested to access a protected API
+ Identifier of the user application requests token on behalf.
+ Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ User password as a secure string.
+ A builder enabling you to add optional parameters before executing the token request
+ You can also pass optional parameters by chaining the builder with:
+ to pass
+ additional query parameters to the STS, and one of the overrides of
+ in order to override the default authority set at the application construction. Note that the overriding authority needs to be part
+ of the known authorities added to the application construction.
+
+
+
+
+ Component to be used with confidential client applications like web apps/APIs.
+ This component supports Subject Name + Issuer authentication in order to help, in the future,
+ Azure AD certificates rollover.
+
+
+
+
+ [V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
+ This method enables application developers to achieve easy certificates roll-over
+ in Azure AD: this method will send the public certificate to Azure AD
+ along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation).
+
+ Array of scopes requested for resource
+ Authentication result containing application token for the requested scopes
+
+
+
+ [V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
+ This method attempts to look up valid access token in the cache unless is true
+ This method enables application developers to achieve easy certificates roll-over
+ in Azure AD: this method will send the public certificate to Azure AD
+ along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+ This saves the application admin from the need to explicitly manage the certificate rollover
+ (either via portal or PowerShell/CLI operation)
+
+ Array of scopes requested for resource
+ If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials
+ Authentication result containing application token for the requested scopes
+
+
+
+ [V2 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
+
+ Array of scopes requested for resource
+ Instance of UserAssertion containing user's token.
+ Authentication result containing token of the user for the requested scopes
+
+
+
+ [V2 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
+
+ Array of scopes requested for resource
+ Instance of UserAssertion containing user's token.
+ Specific authority for which the token is requested. Passing a different value than configured does not change the configured value
+ Authentication result containing token of the user for the requested scopes
+
+
+
+ Structure containing static members that you can use to specify how the interactive overrides
+ of AcquireTokenAsync in should prompt the user.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Certificate for a client assertion. This class is used in one of the constructors of . ClientCredential
+ is itself used in the constructor of to pass to Azure AD a shared secret (registered in the
+ Azure AD application)
+
+ for the constructor of
+ with a certificate, and
+ To understand the difference between public client applications and confidential client applications, see https://aka.ms/msal-net-client-applications
+
+
+
+ Constructor to create certificate information used in
+ to instantiate a used in the constructors of
+
+ The X509 certificate used as credentials to prove the identity of the application to Azure AD.
+
+
+
+ Gets minimum X509 certificate key size in bits
+
+
+
+
+ Gets the X509 certificate used as credentials to prove the identity of the application to Azure AD.
+
+
+
+
+ Meant to be used in confidential client applications, an instance of ClientCredential is passed
+ to the constructors of ()
+ as credentials proving that the application (the client) is what it claims it is. These credentials can be
+ either a client secret (an application password) or a certificate.
+ This class has one constructor for each case.
+ These credentials are added in the application registration portal (in the secret section).
+
+
+
+
+ Constructor of client (application) credentials from a
+
+ contains information about the certificate previously shared with AAD at application
+ registration to prove the identity of the application (the client) requesting the tokens.
+
+
+
+ Constructor of client (application) credentials from a client secret, also known as the application password.
+
+ Secret string previously shared with AAD at application registration to prove the identity
+ of the application (the client) requesting the tokens.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Checks Android device for chrome packages.
+ Returns true if chrome package for launching system webview is enabled on device.
+ Returns false if chrome package is not found.
+
+
+ The following code decides, in a Xamarin.Forms app, which browser to use based on the presence of the
+ required packages.
+
+ bool useSystemBrowser = UIParent.IsSystemWebviewAvailable();
+ App.UIParent = new UIParent(Xamarin.Forms.Forms.Context as Activity, !useSystemBrowser);
+
+
+
+
+
+ Token cache storing access and refresh tokens for accounts
+ This class is used in the constructors of and .
+ In the case of ConfidentialClientApplication, two instances are used, one for the user token cache, and one for the application
+ token cache (in the case of applications using the client credential flows).
+
+
+ IMPORTANT: this class is perf critical; any changes must be benchmarked using Microsoft.Identity.Test.Performace.
+ More information about how to test and what data to look for is in https://aka.ms/msal-net-performance-testing.
+
+
+
+
+ Gets or sets the flag indicating whether the state of the cache has changed.
+ MSAL methods set this flag after any change.
+ Caller applications should reset the flag after serializing and persisting the state of the cache.
+
+
+
+
+ Serializes the entire token cache in both the ADAL V3 and unified cache formats.
+
+ Serialized token cache
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Deserializes the token cache from a serialization blob in both format (ADAL V3 format, and unified cache format)
+
+ Array of bytes containing serialize cache data
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Serializes using the serializer.
+ Obsolete: Please use specialized Serialization methods.
+ replaces .
+ / Is our recommended way of serializing/deserializing.
+ For interoperability with ADAL.NET v3.
+
+ array of bytes,
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+
+
+
+
+ Deserializes the token cache from a serialization blob in the unified cache format
+ Obsolete: Please use specialized Deserialization methods.
+ replaces
+ / Is our recommended way of serializing/deserializing.
+ For interoperability with ADAL.NET v3
+
+ Array of bytes containing serialized MSAL.NET V2 cache data
+
+ / is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
+ Is a Json blob containing access tokens, refresh tokens, id tokens and accounts information.
+
+
+
+
+ Notification for certain token cache interactions during token acquisition. This delegate is
+ used in particular to provide a custom token cache serialization
+
+ Arguments related to the cache item impacted
+
+
+
+ This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+ This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+ This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+ This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+ This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+ This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
+
+
+
+
+ Constructor of a token cache. This constructor is left for compatibility with MSAL 2.x.
+ The recommended way to get a cache is by using
+ and IConfidentialClientApplication.AppTokenCache once the app is created.
+
+
+
+
+ This method is so we can inject test ILegacyCachePersistence...
+
+
+
+
+
+
+
+ IMPORTANT: this class is perf critical; any changes must be benchmarked using Microsoft.Identity.Test.Performace.
+ More information about how to test and what data to look for is in https://aka.ms/msal-net-performance-testing.
+
+ Scenario: client_creds with default in-memory cache can get to ~500k tokens
+
+
+
+
+ Get accounts should not make a network call, if possible. This can be achieved if
+ all the environments in the token cache are known to MSAL, as MSAL keeps a list of
+ known environments in
+
+
+
+
+ Notification method called before any library method accesses the cache.
+
+
+
+
+ Notification method called before any library method writes to the cache. This notification can be used to reload
+ the cache state from a row in database and lock that row. That database row can then be unlocked in the
+ notification.
+
+
+
+
+ Notification method called after any library method accesses the cache.
+
+
+
+
+ Sets a delegate to be notified before any library method accesses the cache. This gives an option to the
+ delegate to deserialize a cache entry for the application and accounts specified in the .
+ See https://aka.ms/msal-net-token-cache-serialization
+
+ Delegate set in order to handle the cache deserialiation
+ In the case where the delegate is used to deserialize the cache, it might
+ want to call
+
+
+
+ Sets a delegate to be notified after any library method accesses the cache. This gives an option to the
+ delegate to serialize a cache entry for the application and accounts specified in the .
+ See https://aka.ms/msal-net-token-cache-serialization
+
+ Delegate set in order to handle the cache serialization in the case where the
+ member of the cache is true
+ In the case where the delegate is used to serialize the cache entirely (not just a row), it might
+ want to call
+
+
+
+ Sets a delegate called before any library method writes to the cache. This gives an option to the delegate
+ to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate
+ registered with
+
+ Delegate set in order to prepare the cache serialization
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This exception class represents errors that are local to the library or the device. Contrary to
+ which represent errors happening from the Azure AD service or
+ the network. For more details, see https://aka.ms/msal-net-exceptions
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code.
+
+
+ The error code returned by the service or generated by client. This is the code you can rely on
+ for exception handling.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code and error message.
+
+
+ The error code returned by the service or generated by client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and inner exception.
+
+
+ The error code returned by the service or generated by client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+
+
+
+
+ Error code returned as a property in MsalException
+
+
+
+
+ Standard OAuth2 protocol error code. It indicates that the application needs to expose the UI to the user
+ so that the user does an interactive action in order to get a new token.
+ Mitigation: If your application is a call AcquireTokenInteractive
+ perform an interactive authentication. If your application is a chances are that the Claims member
+ of the exception is not empty. See for the right mitigation
+
+
+
+
+ Standard OAuth2 protocol error code. It indicates that the application needs to expose the UI to the user
+ so the user can do an interactive log-in to get a token with updated claims.
+ Mitigation: If your application is a call AcquireTokenInteractive
+ perform an interactive authentication. If your application is a chances are that the Claims member
+ of the exception is not empty. See for the right mitigation
+
+
+
+
+ No token was found in the token cache.
+ Mitigation: If your application is a call AcquireTokenInteractive so
+ that the user of your application signs-in and accepts consent.
+
+
+ If it's a web app you should have previously called IConfidentialClientApplication.AcquireTokenByAuthorizationCode
+ as described in https://aka.ms/msal-net-authorization-code. You need to make sure that you have requested the right scopes. For details
+ See https://github.com/Azure-Samples/ms-identity-aspnetcore-webapp-tutorial
+
+ This error should not happen in web APIs
+
+
+
+
+
+ This error code comes back from calls when a null user is
+ passed as the account parameter. This can be because you have called AcquireTokenSilent with an account parameter
+ set to accounts.FirstOrDefault() but accounts is empty.
+ Mitigation
+ Pass a different account, or otherwise call
+
+
+
+
+ This error code comes back from calls when the
+ user is passed as the account parameter. Only some brokers (WAM) can login the current user.
+ Mitigation
+ On Windows, use the broker via .WithBroker(true), use a different account, or otherwise call
+
+
+
+
+ This error code denotes that no account was found having the given login hint.
+ What happens?
+
+ or
+ was called with a loginHint parameter which does not match any account in
+ Mitigation
+ If you are certain about the loginHint, call
+
+
+
+
+ This error code denotes that multiple accounts were found having the same login hint and MSAL
+ cannot choose one. Please use to specify the account
+
+
+
+
+ This error code comes back from calls when
+ the user cache had not been set in the application constructor. This should never happen in MSAL.NET 3.x as the cache is created by the application
+
+
+
+
+ One of two conditions was encountered:
+
+ The Prompt.NoPrompt was passed in an interactive token call, but the constraint could not be honored because user interaction is required,
+ for instance because the user needs to re-sign-in, give consent for more scopes, or perform multiple factor authentication.
+
+
+ An error occurred during a silent web authentication that prevented the authentication flow from completing in a short enough time frame.
+
+
+ Remediation:call AcquireTokenInteractive so that the user of your application signs-in and accepts consent.
+
+
+
+
+ Service is unavailable and returned HTTP error code within the range of 500-599
+ Mitigation you can retry after a delay.
+
+
+
+
+ The HTTP Request to the STS timed out.
+ Mitigation you can retry after a delay.
+
+
+
+
+ loginHint should be a UPN
+ What happens? An override of a token acquisition operation was called in which
+ takes a loginHint as a parameters, but this login hint was not using the UserPrincipalName (UPN) format, e.g. john.doe@contoso.com
+ expected by the service
+ Remediation Make sure in your code that you enforce loginHint to be a UPN
+
+
+
+
+ No passive auth endpoint was found in the OIDC configuration of the authority
+ What happens? When the libraries go to the authority and get its open id connect configuration
+ it expects to find a Passive Auth Endpoint entry, and could not find it.
+ remediation Check that the authority configured for the application, or passed on some overrides of token acquisition tokens
+ supporting authority override is correct
+
+
+
+
+ Invalid authority
+ What happens When the library attempts to discover the authority and get the endpoints it needs to
+ acquire a token, it got an un-authorize HTTP code or an unexpected response
+ remediation Check that the authority configured for the application, or passed on some overrides of token acquisition tokens
+ supporting authority override is correct
+
+
+
+
+ Invalid authority type.
+ MSAL.NET does not know how to interact with the authority specified when the application was built.
+ Mitigation
+ Use a different authority
+
+
+
+
+ Unknown Error occurred.
+ Mitigation None. You might want to inform the end user.
+
+
+
+
+ Unknown broker error occurred.
+ Mitigation None. You might want to inform the end user.
+
+
+
+
+ Authentication failed.
+ What happens?
+ The authentication failed. For instance the user did not enter the right password
+ Mitigation
+ Inform the user to retry.
+
+
+
+
+ Authority validation failed.
+ What happens?
+ The validation of the authority failed. This might be because the authority is not
+ compliant with the OIDC standard, or there might be a security issue
+ Mitigation
+ Use a different authority. If you are absolutely sure that you can trust the authority
+ you can use the passing
+ the validateAuthority parameter to false (not recommended)
+
+
+
+
+ Invalid owner window type.
+ What happens?
+ You used "AcquireTokenInteractiveParameterBuilder.WithParentActivityOrWindow(object)
+ but the parameter you passed is invalid.
+ Remediation
+ On .NET Standard, the expected object is an Activity on Android, a UIViewController on iOS,
+ a NSWindow on MAC, and a IWin32Window or IntPr on Windows.
+ If you are in a WPF application, you can use WindowInteropHelper(wpfControl).Handle to get the window
+ handle associated with a WPF control
+
+
+
+
+ Encoded token too long.
+ What happens
+ In a confidential client application call, the client assertion built by MSAL is longer than
+ the max possible length for a JWT token.
+
+
+
+
+ User Mismatch.
+
+
+
+
+ Failed to refresh token.
+ What happens?
+ The token could not be refreshed. This can be because the user has not used the application for a long time.
+ and therefore the refresh token maintained in the token cache has expired
+ Mitigation
+ If you are in a public client application, that supports interactivity, send an interactive request
+ . Otherwise,
+ use a different method to acquire tokens.
+
+
+
+
+ Failed to acquire token silently. Used in broker scenarios.
+ What happens
+ you called
+ or and your
+ mobile (Xamarin) application leverages the broker (Microsoft Authenticator or Microsoft Company Portal), but the broker
+ was not able to acquire the token silently.
+ Mitigation
+ Call
+
+
+
+
+ RedirectUri validation failed.
+ What happens?
+ The redirect URI / reply URI is invalid
+ How to fix
+ Pass a valid redirect URI.
+
+
+
+
+ The request could not be preformed because of an unknown failure in the UI flow.*
+ Mitigation
+ Inform the user.
+
+
+
+
+ Internal error
+
+
+
+
+ Accessing WS Metadata Exchange Failed.
+ What happens?
+ You tried to use
+ and the account is a federated account.
+ Mitigation
+ None. The WS metadata was not found or does not correspond to what was expected.
+
+
+
+
+ Federated service returned error.
+ Mitigation
+ None. The federated service returned an error. You can try to look at the
+ Body of the exception for a better understanding of the error and choose
+ the mitigation
+
+
+
+
+ User Realm Discovery Failed.
+
+
+
+
+ Resource Owner Password Credential (ROPC) grant attempted with an MSA (Microsoft personal) account.
+ ROPC does not support MSA accounts.
+ See https://aka.ms/msal-net-ropc for details.
+
+
+
+
+ Federation Metadata URL is missing for federated user.
+
+
+
+
+ Parsing WS Metadata Exchange Failed.
+
+
+
+
+ WS-Trust Endpoint Not Found in Metadata Document.
+
+
+
+
+ You can get this error when using
+ In the case of a Federated user (that is owned by a federated IdP, as opposed to a managed user owned in an Azure AD tenant)
+ ID3242: The security token could not be authenticated or authorized.
+ The user does not exist or has entered the wrong password
+
+
+
+
+ What happens
+ You can get this error when using
+ The user is not recognized as a managed user, or a federated user. Azure AD was not
+ able to identify the IdP that needs to process the user
+ Mitigation
+ Inform the user. the login that the user provided might be incorrect.
+
+
+
+
+ What happens
+ You can get this error when using
+ The user is not known by the IdP
+ Mitigation
+ Inform the user. The login that the user provided might be incorrect (for instance empty)
+
+
+
+
+ Failed to get user name.
+
+
+
+
+ Password is required for managed user.
+ What happens?
+ If can got this error when using
+ and you (or the user) did not provide a password.
+
+
+
+
+ Request is invalid.
+ What happens?
+ This can happen because you are using a token acquisition method which is not compatible with the authority. For instance:
+ you called
+ but you used an authority ending with '/common' or '/consumers' as this requires a tenanted authority or '/organizations'.
+ Mitigation
+ Adjust the authority to the AcquireTokenXX method you use (don't use 'common' or 'consumers' with
+
+
+
+
+
+ Cannot access the user from the OS (UWP)
+ What happens
+ You called , but the domain user
+ name could not be found.
+ Mitigation
+ This might be because you need to add more capabilities to your UWP application in the Package.appxmanifest.
+ See https://aka.ms/msal-net-uwp
+
+
+
+
+ Cannot get the user from the OS (UWP)
+ What happens
+ You called , but the domain user
+ name could not be found.
+ Mitigation
+ This might be because you need to add more capabilities to your UWP application in the Package.appxmanifest.
+ See https://aka.ms/msal-net-uwp
+
+
+
+
+ An error response was returned by the OAuth2 server and it could not be parsed
+
+
+
+
+ What happens?
+ In the context of Device code flow (See https://aka.ms/msal-net-device-code-flow),
+ this error happens when the device code expired before the user signed-in on another device (this is usually after 15 mins).
+ Mitigation
+ None. Inform the user that they took too long to sign-in at the provided URL and enter the provided code.
+
+
+
+
+ Integrated Windows Auth is only supported for "federated" users
+
+
+
+
+ On Android, you need to call AcquireTokenInteractiveParameterBuilder.WithParentActivityOrWindow(object) passing
+ the activity. See https://aka.ms/msal-interactive-android
+
+
+
+
+ Broker response hash did not match
+
+
+
+
+ Broker response returned an error
+
+
+
+
+ Broker response nonce does not match the request nonce sent by MSAL.NET for iOS broker >= v6.3.19
+
+
+
+
+ MSAL is not able to invoke the broker. Possible reasons are the broker is not installed on the user's device,
+ or there were issues with the UiParent or CallerViewController being null. See https://aka.ms/msal-brokers
+
+
+
+
+ MSAL is not able to find a suitable account to use with broker
+
+
+
+
+ MSAL cannot find the broker application to authenticate accounts.
+
+
+
+
+ Null intent was returned so broker activity cannot be launched
+
+
+
+
+ Failed to validate android broker signature
+
+
+
+
+ Failed To Complete Android Broker Operation
+
+
+
+
+ Unable to query the Android account manager because no username or home account ID is provided in the silent authentication request.
+
+
+
+
+ Error code used when the HTTP response returns HttpStatusCode.NotFound
+
+
+
+
+ ErrorCode used when the HTTP response returns something different from 200 (OK)
+
+
+ HttpStatusCode.NotFound have a specific error code.
+
+
+
+
+ Error code used when the has returned a URI, but it is invalid - it is either null or has no code.
+ Consider throwing an exception if you are unable to intercept the URI containing the code.
+
+
+
+
+ Error code used when the CustomWebUI has returned a URI, but it does not match the Authority and AbsolutePath of
+ the configured redirect URI.
+
+
+
+
+ Access denied.
+
+
+
+
+ Cannot Access User Information or the user is not a user domain.
+ What happens?
+ You tried to use
+ but the user is not a domain user (the machine is not domain or AAD joined)
+
+
+
+
+ RedirectUri validation failed.
+
+
+
+
+ No Redirect URI.
+ What happens?
+ You need to provide a Reply URI / Redirect URI, but have not called
+
+
+
+
+ Multiple Tokens were matched.
+ What happens?This exception happens in the case of applications managing several identities,
+ when calling
+ or one of its overrides and the user token cache contains multiple tokens for this client application and the specified Account, but from different authorities.
+ Mitigation [App Development]specify the authority to use in the acquire token operation
+
+
+
+
+ Non HTTPS redirects are not supported
+ What happens?This error happens when you have registered a non-HTTPS redirect URI for the
+ public client application other than urn:ietf:wg:oauth:2.0:oob
+ Mitigation [App registration and development]Register in the application a Reply URL starting with "https://"
+
+
+
+
+ The request could not be preformed because the network is down.
+ Mitigation [App development] In the application you could either inform the user that there are network issues
+ or retry later
+
+
+
+
+ The B2C authority host is not the same as the one used when creating the client application.
+
+
+
+
+ Duplicate query parameter was found in extraQueryParameters.
+ What happens? You have used extraQueryParameter of overrides
+ of token acquisition operations in public client and confidential client application and are passing a parameter which is already present in the
+ URL (either because you had it in another way, or the library added it).
+ Mitigation [App Development] RemoveAccount the duplicate parameter from the token acquisition override.
+
+
+
+
+ The request could not be performed because of a failure in the UI flow.
+ What happens?The library failed to invoke the Web View required to perform interactive authentication.
+ The exception might include the reason
+ MitigationIf the exception includes the reason, you could inform the user. This might be, for instance, a browser
+ implementing chrome tabs is missing on the Android phone (that's only an example: this exception can apply to other
+ platforms as well)
+
+
+
+
+ Authentication canceled.
+ What happens?The user had canceled the authentication, for instance by closing the authentication dialog
+ MitigationNone, you cannot get a token to call the protected API. You might want to inform the user
+
+
+
+
+ JSON parsing failed.
+ What happens?A JSON blob read from the token cache or received from the STS was not parseable.
+ This can happen when reading the token cache, or receiving an IDToken from the STS.
+ MitigationMake sure that the token cache was not tampered
+
+
+
+
+ JWT was invalid.
+ What happens?The library expected a JWT (for instance a token from the cache, or received from the STS), but
+ the format is invalid
+ MitigationMake sure that the token cache was not tampered
+
+
+
+
+ State returned from the STS was different from the one sent by the library
+ What happens?The library sends to the STS a state associated to a request, and expects the reply to be consistent.
+ This errors indicates that the reply is not associated with the request. This could indicate an attempt to replay a response
+ Mitigation None
+
+
+
+
+ Tenant discovery failed.
+ What happens?While reading the OpenId configuration associated with the authority, the Authorize endpoint,
+ or Token endpoint, or the Issuer was not found
+ MitigationThis indicates and authority which is not Open ID Connect compliant. Specify a different authority
+ in the constructor of the application, or the token acquisition override
+ ///
+
+
+
+ The library is loaded on a platform which is not supported.
+
+
+
+
+ An authorization Uri has been intercepted, but it cannot be parsed. See the log for more details.
+
+
+
+
+ What happens?The current redirect URL is not a loopback URL.
+ Mitigation To use the OS browser, a loopback URL, with or without a port, must be configured both during app registration and when initializing the IPublicClientApplication object. See https://aka.ms/msal-net-os-browser for details.
+
+
+
+
+ What happens?MSAL has intercepted a Uri possibly containing an authorization code, but it does not match
+ the configured redirect URL.
+ MitigationIf you are using an ICustomWebUi implementation, make sure the
+ redirect URL matches the URL containing the auth code. If you are not using an ICustomWebUI,
+ this could be a man-in-the middle attack.
+
+
+
+
+ What happens?MSAL tried to open the browser on Linux using the xdg-open tool, but failed.
+ MitigationMake sure you can open a page using xdg-open tool. See https://aka.ms/msal-net-os-browser for details.
+
+
+
+
+ The selected webview is not available on this platform. You can switch to a different webview using . See https://aka.ms/msal-net-os-browser for details
+
+
+
+
+ What happens?You configured MSAL interactive authentication to use an embedded webview and you also configured .
+ These are mutually exclusive.
+ MitigationEither set to true or do not use
+
+
+
+
+
+ What happens?You configured MSAL confidential client authentication with more than one authentication type (Certificate, Secret, Client Assertion)
+
+
+
+
+ What happens?You configured MSAL confidential client authentication without an authentication type (Certificate, Secret, Client Assertion)
+ MitigationEither call ConfidentialClientApplicationBuilder.WithClientSecret, ConfidentialClientApplicationBuilder.WithCertificate, ConfidentialClientApplicationBuilder.WithClientAssertion
+
+
+
+
+ Issue can be resolved by user interaction during the interactive authentication flow.
+ See https://aka.ms/msal-net-UiRequiredException for details
+
+
+
+
+ Issue can be resolved by additional remedial interaction with the system, outside of the interactive authentication flow.
+ Interactive authentication is still required to inform the user of what is needed. Calling application may choose to hide flows that require additional_action if the user is unlikely to complete the remedial action.
+ Example:
+
+
+
+
+ Issue cannot be resolved at this time. Launching interactive authentication flow will show a message explaining the condition.
+
+
+
+
+ User's password has expired.
+
+
+
+
+ User consent is missing, or has been revoked.
+
+
+
+
+ Internal to MSALs. Indicates that no further silent calls should be made with this refresh token.
+
+
+
+
+ Internal to MSALs. Indicates that no further silent calls should be made with this refresh token.
+
+
+
+
+ Internal to MSALs. Needed in ios/android to complete the end-to-end true MAM flow. This suberror code is re-mapped to a different top level error code (IntuneAppProtectionPoliciesRequired), and not InteractionRequired
+
+
+
+
+ Internal to MSALs. Used in scenarios where an application is using family refresh token even though it is not part of FOCI (or vice versa). Needed to handle cases where app changes FOCI membership after being shipped. This is handled internally and doesn't need to be exposed to the calling app. Please see FOCI design document for more details.
+
+
+
+
+ Internal to MSALs. Indicates that device should be re-registered.
+
+
+
+
+ AAD service error indicating that the configured authority does not exist
+
+
+
+
+ What happens?You have configured your own instance metadata, but the json provided seems to be invalid.
+ MitigationSee https://aka.ms/msal-net-custom-instance-metadata for an example of a valid json that can be used.
+
+
+
+
+ What happens?You have configured your own instance metadata, and have also set validate authority to true. These are mutually exclusive.
+ MitigationSet the validate authority flag to false. See https://aka.ms/msal-net-custom-instance-metadata for more details.
+
+
+
+
+ What happens?You haven't set a client ID.
+ MitigationUse the application ID (a GUID) from the application portal as client ID in this SDK
+
+
+
+
+ What happens?You've specified a client ID that is not a
+ MitigationUse the application ID (a GUID) from the application portal as client ID in this SDK
+
+
+
+
+ What happens?You have configured both a telemetry callback and a telemetry config.
+ MitigationOnly one telemetry mechanism can be configured.
+
+
+
+
+ Azure AD service error indicating a configuration issue.
+ MitigationSee error message for details, then take corrective action in the app registration portal
+ See https://aka.ms/msal-net-invalid-client for details.
+
+
+
+
+ What happens?You have configured MSAL to request SSH certificates from AAD, and you are trying to format an HTTP authentication header.
+ MitigationSSH certificates should not used as Bearer tokens. Developers are responsible for sending the certificates to the target machines.
+
+
+
+
+ What happens?Windows Authentication Broker, which handles the interaction between the user and AAD, has failed.
+ MitigationSee the error message for more details.
+
+
+
+
+ What happens?You asked for one type of token, but did not receive it.
+ MitigationThis happens if the Identity Provider (AAD, B2C, ADFS etc.) does not support / implement the requested token type. In case of ADFS, consider upgrading to the latest version.
+
+
+
+
+ What happens?You are trying to use a feature which was marked as experimental
+ MitigationWhen creating the PublicClientApplication or ConfidentialClientApplication, use .WithExperimentalFeatures() option. See https://aka.ms/msal-net-experimental-features for details.
+
+
+
+
+ What happens?A broker application is required, but one could not be found or communicated with.
+ MitigationInstall a broker application, such as Authenticator, from the application store
+
+
+
+
+ What happens?You are trying to authenticate with the broker but MSAL is unable to read the response from the broker.
+ MitigationThe currently installed broker may not support MSAL.Xamarin, you need to ensure that you have installed either Intune Company Portal (5.0.4689.0 or greater) or Microsoft Authenticator (6.2001.0140 or greater). see https://aka.ms/Brokered-Authentication-for-Android"
+
+
+
+
+ What happens?You have configured a claims request, but the claims string is not in JSON format
+ MitigationEnsure that the claims parameter is valid JSON. Inspect the inner exception for details about JSON parsing.
+
+
+
+
+ What happens?The authority configured at the application level is different than the authority configured at the request level
+ MitigationEnsure the same authority type is used
+
+
+
+
+ What happens?You have configured your own instance metadata using both an Uri and a string. Only one is supported.
+ MitigationCall WithInstanceDiscoveryMetadata only once. See https://aka.ms/msal-net-custom-instance-metadata for more details.
+
+
+
+
+ What happens?No scopes have been requested
+ MitigationAt least one scope must be specified for this authentication flow
+
+
+
+
+ What happens?The certificate provided does not have a private key.
+ MitigationEnsure the certificate has a private key.
+
+
+
+
+ Device certificate not found.
+
+
+
+
+ What happens?The ADAL cache is invalid as it contains multiple refresh token entries for one user.
+ MitigationDelete the ADAL cache. If you do not maintain an ADAL cache, this may be a bug in MSAL.
+
+
+
+
+ Region discovery failed.
+
+
+
+
+ What happens?WithAzureRegion is set to true
+ MitigationRegion discovery cannot be performed for ADFS authority.
+
+
+
+
+ What happens?MSAL cannot use the certificate for signing.
+ MitigationPossible cause: use of CNG certificates with .Net classic 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG)
+ or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion
+
+
+
+
+ When calling AcquireTokenInteractive with the WAM broker, the call must be made from the UI thread.
+
+
+
+
+ The Windows broker (WAM) is only supported in conjunction with "work and school" accounts
+ and with Microsoft accounts.
+
+
+
+
+ WAM service exception that can occur when calling AcquireTokenInteractive
+
+
+
+
+ WAM service exception that can occur when calling AcquireTokenInteractive and the account picker
+ pops up
+
+
+
+
+ What happens?The embedded browser cannot be started because a runtime component is missing.
+ Mitigation"The embedded browser needs WebView2 runtime to be installed. An end user of the app can download and install the WebView2 runtime from https://go.microsoft.com/fwlink/p/?LinkId=2124703 and restart the app.
+ or the app developer can install the WebView2 runtime https://docs.microsoft.com/en-us/microsoft-edge/webview2/concepts/distribution
+
+
+
+
+ What happens?You configured both Regional Authority and Authority Validation. Authority validation is not currently supported for regional authorities.
+ MitigationSet the validateAuthority flag to false to use Azure Regional authority. Do not disable authority validation if you read the authority from an untrusted source,
+ for example from the WWWAuthenticate header of an HTTP request that resulted in a 401 response.
+
+
+
+
+ The active directory authentication error message.
+
+
+
+
+ Base exception type thrown when an error occurs during token acquisition.
+ For more details, see https://aka.ms/msal-net-exceptions
+
+ Avoid throwing this exception. Instead throw the more specialized
+ or
+
+
+
+
+ Initializes a new instance of the exception class.
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code.
+
+
+ The error code returned by the service or generated by the client. This is the code you can rely on
+ for exception handling.
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code and error message.
+
+
+ The error code returned by the service or generated by the client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code and a reference to the inner exception that is the cause of
+ this exception.
+
+
+ The error code returned by the service or generated by the client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+
+ The exception that is the cause of the current exception, or a null reference if no inner
+ exception is specified.
+
+
+
+
+ Gets the protocol error code returned by the service or generated by the client. This is the code you can rely on for
+ exception handling. Values for this code are typically provided in constant strings in the derived exceptions types
+ with explanations of mitigation.
+
+
+
+
+ Creates and returns a string representation of the current exception.
+
+ A string representation of the current exception.
+
+
+
+ Allows serialization of most values of the exception into JSON.
+
+
+
+
+
+ Allows re-hydration of the MsalException (or one of its derived types) from JSON generated by ToJsonString().
+
+
+
+
+
+
+ Exception type thrown when service returns an error response or other networking errors occur.
+ For more details, see https://aka.ms/msal-net-exceptions
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and a reference to the inner exception that is the cause of
+ this exception.
+
+
+ The protocol error code returned by the service or generated by client. This is the code you
+ can rely on for exception handling.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and a reference to the inner exception that is the cause of
+ this exception.
+
+
+ The protocol error code returned by the service or generated by the client. This is the code you
+ can rely on for exception handling.
+
+ The error message that explains the reason for the exception.
+ Status code of the resposne received from the service.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and a reference to the inner exception that is the cause of
+ this exception.
+
+
+ The protocol error code returned by the service or generated by the client. This is the code you
+ can rely on for exception handling.
+
+ The error message that explains the reason for the exception.
+
+ The exception that is the cause of the current exception, or a null reference if no inner
+ exception is specified.
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and a reference to the inner exception that is the cause of
+ this exception.
+
+
+ The protocol error code returned by the service or generated by the client. This is the code you
+ can rely on for exception handling.
+
+ The error message that explains the reason for the exception.
+ HTTP status code of the resposne received from the service.
+
+ The exception that is the cause of the current exception, or a null reference if no inner
+ exception is specified.
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and a reference to the inner exception that is the cause of
+ this exception.
+
+
+ The protocol error code returned by the service or generated by the client. This is the code you
+ can rely on for exception handling.
+
+ The error message that explains the reason for the exception.
+ The status code of the request.
+ The claims challenge returned back from the service.
+
+ The exception that is the cause of the current exception, or a null reference if no inner
+ exception is specified.
+
+
+
+
+ Gets the status code returned from HTTP layer. This status code is either the HttpStatusCode in the inner
+ response or the NavigateError Event Status Code in a browser based flow (See
+ http://msdn.microsoft.com/en-us/library/bb268233(v=vs.85).aspx).
+ You can use this code for purposes such as implementing retry logic or error investigation.
+
+
+
+
+ Additional claims requested by the service. When this property is not null or empty, this means that the service requires the user to
+ provide additional claims, such as doing two factor authentication. The are two cases:
+
+
+ If your application is a , you should just call
+ and add the modifier.
+
+ >If your application is a , (therefore doing the On-Behalf-Of flow), you should throw an HTTP unauthorize
+ exception with a message containing the claims
+
+ For more details see https://aka.ms/msal-net-claim-challenge
+
+
+
+
+ Raw response body received from the server.
+
+
+
+
+ Contains the HTTP headers from the server response that indicated an error.
+
+
+ When the server returns a 429 Too Many Requests error, a Retry-After should be set. It is important to read and respect the
+ time specified in the Retry-After header to avoid a retry storm.
+
+
+
+
+ An ID that can used to piece up a single authentication flow.
+
+
+
+
+ The suberror should not be exposed for public consumption yet, as STS needs to do some work first.
+
+
+
+
+ As per discussion with Evo, AAD
+
+
+
+
+ Creates and returns a string representation of the current exception.
+
+ A string representation of the current exception.
+
+
+
+ Exception type thrown when MSAL detects that an application is trying to acquire a token too often, as a result of:
+ - A previous request resulted in an HTTP response containing a Retry-After header which was not followed.
+ - A previous request resulted in an HTTP 429 or 5xx, which indicates a problem with the server.
+
+ The properties of this exception are identical to the original exception
+
+ For more details see https://aka.ms/msal-net-throttling
+
+
+
+
+ Constructor
+
+
+
+
+ The original service exception that triggered the throttling.
+
+
+
+
+ Exception type thrown when MSAL detects that an application is trying to acquire a token even
+ though an was recently thrown.
+ To mitigate this, when a is encountered,
+ the application should switch to acquiring a token interactively. To better understand
+ why the was thrown, inspect the
+ property.
+
+ The properties of this exception are identical to the original exception
+
+ For more details see https://aka.ms/msal-net-throttling
+
+
+
+
+ Constructor
+
+
+
+
+ The original exception that triggered the throttling.
+
+
+
+
+ This exception class is to inform developers that UI interaction is required for authentication to
+ succeed. It's thrown when calling or one
+ of its overrides, and when the token does not exists in the cache, or the user needs to provide more content, or perform multiple factor authentication based
+ on Azure AD policies, etc..
+ For more details, see https://aka.ms/msal-net-exceptions
+
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code and error message.
+
+
+ The error code returned by the service or generated by the client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and inner exception indicating the root cause.
+
+
+ The error code returned by the service or generated by the client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+ Represents the root cause of the exception.
+
+
+
+ Initializes a new instance of the exception class with a specified
+ error code, error message and inner exception indicating the root cause.
+
+
+ The error code returned by the service or generated by the client. This is the code you can rely on
+ for exception handling.
+
+ The error message that explains the reason for the exception.
+ Represents the root cause of the exception.
+ A higher level description for this exception, that allows handling code to
+ understand what type of action it needs to take to resolve the issue.
+
+
+
+ Classification of the conditional access error, enabling you to do more actions or inform the user depending on your scenario.
+ See https://aka.ms/msal-net-UiRequiredException for more details.
+
+
+
+
+ Optional field, FOCI support.
+
+
+
+
+ This method does not belong here - it is more tied to the Android code. However, that code is
+ not unit testable, and this one is.
+ The values of the JSON response are based on
+ https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/dev/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerResult.java
+
+
+
+
+ Responsible for talking to all the Identity provider endpoints:
+ - instance discovery
+ - endpoint metadata
+ - mex
+ - /token endpoint via TokenClient
+ - device code endpoint
+
+
+
+
+ Do not expose these in the MsalException because Evo does not guarantee that the error
+ codes remain the same.
+
+
+
+
+ OAuth2 errors that are only used internally. All error codes used when propagating exceptions should
+ be made public.
+
+
+
+
+ Default timespan that blocks an application, if HTTP 429 and HTTP 5xx was received and Retry-After HTTP header was NOT returned by AAD.
+
+
+
+
+ Exposed only for testing purposes
+
+
+
+
+ For test purposes, so that the static state can be reset
+
+
+
+
+ The Retry-After provider observes all service exceptions from all flows and looks for a header like: RetryAfter X seconds.
+ It then enforces this header, by throttling for X seconds.
+
+
+
+
+ Throttling is the action through which MSAL blocks applications from making repeated
+ bad requests to the server. This works by MSAL detecting certain conditions when the server
+ returns an error. If a similar request is then issued under the same condition, the same
+ server error is returned by MSAL, without contacting the server.
+
+ Throttling occurs in the following conditions:
+
+ After receiving an RetryAfter header
+ After receiving 429, 5xx HTTP status.
+
+ This class manages the throttling providers and is itself a provider
+
+
+ Client Throttling spec https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1624
+
+
+
+
+
+ The strict thumbprint is based on:
+ ClientId
+ Authority
+ Resource
+ Scope
+ Account
+
+
+
+
+ To prevent the cache from becoming too large, purge expired entries every X seconds
+
+
+
+
+ Default number of seconds that application returns the cached response, in case of UI required requests.
+
+
+
+
+ Exposed only for testing purposes
+
+
+
+
+ MsalUiRequiredException is thrown from AcquireTokenSilent, based on certain error codes from the server
+ when contacting the token endpoint.
+ Currently, throttling will only apply to public client applications at first.
+
+
+
+
+ The strict thumbprint is based on:
+ ClientId
+ Authority (env + tenant)
+ Scopes
+ hash(RT) or UPN for IWA (not supported)
+
+
+
+
+ Responsible for talking to the /token endpoint
+
+
+
+
+ Used to avoid sending duplicate "last request" telemetry
+ from a multi-threaded environment
+
+
+
+
+ A client side library needs to communicate to the server side that
+ it has implemented enforcement of HTTP 429 and Retry-After header.
+ Because if the server-side detects loops, then it can break the loop by sending
+ either HTTP 429 or Retry-After header with a different HTTP status.
+ Right now, the server side breaks the loops by invalid_grant response,
+ which breaks protocol under some condition and also causes unexplained prompt.
+
+
+
+
+ Extension methods
+
+
+
+
+ Returns true if MSAL can use a system browser.
+
+
+ On Windows, Mac and Linux a system browser can always be used, except in cases where there is no UI, e.g. SSH connection.
+ On Android, the browser must support tabs.
+
+
+
+
+ Returns true if MSAL can use an embedded webview (browser).
+
+
+ Currently there are no embedded webviews on Mac and Linux. On Windows, app developers or users should install
+ the WebView2 runtime and this property will inform if the runtime is available, see https://aka.ms/msal-net-webview2
+
+
+
+
+ Returns false when the program runs in headless OS, for example when SSH-ed into a Linux machine.
+ Browsers (webviews) and brokers cannot be used if there is no UI support.
+ Instead, please use
+ or
+
+
+
+
+ Returns the certificate used to create this , if any.
+
+
+
+
+ Returns the platform / os specific implementation of a PlatformProxy.
+
+
+
+
+ Gets the platform proxy, which can be used to perform platform specific operations
+
+
+
+
+ Common operations for extracting platform / operating system specifics.
+ Scope: per app
+
+
+
+
+ Gets the device model. On some TFMs this is not returned for security reasonons.
+
+ device model or null
+
+
+
+ Gets the upn of the user currently logged into the OS
+
+
+
+
+
+ Returns the name of the calling assembly
+
+
+
+
+
+ Returns the version of the calling assembly
+
+
+
+
+
+ Returns a device identifier. Varies by platform.
+
+
+
+
+
+ Gets the default redirect uri for the platform, which sometimes includes the clientId
+
+
+
+
+ Go to a Url using the OS default browser.
+
+
+
+
+ Most brokers take care of both silent auth and interactive auth, however some (iOS)
+ does not support silent auth and gives the RT back to MSAL.
+
+
+
+
+
+ WAM broker has a deeper integration into MSAL because MSAL needs to store
+ WAM account IDs in the token cache.
+
+
+
+
+ Provides a high level token cache serialization solution that is similar to the one offered to MSAL customers.
+ Platforms should try to implement if possible, as it provides more granular
+ access.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Constructs a bypass response to the PKeyAuth challenge on platforms where the challenge cannot be completed.
+
+
+
+
+ Constructs a bypass response to the PKeyAuth challenge on platforms where the challenge cannot be completed.
+
+
+
+
+ Keeps the token cache dictionaries in memory. Token Cache extensions
+ are responsible for persistance.
+
+
+
+
+ Used for platforms that do not implement PKeyAuth.
+
+
+
+
+ A simple implementation of the HttpClient factory that uses a managed HttpClientHandler
+
+
+ This implementation is not suitable for high-scale applications / confidential client scenarios
+ because a static HttpClient might run into DNS issues (and creating new HttpClients leads to a port exhaustion issue).
+ Mobile platforms should use HttpClientHandlers that are platform specific.
+ .NET Core should use the IHttpClientFactory, but MSAL cannot take a dependency on it as it has too many dependencies itself.
+
+
+
+
+ Attribute that will be picked up by the Xamarin Linker, as a hint for the linker to not remove the type.
+ Needs to be added to types that get created by reflection, e.g. JSON serialization types
+
+ It's important to not change the name and the 2 fields of this class. The linker looks for these.
+
+
+
+ Structure containing static members that you can use to specify how the interactive overrides
+ of AcquireTokenAsync in should prompt the user.
+
+
+
+
+ AcquireToken will send prompt=select_account to the authorization server's authorize endpoint.
+ which would present to the user a list of accounts from which one can be selected for
+ authentication.
+
+
+ This is the default prompt for backwards compatibility reasons. Please use for the best user experience.
+
+
+
+
+ The user will be prompted for credentials by the service. It is achieved
+ by sending prompt=login to the authorize endpoint.
+
+
+
+
+ The user will be prompted to consent, even if consent was granted before. It is achieved
+ by sending prompt=consent to the authorization server's authorize endpoint.
+
+
+
+
+ Let the identity service decide on the best user experience, based on browser cookies and
+ on the login hint, which can be specified using WithAccount() or WithLoginHint()
+
+ This is the recommended prompt
+
+
+
+ AcquireToken will send prompt=create to the authorization server's authorize endpoint
+ which would trigger a sign-up experience, used for External Identities.
+
+ More details at https://aka.ms/msal-net-prompt-create.
+
+
+
+ Only available on .NET platform. AcquireToken will send prompt=attempt_none to
+ the authorization server's authorize endpoint and the library will use a hidden WebView (and its cookies) to authenticate the user.
+ This can fail, and in that case a will be thrown.
+
+
+
+
+ Equals method override to compare Prompt structs
+
+ object to compare against
+ true if object are equal.
+
+
+
+ Override to compute hash code
+
+ hash code of the PromptValue
+
+
+
+ Operator overload to check equality
+
+ first value
+ second value
+ true if the objects are equal
+
+
+
+ Operator overload to check inequality
+
+ first value
+ second value
+ true if the objects are not equal
+
+
+
+ This callback is for the raw telemetry events (app, HTTP, cache) that we want to aggregate using MATS.
+
+
+
+
+
+ Responsible for recording API events and formatting CSV
+ with telemetry.
+
+
+ Not fully thread safe - it is possible that multiple threads request
+ the "previous requests" data at the same time. It is the responsibility of
+ the caller to protect against this.
+
+
+
+
+ CSV expected format:
+ 3|silent_successful_count|failed_requests|errors|platform_fields
+ failed_request is: api_id_1,correlation_id_1,api_id_2,correlation_id_2|error_1,error_2
+ platform_fields: region_1,region_source_1,region_2,region_source_2
+
+
+
+
+ Expected format: 3|api_id,cache_info|platform_config
+ platform_config: region,region_source,is_token_cache_serialized,user_provided_region,validate_use_region,fallback_to_global,is_legacy_cache_enabled
+
+
+
+
+ Controls the HTTP telemetry that MSAL sends to AAD
+ via HTTP headers when contacting the /token endpoint.
+
+
+ - It is assumed that one manager is created for each application and shared between requests
+ - Implementer must be thread safe, since one app can fire multiple requests
+
+
+
+
+ Record a stopped event
+
+
+
+
+ Csv string with details about the current header (api used, force refresh flag)
+
+
+
+
+ Csv string with details about the previous failed requests made: api, correlation id, error
+
+
+ If AAD returns OK or a normal error (e.g. interaction required), then telemetry is recorded.
+ If AAD returns a 5xx or 429 HTTP error (i.e. AAD is down), then telemetry has not been recorded and MSAL
+ will continue to hold on to this data until a successful request is made
+
+
+
+
+ Resets the state of failed requests. See for more details
+
+
+
+
+ Returns true if the actions are the same, either are ready for upload, and either is not aggregable.
+ This is used to determine whether or not we should aggregate this particular property bag of event data.
+
+
+
+
+
+
+
+ GUID included in request header
+
+
+
+
+ Floating-point value with a unit of milliseconds indicating the
+ refresh token age
+
+
+
+
+ Indicates whether the request was executed on a ring serving SPE traffic.
+ An empty string indicates this occurred on an outer ring, and the string "I"
+ indicates the request occurred on the inner ring
+
+
+
+
+ Error code sent by ESTS
+
+
+
+
+ Error code which gives more detailed information about server error code
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Monotonically increasing integer specifying
+ x-ms-cliteleminfo header version
+
+
+
+
+ Bundle id for server error.
+
+
+
+
+ Bundle id for server suberror.
+
+
+
+
+ Bundle id for refresh token age.
+ Floating-point value with a unit of milliseconds
+
+
+
+
+ Bundle id for spe_ring info. Indicates whether the request was executed
+ on a ring serving SPE traffic. An empty string indicates this occurred on
+ an outer ring, and the string "I" indicates the request occurred on the
+ inner ring
+
+
+
+
+ Specifies the source of the access and Id tokens in the authentication result.
+
+
+
+
+ The source of the access and Id token is Identity Provider - Azure Active Directory (AAD), ADFS or AAD B2C.
+
+
+
+
+ The source of access and Id token is MSAL's cache.
+
+
+
+
+ The source of the access and Id token is a broker application - Authenticator or Company Portal. Brokers are supported only on Android and iOS.
+
+
+
+
+ Details about the cause of an , giving a hint about what the user can expect when
+ they go through interactive authentication. See https://aka.ms/msal-net-UiRequiredException for details.
+
+
+
+
+ No further details are provided. It is possible that the user will be able to resolve the issue by launching interactive authentication.
+ See https://aka.ms/msal-net-UiRequiredException for details
+
+ This is also the classification when no account or valid login hint is passed to AcquireTokenSilent
+
+
+
+ Issue cannot be resolved at this time. Launching interactive authentication flow will show a message explaining the condition.
+ See https://aka.ms/msal-net-UiRequiredException for details
+
+
+
+
+ Issue can be resolved by user interaction during the interactive authentication flow.
+ See https://aka.ms/msal-net-UiRequiredException for details
+
+
+
+
+ Issue can be resolved by additional remedial interaction with the system, outside of the interactive authentication flow.
+ Starting an interactive authentication flow will show the user what they need to do, but it is possible that the user is unable to complete the action.
+ See https://aka.ms/msal-net-UiRequiredException for details
+
+
+
+
+ User consent is missing, or has been revoked. Issue can be resolved by user consenting during the interactive authentication flow.
+ See https://aka.ms/msal-net-UiRequiredException for details
+
+
+
+
+ User's password has expired. Issue can be resolved by user during the interactive authentication flow.
+ See https://aka.ms/msal-net-UiRequiredException for details.
+
+
+
+
+ was used with Prompt.Never value,
+ however this could not be honored by the server. Please use a different prompt behavior, such as
+ See https://aka.ms/msal-net-UiRequiredException for details.
+
+
+
+
+ An AcquireTokenSilent call failed. This is usually part of the pattern
+ of calling AcquireTokenSilent for getting a token from the cache, followed by an a different
+ AcquireToken call for getting a token from AAD. See the error message for details.
+ See https://aka.ms/msal-net-UiRequiredException for details.
+
+
+
+
+ A string that is added to each Authorization Request and is expected to be sent back along with the
+ authorization code. MSAL is responsible for validating that the state sent is identical to the state received.
+
+
+ This is in addition to PKCE, which is validated by the server to ensure that the system redeeming the auth code
+ is the same as the system who asked for it. It protects against XSRF https://openid.net/specs/openid-connect-core-1_0.html
+
+
+
+
+
+
+
+
+
+
+ Extra validations on the redirect uri, for example system web views cannot work with the urn:oob... uri because
+ there is no way of knowing which app to get back to.
+ WebUIs can update the uri, for example use http://localhost:1234 instead of http://localhost
+ Throws if uri is invalid
+
+
+
+
+
+
+
+ Constructor from a JWT assertion. For other assertion types (SAML), use the other constructor
+
+ JWT bearer token used to access the Web application itself
+
+
+
+ Constructor of a UserAssertion specifying the assertionType in addition to the assertion
+
+ Assertion representing the user.
+ Type of the assertion representing the user. Accepted types are currently:
+
+ urn:ietf:params:oauth:grant-type:jwt-bearerJWT bearer token. Passing this is equivalent to using
+ the other (simpler) constructor
+ urn:ietf:params:oauth:grant-type:saml1_1-bearerSAML 1.1 bearer token
+ urn:ietf:params:oauth:grant-type:jwt-bearerSAML 2 bearer token
+
+
+
+
+ Gets the assertion.
+
+
+
+
+ Gets the assertion type.
+
+
+
+
+ Provides functionality to automatically try the given piece of logic some number of times before re-throwing the exception.
+ This is useful for any piece of code which may experience transient failures. Be cautious of passing code with two distinct
+ actions given that if the second or subsequent piece of logic fails, the first will also be retried upon each retry.
+
+
+ Copied from https://github.com/microsoft/RetryOperationHelper/blob/master/RetryOperationHelper/RetryOperationHelper.cs
+
+
+
+ Executes asynchronous function with retry logic.
+ The asynchronous function to be executed.
+ The maximum number of attempts.
+ Timespan to wait between attempts of the operation
+ The callback executed when an attempt is failed.
+ Allowed exceptions
+ The result type.
+ The producing the result.
+
+
+ Executes asynchronous function with retry logic.
+ The asynchronous function to be executed.
+ The maximum number of attempts.
+ Timespan to wait between attempts of the operation
+ The retry handler.
+
+ The producing the result.
+
+
+
+ Create an array of bytes representing the UTF-8 encoding of the given string.
+
+ String to get UTF-8 bytes for
+ Array of UTF-8 character bytes
+
+
+
+ Culture aware String.Replace
+
+
+
+
+ Culture aware Contains
+
+
+
+
+ Gets the currently logged in user. Works for Windows when user is AD or AAD joined. Throws otherwise if cannot be found.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Based on https://github.com/NimaAra/Easy.Common/blob/master/Easy.Common/RestClient.cs and
+ the associated blog post https://nima-ara-blog.azurewebsites.net/beware-of-the-net-httpclient/
+
+
+
+
+ Based on https://github.com/NimaAra/Easy.Common/blob/master/Easy.Common/RestClient.cs
+
+
+
+
+ Padding modes
+
+
+
+
+ No padding
+
+
+
+
+ PKCS #1 padding
+
+
+
+
+ Optimal Asymmetric Encryption Padding
+
+
+
+
+ Probabilistic Signature Scheme padding
+
+
+
+
+ Native wrappers for bcrypt CNG APIs.
+
+ The general pattern for this interop layer is that the BCryptNative type exports a wrapper method
+ for consumers of the interop methods. This wrapper method puts a managed face on the raw
+ P/Invokes, by translating from native structures to managed types and converting from error
+ codes to exceptions.
+
+
+
+
+ Well known algorithm names
+
+
+
+
+ Flags for BCryptOpenAlgorithmProvider
+
+
+
+
+ Flags for use with the BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure
+
+
+
+
+ Well known chaining modes
+
+
+
+
+ Result codes from BCrypt APIs
+
+
+
+
+ Magic numbers for different key blobs
+
+
+
+
+ Well known key blob tyes
+
+
+
+
+ BCrypt parameter types (used in parameter lists)
+
+
+
+
+ Well known BCrypt provider names
+
+
+
+
+ SafeHandle for a native BCRYPT_ALG_HANDLE
+
+
+
+
+ SafeHandle for a BCRYPT_HASH_HANDLE.
+
+
+
+
+ SafeHandle for a native BCRYPT_KEY_HANDLE.
+
+
+
+
+ Gets the algorithm or key storage provider being used for the implementation of the CNG
+ algorithm.
+
+
+
+
+ Interface for asymmetric algorithms implemented over the CNG layer of Windows to provide CNG
+ implementation details through.
+
+
+
+
+ Get the CNG key being used by the asymmetric algorithm.
+
+
+ This method requires that the immediate caller have SecurityPermission/UnmanagedCode
+
+
+
+
+ Algorithm classes exposed by NCrypt
+
+
+
+
+ Native wrappers for ncrypt CNG APIs.
+
+ The general pattern for this interop layer is that the NCryptNative type exports a wrapper method
+ for consumers of the interop methods. This wrapper method puts a managed face on the raw
+ P/Invokes, by translating from native structures to managed types and converting from error
+ codes to exceptions.
+
+
+
+
+ Well known key property names
+
+
+
+
+ NCrypt algorithm classes
+
+
+
+
+ Enum for some SECURITY_STATUS return codes
+
+
+
+
+ Adapter to wrap specific NCryptDecrypt P/Invokes with specific padding info
+
+
+
+
+ Adapter to wrap specific NCryptEncrypt P/Invokes with specific padding info
+
+
+
+
+ Adapter to wrap specific NCryptSignHash P/Invokes with a specific padding info
+
+
+
+
+ Generic signature method, wrapped by signature calls for specific padding modes
+
+
+
+
+ Sign a hash, using PKCS1 padding
+
+
+
+
+ Sign a hash, using PSS padding
+
+
+
+
+ Handle for buffers that need to be released with NCryptFreeBuffer
+
+
+
+
+ Helper method to read a structure out of the buffer, treating it as if it were an array of
+ T. This method does not do any validation that the read data is within the buffer itself.
+
+ Esentially, this method treats the safe handle as if it were a native T[], and returns
+ handle[index]. It will add enough padding space such that each T will begin on a
+ pointer-sized location.
+
+ type of structure to read from the buffer
+ 0 based index into the array to read the structure from
+ the value of the structure at the index into the array
+
+
+
+
+ The RSACng class provides a wrapper for the CNG implementation of the RSA algorithm. The
+ interface provided by RSACng is derived from the base type, and not from
+ the class. Consequently, it is not a drop in
+ replacement for existing uses of RSACryptoServiceProvider.
+
+
+ RSACng uses a programming model more similar to the class than
+ RSACryptoServiceProvider. For instance, unlike RSACryptoServiceProvider which has a key
+ directly tied into the operations of the type itself, the key used by RsaCng is managed by a
+ separate object. Additionally, operations such as signing and verifying
+ signatures take their parameters from a set of properties set on the RSACng object, similar to
+ how ECDsaCng uses properties of its object to control the signing and verification operations.
+
+
+ RSACng uses the NCrypt layer of CNG to do its work, and requires Windows Vista and the .NET
+ Framework 3.5.
+
+
+ Example usage:
+
+ // Create an RSA-SHA256 signature using the key stored in "MyKey"
+ byte[] dataToSign = Encoding.UTF8.GetBytes("Data to sign");
+ using (CngKey signingKey = CngKey.Open("MyKey");
+ using (RSACng rsa = new RSACng(signingKey))
+ {
+ rsa.SignatureHashAlgorithm = CngAlgorithm.Sha256;
+ return rsa.SignData(dataToSign);
+ }
+
+
+
+
+
+
+ Create an RSACng algorithm with a random 2048 bit key pair.
+
+
+
+
+ Creates a new RSACng object that will use a randomly generated key of the specified size.
+ Valid key sizes range from 384 to 16384 bits, in increments of 8. It's suggested that a
+ minimum size of 2048 bits be used for all keys.
+
+ size of hte key to generate, in bits
+ if is not valid
+
+
+
+ Creates a new RSACng object that will use the specified key. The key's
+ must be Rsa.
+
+ key to use for RSA operations
+ if is not an RSA key
+ if is null
+
+
+
+ Sets the hash algorithm to use when encrypting or decrypting data using the OAEP padding
+ method. This property is only used if data is encrypted or decrypted and the
+ EncryptionPaddingMode is set to AsymmetricEncryptionPaddingMode.Oaep. The default value is
+ Sha256.
+
+ if EncryptionHashAlgorithm is set to null
+
+
+
+ Sets the padding mode to use when encrypting or decrypting data. The default value is
+ AsymmetricPaddingMode.Oaep.
+
+ if EncryptionPaddingMOde is set to null
+
+
+
+ Gets the key that will be used by the RSA object for any cryptographic operation that it uses.
+ This key object will be disposed if the key is reset, for instance by changing the KeySize
+ property, using ImportParamers to create a new key, or by Disposing of the parent RSA object.
+ Therefore, you should make sure that the key object is no longer used in these scenarios. This
+ object will not be the same object as the CngKey passed to the RSACng constructor if that
+ constructor was used, however it will point at the same CNG key.
+
+
+ SecurityPermission/UnmanagedCode is required to read this property.
+
+
+
+
+ Helper property to get the NCrypt key handle
+
+
+
+
+ Returns "RSA-PKCS1-KeyEx". This property should not be used.
+
+
+
+
+ Key storage provider being used for the algorithm
+
+
+
+
+ Returns "http://www.w3.org/2000/09/xmldsig#rsa-sha1". This property should not be used.
+
+
+
+
+ Gets or sets the hash algorithm to use when signing or verifying data. The default value is
+ Sha256.
+
+ if SignatureHashAlgorithm is set to null
+
+
+
+ Gets or sets the padding mode to use when encrypting or decrypting data. The default value is
+ AsymmetricPaddingMode.Pkcs1.
+
+
+ if SignaturePaddingMode is set to a mode other than Pkcs1 or Pss
+
+
+
+
+ Gets or sets the number of bytes of salt to use when signing data or verifying a signature
+ using the PSS padding mode. This property is only used if data is being signed or verified and
+ the SignaturePaddingMode is set to AsymmetricEncryptionPaddingMode.Pss. The default value is
+ 20 bytes.
+
+
+ if SignatureSaltBytes is set to a negative number
+
+
+
+
+ Dispose implementation
+
+
+
+
+
+ Build a key container permission that should be demanded before using the private key
+
+
+
+
+ Create an object to hash signature data with
+
+
+
+
+ SignData signs the given data after hashing it with the SignatureHashAlgorithm algorithm.
+
+ data to sign
+ if is null
+ if could not be signed
+
+ if SignatureHashAlgorithm is not MD5, SHA-1, SHA-256, SHA-384, or SHA-512
+
+
+ This method will demand KeyContainerPermission if the key being used is not ephemeral.
+
+
+
+
+ SignData signs the given data after hashing it with the SignatureHashAlgorithm algorithm.
+
+ data to sign
+ offset into the data that the signature should begin covering
+ number of bytes to include in the signed data
+ if is null
+
+ if or are negative, or if
+ specifies more bytes than are available in .
+
+ if could not be signed
+
+ if SignatureHashAlgorithm is not MD5, SHA-1, SHA-256, SHA-384, or SHA-512
+
+
+ This method will demand KeyContainerPermission if the key being used is not ephemeral.
+
+
+
+
+ Sign data which was hashed using the SignatureHashAlgorithm; if the algorithm used to hash
+ the data was different, use the SignHash(byte[], CngAlgorithm) overload instead.
+
+ hash to sign
+ if is null
+ if could not be signed
+
+ if SignatureHashAlgorithm is not MD5, SHA-1, SHA-256, SHA-384, or SHA-512
+
+
+ This method will demand KeyContainerPermission if the key being used is not ephemeral.
+
+
+
+
+ Sign already hashed data, specifying the algorithm it was hashed with. This method does not
+ use the SignatureHashAlgorithm property.
+
+ hash to sign
+ algorithm was signed with
+
+ if or are null
+
+ if could not be signed
+
+ This method will demand KeyContainerPermission if the key being used is not ephemeral.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Safe handle base class for safe handles which are associated with an additional data buffer that
+ must be kept alive for the same amount of time as the handle itself.
+
+ This is required rather than having a seperate safe handle own the key data buffer blob so
+ that we can ensure that the key handle is disposed of before the key data buffer is freed.
+
+
+
+
+ Buffer that holds onto the key data object. This data must be allocated with CoAllocTaskMem,
+ or the ReleaseBuffer method must be overriden to match the deallocation function with the
+ allocation function. Once the buffer is assigned into the DataBuffer property, the safe
+ handle owns the buffer and users of this property should not attempt to free the memory.
+
+ This property should be set only once, otherwise the first data buffer will leak.
+
+
+
+
+ Release the buffer associated with the handle
+
+
+
+
+ Release just the native handle associated with the safe handle
+
+
+
+
+
+ SafeHandle for a native HMODULE
+
+
+
+
+ SafeHandle for memory allocated with LocalAlloc
+
+
+
+
+ Flags for the CryptAcquireCertificatePrivateKey API
+
+
+
+
+ Duplicate the certificate context into a safe handle
+
+
+
+
+ Get the private key of a certificate
+
+
+
+
+ Create a using the private key from the given .
+
+ Certificate including private key with which to initialize the with
+ initialized with private key from
+
+
+
+
+ The GetCngPrivateKey method will return a representing the private
+ key of an X.509 certificate which has its private key stored with NCrypt rather than with
+ CAPI. If the key is not stored with NCrypt or if there is no private key available,
+ GetCngPrivateKey returns null.
+
+
+ The HasCngKey method can be used to test if the certificate does have its private key
+ stored with NCrypt.
+
+
+ The X509Certificate that is used to get the key must be kept alive for the lifetime of the
+ CngKey that is returned - otherwise the handle may be cleaned up when the certificate is
+ finalized.
+
+
+ The caller of this method must have SecurityPermission/UnmanagedCode.
+
+
+
+ Get a for the X509 certificate. The caller of this
+ method owns the returned safe handle, and should dispose of it when they no longer need it.
+ This handle can be used independently of the lifetime of the original X509 certificate.
+
+
+ The immediate caller must have SecurityPermission/UnmanagedCode to use this method
+
+
+
+
+ Platform / OS specific logic.
+
+
+
+
+
+
+
+ Get the user logged in to Windows or throws
+
+ Upn or throws
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ An abstraction over objects that are able to listen to localhost url (e.g. http://localhost:1234)
+ and to retrieve the whole url, includiong query params (e.g. http://localhost:1234?code=auth_code_from_aad)
+
+
+
+
+ Listens to http://localhost:{port} and retrieve the entire url, including query params. Then
+ push back a response such as a display message or a redirect.
+
+ Cancellation is very important as this is typically a long running unmonitored operation
+ the port to listen to
+ the path to listen in
+ The message to be displayed, or url to be redirected to will be created by this callback
+ Cancellation token
+ Full redirect uri
+
+
+
+
+
+
+
+ This is how long we allow between completed navigations.
+
+
+
+
+ This is how long all redirect navigations are allowed to run for before a graceful
+ termination of the entire browser based authentication process is attempted.
+
+
+
+
+ Waits on the UI Thread to complete normally for NavigationOverallTimeout.
+ After it attempts shutdown the UI thread graceful followed by aborting
+ the thread if a graceful shutdown is not successful.
+
+
+ Returns true if the UI thread completed on its own before the timeout. Otherwise false.
+
+
+
+ Callers expect the call to show the authentication dialog to be synchronous. This is easy in the
+ interactive case as ShowDialog is a synchronous call. However, ShowDialog will always show
+ the dialog. It can not be hidden. So it can not be used in the silent case. Instead we need
+ to do the equivalent of creating our own modal dialog. We start a new thread, launch an
+ invisible window on that thread. The original calling thread blocks until the secondary
+ UI thread completes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Make sure that the browser control does not surface any of it's own dialogs.
+ For instance bad certificate or javascript error dialogs.
+
+
+
+
+
+
+
+
+ This method must only be called from the UI thread. Since this is the
+ callers opportunity to call dispose on this object. Calling
+ Dispose must be done on the same thread on which this object
+ was constructed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The browser dialog used for user authentication
+
+
+
+
+ Default constructor
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Gets Web Browser control used by the dialog.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Some calls need to be made on the UI thread and this is the central place to check if we have an owner
+ window and if so, ensure we invoke on that proper thread.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Provides a scheduler that uses STA threads.
+
+
+ The STA threads used by the scheduler.
+
+
+ Stores the queued tasks to be executed by our pool of STA threads.
+
+
+ Initializes a new instance of the StaTaskScheduler class with the specified concurrency level.
+ The number of threads that should be created and used by this scheduler.
+
+
+ Gets the maximum concurrency level supported by this scheduler.
+
+
+
+ Cleans up the scheduler by indicating that no more tasks will be queued.
+ This method blocks until all threads successfully shutdown.
+
+
+
+ Queues a Task to be executed by this scheduler.
+ The task to be executed.
+
+
+ Provides a list of the scheduled tasks for the debugger to consume.
+ An enumerable of all tasks currently scheduled.
+
+
+ Determines whether a Task may be inlined.
+ The task to be executed.
+ Whether the task was previously queued.
+ true if the task was successfully inlined; otherwise, false.
+
+
+
+
+
+
+
+ Represents a BSON Oid (object id).
+
+
+
+
+ Gets or sets the value of the Oid.
+
+ The value of the Oid.
+
+
+
+ Initializes a new instance of the class.
+
+ The Oid value.
+
+
+
+ Represents a reader that provides fast, non-cached, forward-only access to serialized BSON data.
+
+
+
+
+ Gets or sets a value indicating whether binary data reading should be compatible with incorrect Json.NET 3.5 written binary.
+
+
+ true if binary data reading will be compatible with incorrect Json.NET 3.5 written binary; otherwise, false.
+
+
+
+
+ Gets or sets a value indicating whether the root object will be read as a JSON array.
+
+
+ true if the root object will be read as a JSON array; otherwise, false.
+
+
+
+
+ Gets or sets the used when reading values from BSON.
+
+ The used when reading values from BSON.
+
+
+
+ Initializes a new instance of the class.
+
+ The containing the BSON data to read.
+
+
+
+ Initializes a new instance of the class.
+
+ The containing the BSON data to read.
+
+
+
+ Initializes a new instance of the class.
+
+ The containing the BSON data to read.
+ if set to true the root object will be read as a JSON array.
+ The used when reading values from BSON.
+
+
+
+ Initializes a new instance of the class.
+
+ The containing the BSON data to read.
+ if set to true the root object will be read as a JSON array.
+ The used when reading values from BSON.
+
+
+
+ Reads the next JSON token from the underlying .
+
+
+ true if the next token was read successfully; false if there are no more tokens to read.
+
+
+
+
+ Changes the reader's state to .
+ If is set to true, the underlying is also closed.
+
+
+
+
+ Represents a writer that provides a fast, non-cached, forward-only way of generating BSON data.
+
+
+
+
+ Gets or sets the used when writing values to BSON.
+ When set to no conversion will occur.
+
+ The used when writing values to BSON.
+
+
+
+ Initializes a new instance of the class.
+
+ The to write to.
+
+
+
+ Initializes a new instance of the class.
+
+ The to write to.
+
+
+
+ Flushes whatever is in the buffer to the underlying and also flushes the underlying stream.
+
+
+
+
+ Writes the end.
+
+ The token.
+
+
+
+ Writes a comment /*...*/ containing the specified text.
+
+ Text to place inside the comment.
+
+
+
+ Writes the start of a constructor with the given name.
+
+ The name of the constructor.
+
+
+
+ Writes raw JSON.
+
+ The raw JSON to write.
+
+
+
+ Writes raw JSON where a value is expected and updates the writer's state.
+
+ The raw JSON to write.
+
+
+
+ Writes the beginning of a JSON array.
+
+
+
+
+ Writes the beginning of a JSON object.
+
+
+
+
+ Writes the property name of a name/value pair on a JSON object.
+
+ The name of the property.
+
+
+
+ Closes this writer.
+ If is set to true, the underlying is also closed.
+ If is set to true, the JSON is auto-completed.
+
+
+
+
+ Writes a value.
+ An error will raised if the value cannot be written as a single JSON token.
+
+ The value to write.
+
+
+
+ Writes a null value.
+
+
+
+
+ Writes an undefined value.
+
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a [] value.
+
+ The [] value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a [] value that represents a BSON object id.
+
+ The Object ID value to write.
+
+
+
+ Writes a BSON regex.
+
+ The regex pattern.
+ The regex options.
+
+
+
+ Specifies how constructors are used when initializing objects during deserialization by the .
+
+
+
+
+ First attempt to use the public default constructor, then fall back to a single parameterized constructor, then to the non-public default constructor.
+
+
+
+
+ Json.NET will use a non-public default constructor before falling back to a parameterized constructor.
+
+
+
+
+ Converts a binary value to and from a base 64 string value.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts a to and from JSON and BSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Creates a custom object.
+
+ The object type to convert.
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Creates an object which will then be populated by the serializer.
+
+ Type of the object.
+ The created object.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Gets a value indicating whether this can write JSON.
+
+
+ true if this can write JSON; otherwise, false.
+
+
+
+
+ Converts a to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified value type.
+
+ Type of the value.
+
+ true if this instance can convert the specified value type; otherwise, false.
+
+
+
+
+ Converts a to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified value type.
+
+ Type of the value.
+
+ true if this instance can convert the specified value type; otherwise, false.
+
+
+
+
+ Provides a base class for converting a to and from JSON.
+
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts a F# discriminated union type to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts an Entity Framework to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts an to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Gets a value indicating whether this can write JSON.
+
+
+ true if this can write JSON; otherwise, false.
+
+
+
+
+ Converts a to and from the ISO 8601 date format (e.g. "2008-04-12T12:53Z").
+
+
+
+
+ Gets or sets the date time styles used when converting a date to and from JSON.
+
+ The date time styles used when converting a date to and from JSON.
+
+
+
+ Gets or sets the date time format used when converting a date to and from JSON.
+
+ The date time format used when converting a date to and from JSON.
+
+
+
+ Gets or sets the culture used when converting a date to and from JSON.
+
+ The culture used when converting a date to and from JSON.
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Converts a to and from a JavaScript Date constructor (e.g. new Date(52231943)).
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing property value of the JSON that is being converted.
+ The calling serializer.
+ The object value.
+
+
+
+ Converts a to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts a to and from JSON and BSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts an to and from its name string value.
+
+
+
+
+ Gets or sets a value indicating whether the written enum text should be camel case.
+ The default value is false.
+
+ true if the written enum text will be camel case; otherwise, false.
+
+
+
+ Gets or sets the naming strategy used to resolve how enum text is written.
+
+ The naming strategy used to resolve how enum text is written.
+
+
+
+ Gets or sets a value indicating whether integer values are allowed when serializing and deserializing.
+ The default value is true.
+
+ true if integers are allowed when serializing and deserializing; otherwise, false.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class.
+
+ true if the written enum text will be camel case; otherwise, false.
+
+
+
+ Initializes a new instance of the class.
+
+ The naming strategy used to resolve how enum text is written.
+ true if integers are allowed when serializing and deserializing; otherwise, false.
+
+
+
+ Initializes a new instance of the class.
+
+ The of the used to write enum text.
+
+
+
+ Initializes a new instance of the class.
+
+ The of the used to write enum text.
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+ When non-null, there must be a constructor defined in the that exactly matches the number,
+ order, and type of these parameters.
+
+
+
+
+ Initializes a new instance of the class.
+
+ The of the used to write enum text.
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+ When non-null, there must be a constructor defined in the that exactly matches the number,
+ order, and type of these parameters.
+
+ true if integers are allowed when serializing and deserializing; otherwise, false.
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts a to and from Unix epoch time
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing property value of the JSON that is being converted.
+ The calling serializer.
+ The object value.
+
+
+
+ Converts a to and from a string (e.g. "1.2.3.4").
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing property value of the JSON that is being converted.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Converts XML to and from JSON.
+
+
+
+
+ Gets or sets the name of the root element to insert when deserializing to XML if the JSON structure has produced multiple root elements.
+
+ The name of the deserialized root element.
+
+
+
+ Gets or sets a value to indicate whether to write the Json.NET array attribute.
+ This attribute helps preserve arrays when converting the written XML back to JSON.
+
+ true if the array attribute is written to the XML; otherwise, false.
+
+
+
+ Gets or sets a value indicating whether to write the root JSON object.
+
+ true if the JSON root object is omitted; otherwise, false.
+
+
+
+ Gets or sets a value indicating whether to encode special characters when converting JSON to XML.
+ If true, special characters like ':', '@', '?', '#' and '$' in JSON property names aren't used to specify
+ XML namespaces, attributes or processing directives. Instead special characters are encoded and written
+ as part of the XML element name.
+
+ true if special characters are encoded; otherwise, false.
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The calling serializer.
+ The value.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Checks if the is a namespace attribute.
+
+ Attribute name to test.
+ The attribute name prefix if it has one, otherwise an empty string.
+ true if attribute name is for a namespace attribute, otherwise false.
+
+
+
+ Determines whether this instance can convert the specified value type.
+
+ Type of the value.
+
+ true if this instance can convert the specified value type; otherwise, false.
+
+
+
+
+ Specifies how dates are formatted when writing JSON text.
+
+
+
+
+ Dates are written in the ISO 8601 format, e.g. "2012-03-21T05:40Z".
+
+
+
+
+ Dates are written in the Microsoft JSON format, e.g. "\/Date(1198908717056)\/".
+
+
+
+
+ Specifies how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON text.
+
+
+
+
+ Date formatted strings are not parsed to a date type and are read as strings.
+
+
+
+
+ Date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed to .
+
+
+
+
+ Date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed to .
+
+
+
+
+ Specifies how to treat the time value when converting between string and .
+
+
+
+
+ Treat as local time. If the object represents a Coordinated Universal Time (UTC), it is converted to the local time.
+
+
+
+
+ Treat as a UTC. If the object represents a local time, it is converted to a UTC.
+
+
+
+
+ Treat as a local time if a is being converted to a string.
+ If a string is being converted to , convert to a local time if a time zone is specified.
+
+
+
+
+ Time zone information should be preserved when converting.
+
+
+
+
+ The default JSON name table implementation.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Gets the string containing the same characters as the specified range of characters in the given array.
+
+ The character array containing the name to find.
+ The zero-based index into the array specifying the first character of the name.
+ The number of characters in the name.
+
+
+
+ Adds the specified string into name table.
+
+ The string to add.
+ This method is not thread-safe.
+
+
+
+ Specifies default value handling options for the .
+
+
+
+
+
+
+
+
+ Include members where the member value is the same as the member's default value when serializing objects.
+ Included members are written to JSON. Has no effect when deserializing.
+
+
+
+
+ Ignore members where the member value is the same as the member's default value when serializing objects
+ so that it is not written to JSON.
+ This option will ignore all default values (e.g. null for objects and nullable types; 0 for integers,
+ decimals and floating point numbers; and false for booleans). The default value ignored can be changed by
+ placing the on the property.
+
+
+
+
+ Members with a default value but no JSON will be set to their default value when deserializing.
+
+
+
+
+ Ignore members where the member value is the same as the member's default value when serializing objects
+ and set members to their default value when deserializing.
+
+
+
+
+ Specifies float format handling options when writing special floating point numbers, e.g. ,
+ and with .
+
+
+
+
+ Write special floating point values as strings in JSON, e.g. "NaN", "Infinity", "-Infinity".
+
+
+
+
+ Write special floating point values as symbols in JSON, e.g. NaN, Infinity, -Infinity.
+ Note that this will produce non-valid JSON.
+
+
+
+
+ Write special floating point values as the property's default value in JSON, e.g. 0.0 for a property, null for a of property.
+
+
+
+
+ Specifies how floating point numbers, e.g. 1.0 and 9.9, are parsed when reading JSON text.
+
+
+
+
+ Floating point numbers are parsed to .
+
+
+
+
+ Floating point numbers are parsed to .
+
+
+
+
+ Specifies formatting options for the .
+
+
+
+
+ No special formatting is applied. This is the default.
+
+
+
+
+ Causes child objects to be indented according to the and settings.
+
+
+
+
+ Provides an interface for using pooled arrays.
+
+ The array type content.
+
+
+
+ Rent an array from the pool. This array must be returned when it is no longer needed.
+
+ The minimum required length of the array. The returned array may be longer.
+ The rented array from the pool. This array must be returned when it is no longer needed.
+
+
+
+ Return an array to the pool.
+
+ The array that is being returned.
+
+
+
+ Provides an interface to enable a class to return line and position information.
+
+
+
+
+ Gets a value indicating whether the class can return line information.
+
+
+ true if and can be provided; otherwise, false.
+
+
+
+
+ Gets the current line number.
+
+ The current line number or 0 if no line information is available (for example, when returns false).
+
+
+
+ Gets the current line position.
+
+ The current line position or 0 if no line information is available (for example, when returns false).
+
+
+
+ Instructs the how to serialize the collection.
+
+
+
+
+ Gets or sets a value indicating whether null items are allowed in the collection.
+
+ true if null items are allowed in the collection; otherwise, false.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class with a flag indicating whether the array can contain null items.
+
+ A flag indicating whether the array can contain null items.
+
+
+
+ Initializes a new instance of the class with the specified container Id.
+
+ The container Id.
+
+
+
+ Instructs the to use the specified constructor when deserializing that object.
+
+
+
+
+ Instructs the how to serialize the object.
+
+
+
+
+ Gets or sets the id.
+
+ The id.
+
+
+
+ Gets or sets the title.
+
+ The title.
+
+
+
+ Gets or sets the description.
+
+ The description.
+
+
+
+ Gets or sets the collection's items converter.
+
+ The collection's items converter.
+
+
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+ When non-null, there must be a constructor defined in the that exactly matches the number,
+ order, and type of these parameters.
+
+
+
+ [JsonContainer(ItemConverterType = typeof(MyContainerConverter), ItemConverterParameters = new object[] { 123, "Four" })]
+
+
+
+
+
+ Gets or sets the of the .
+
+ The of the .
+
+
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+ When non-null, there must be a constructor defined in the that exactly matches the number,
+ order, and type of these parameters.
+
+
+
+ [JsonContainer(NamingStrategyType = typeof(MyNamingStrategy), NamingStrategyParameters = new object[] { 123, "Four" })]
+
+
+
+
+
+ Gets or sets a value that indicates whether to preserve object references.
+
+
+ true to keep object reference; otherwise, false. The default is false.
+
+
+
+
+ Gets or sets a value that indicates whether to preserve collection's items references.
+
+
+ true to keep collection's items object references; otherwise, false. The default is false.
+
+
+
+
+ Gets or sets the reference loop handling used when serializing the collection's items.
+
+ The reference loop handling.
+
+
+
+ Gets or sets the type name handling used when serializing the collection's items.
+
+ The type name handling.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class with the specified container Id.
+
+ The container Id.
+
+
+
+ Provides methods for converting between .NET types and JSON types.
+
+
+
+
+
+
+
+ Gets or sets a function that creates default .
+ Default settings are automatically used by serialization methods on ,
+ and and on .
+ To serialize without using any default settings create a with
+ .
+
+
+
+
+ Represents JavaScript's boolean value true as a string. This field is read-only.
+
+
+
+
+ Represents JavaScript's boolean value false as a string. This field is read-only.
+
+
+
+
+ Represents JavaScript's null as a string. This field is read-only.
+
+
+
+
+ Represents JavaScript's undefined as a string. This field is read-only.
+
+
+
+
+ Represents JavaScript's positive infinity as a string. This field is read-only.
+
+
+
+
+ Represents JavaScript's negative infinity as a string. This field is read-only.
+
+
+
+
+ Represents JavaScript's NaN as a string. This field is read-only.
+
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation using the specified.
+
+ The value to convert.
+ The format the date will be converted to.
+ The time zone handling when the date is converted to a string.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation using the specified.
+
+ The value to convert.
+ The format the date will be converted to.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ The string delimiter character.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ The string delimiter character.
+ The string escape handling.
+ A JSON string representation of the .
+
+
+
+ Converts the to its JSON string representation.
+
+ The value to convert.
+ A JSON string representation of the .
+
+
+
+ Serializes the specified object to a JSON string.
+
+ The object to serialize.
+ A JSON string representation of the object.
+
+
+
+ Serializes the specified object to a JSON string using formatting.
+
+ The object to serialize.
+ Indicates how the output should be formatted.
+
+ A JSON string representation of the object.
+
+
+
+
+ Serializes the specified object to a JSON string using a collection of .
+
+ The object to serialize.
+ A collection of converters used while serializing.
+ A JSON string representation of the object.
+
+
+
+ Serializes the specified object to a JSON string using formatting and a collection of .
+
+ The object to serialize.
+ Indicates how the output should be formatted.
+ A collection of converters used while serializing.
+ A JSON string representation of the object.
+
+
+
+ Serializes the specified object to a JSON string using .
+
+ The object to serialize.
+ The used to serialize the object.
+ If this is null, default serialization settings will be used.
+
+ A JSON string representation of the object.
+
+
+
+
+ Serializes the specified object to a JSON string using a type, formatting and .
+
+ The object to serialize.
+ The used to serialize the object.
+ If this is null, default serialization settings will be used.
+
+ The type of the value being serialized.
+ This parameter is used when is to write out the type name if the type of the value does not match.
+ Specifying the type is optional.
+
+
+ A JSON string representation of the object.
+
+
+
+
+ Serializes the specified object to a JSON string using formatting and .
+
+ The object to serialize.
+ Indicates how the output should be formatted.
+ The used to serialize the object.
+ If this is null, default serialization settings will be used.
+
+ A JSON string representation of the object.
+
+
+
+
+ Serializes the specified object to a JSON string using a type, formatting and .
+
+ The object to serialize.
+ Indicates how the output should be formatted.
+ The used to serialize the object.
+ If this is null, default serialization settings will be used.
+
+ The type of the value being serialized.
+ This parameter is used when is to write out the type name if the type of the value does not match.
+ Specifying the type is optional.
+
+
+ A JSON string representation of the object.
+
+
+
+
+ Deserializes the JSON to a .NET object.
+
+ The JSON to deserialize.
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to a .NET object using .
+
+ The JSON to deserialize.
+
+ The used to deserialize the object.
+ If this is null, default serialization settings will be used.
+
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to the specified .NET type.
+
+ The JSON to deserialize.
+ The of object being deserialized.
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to the specified .NET type.
+
+ The type of the object to deserialize to.
+ The JSON to deserialize.
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to the given anonymous type.
+
+
+ The anonymous type to deserialize to. This can't be specified
+ traditionally and must be inferred from the anonymous type passed
+ as a parameter.
+
+ The JSON to deserialize.
+ The anonymous type object.
+ The deserialized anonymous type from the JSON string.
+
+
+
+ Deserializes the JSON to the given anonymous type using .
+
+
+ The anonymous type to deserialize to. This can't be specified
+ traditionally and must be inferred from the anonymous type passed
+ as a parameter.
+
+ The JSON to deserialize.
+ The anonymous type object.
+
+ The used to deserialize the object.
+ If this is null, default serialization settings will be used.
+
+ The deserialized anonymous type from the JSON string.
+
+
+
+ Deserializes the JSON to the specified .NET type using a collection of .
+
+ The type of the object to deserialize to.
+ The JSON to deserialize.
+ Converters to use while deserializing.
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to the specified .NET type using .
+
+ The type of the object to deserialize to.
+ The object to deserialize.
+
+ The used to deserialize the object.
+ If this is null, default serialization settings will be used.
+
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to the specified .NET type using a collection of .
+
+ The JSON to deserialize.
+ The type of the object to deserialize.
+ Converters to use while deserializing.
+ The deserialized object from the JSON string.
+
+
+
+ Deserializes the JSON to the specified .NET type using .
+
+ The JSON to deserialize.
+ The type of the object to deserialize to.
+
+ The used to deserialize the object.
+ If this is null, default serialization settings will be used.
+
+ The deserialized object from the JSON string.
+
+
+
+ Populates the object with values from the JSON string.
+
+ The JSON to populate values from.
+ The target object to populate values onto.
+
+
+
+ Populates the object with values from the JSON string using .
+
+ The JSON to populate values from.
+ The target object to populate values onto.
+
+ The used to deserialize the object.
+ If this is null, default serialization settings will be used.
+
+
+
+
+ Serializes the to a JSON string.
+
+ The node to serialize.
+ A JSON string of the .
+
+
+
+ Serializes the to a JSON string using formatting.
+
+ The node to serialize.
+ Indicates how the output should be formatted.
+ A JSON string of the .
+
+
+
+ Serializes the to a JSON string using formatting and omits the root object if is true.
+
+ The node to serialize.
+ Indicates how the output should be formatted.
+ Omits writing the root object.
+ A JSON string of the .
+
+
+
+ Deserializes the from a JSON string.
+
+ The JSON string.
+ The deserialized .
+
+
+
+ Deserializes the from a JSON string nested in a root element specified by .
+
+ The JSON string.
+ The name of the root element to append when deserializing.
+ The deserialized .
+
+
+
+ Deserializes the from a JSON string nested in a root element specified by
+ and writes a Json.NET array attribute for collections.
+
+ The JSON string.
+ The name of the root element to append when deserializing.
+
+ A value to indicate whether to write the Json.NET array attribute.
+ This attribute helps preserve arrays when converting the written XML back to JSON.
+
+ The deserialized .
+
+
+
+ Deserializes the from a JSON string nested in a root element specified by ,
+ writes a Json.NET array attribute for collections, and encodes special characters.
+
+ The JSON string.
+ The name of the root element to append when deserializing.
+
+ A value to indicate whether to write the Json.NET array attribute.
+ This attribute helps preserve arrays when converting the written XML back to JSON.
+
+
+ A value to indicate whether to encode special characters when converting JSON to XML.
+ If true, special characters like ':', '@', '?', '#' and '$' in JSON property names aren't used to specify
+ XML namespaces, attributes or processing directives. Instead special characters are encoded and written
+ as part of the XML element name.
+
+ The deserialized .
+
+
+
+ Serializes the to a JSON string.
+
+ The node to convert to JSON.
+ A JSON string of the .
+
+
+
+ Serializes the to a JSON string using formatting.
+
+ The node to convert to JSON.
+ Indicates how the output should be formatted.
+ A JSON string of the .
+
+
+
+ Serializes the to a JSON string using formatting and omits the root object if is true.
+
+ The node to serialize.
+ Indicates how the output should be formatted.
+ Omits writing the root object.
+ A JSON string of the .
+
+
+
+ Deserializes the from a JSON string.
+
+ The JSON string.
+ The deserialized .
+
+
+
+ Deserializes the from a JSON string nested in a root element specified by .
+
+ The JSON string.
+ The name of the root element to append when deserializing.
+ The deserialized .
+
+
+
+ Deserializes the from a JSON string nested in a root element specified by
+ and writes a Json.NET array attribute for collections.
+
+ The JSON string.
+ The name of the root element to append when deserializing.
+
+ A value to indicate whether to write the Json.NET array attribute.
+ This attribute helps preserve arrays when converting the written XML back to JSON.
+
+ The deserialized .
+
+
+
+ Deserializes the from a JSON string nested in a root element specified by ,
+ writes a Json.NET array attribute for collections, and encodes special characters.
+
+ The JSON string.
+ The name of the root element to append when deserializing.
+
+ A value to indicate whether to write the Json.NET array attribute.
+ This attribute helps preserve arrays when converting the written XML back to JSON.
+
+
+ A value to indicate whether to encode special characters when converting JSON to XML.
+ If true, special characters like ':', '@', '?', '#' and '$' in JSON property names aren't used to specify
+ XML namespaces, attributes or processing directives. Instead special characters are encoded and written
+ as part of the XML element name.
+
+ The deserialized .
+
+
+
+ Converts an object to and from JSON.
+
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Gets a value indicating whether this can read JSON.
+
+ true if this can read JSON; otherwise, false.
+
+
+
+ Gets a value indicating whether this can write JSON.
+
+ true if this can write JSON; otherwise, false.
+
+
+
+ Converts an object to and from JSON.
+
+ The object type to convert.
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Writes the JSON representation of the object.
+
+ The to write to.
+ The value.
+ The calling serializer.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read.
+ The calling serializer.
+ The object value.
+
+
+
+ Reads the JSON representation of the object.
+
+ The to read from.
+ Type of the object.
+ The existing value of object being read. If there is no existing value then null will be used.
+ The existing value has a value.
+ The calling serializer.
+ The object value.
+
+
+
+ Determines whether this instance can convert the specified object type.
+
+ Type of the object.
+
+ true if this instance can convert the specified object type; otherwise, false.
+
+
+
+
+ Instructs the to use the specified when serializing the member or class.
+
+
+
+
+ Gets the of the .
+
+ The of the .
+
+
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+
+
+
+
+ Initializes a new instance of the class.
+
+ Type of the .
+
+
+
+ Initializes a new instance of the class.
+
+ Type of the .
+ Parameter list to use when constructing the . Can be null.
+
+
+
+ Represents a collection of .
+
+
+
+
+ Instructs the how to serialize the collection.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class with the specified container Id.
+
+ The container Id.
+
+
+
+ The exception thrown when an error occurs during JSON serialization or deserialization.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class
+ with a specified error message.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the class
+ with a specified error message and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Initializes a new instance of the class.
+
+ The that holds the serialized object data about the exception being thrown.
+ The that contains contextual information about the source or destination.
+ The parameter is null.
+ The class name is null or is zero (0).
+
+
+
+ Instructs the to deserialize properties with no matching class member into the specified collection
+ and write values during serialization.
+
+
+
+
+ Gets or sets a value that indicates whether to write extension data when serializing the object.
+
+
+ true to write extension data when serializing the object; otherwise, false. The default is true.
+
+
+
+
+ Gets or sets a value that indicates whether to read extension data when deserializing the object.
+
+
+ true to read extension data when deserializing the object; otherwise, false. The default is true.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Instructs the not to serialize the public field or public read/write property value.
+
+
+
+
+ Base class for a table of atomized string objects.
+
+
+
+
+ Gets the string containing the same characters as the specified range of characters in the given array.
+
+ The character array containing the name to find.
+ The zero-based index into the array specifying the first character of the name.
+ The number of characters in the name.
+
+
+
+ Instructs the how to serialize the object.
+
+
+
+
+ Gets or sets the member serialization.
+
+ The member serialization.
+
+
+
+ Gets or sets how the object's properties with null values are handled during serialization and deserialization.
+
+ How the object's properties with null values are handled during serialization and deserialization.
+
+
+
+ Gets or sets a value that indicates whether the object's properties are required.
+
+
+ A value indicating whether the object's properties are required.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class with the specified member serialization.
+
+ The member serialization.
+
+
+
+ Initializes a new instance of the class with the specified container Id.
+
+ The container Id.
+
+
+
+ Instructs the to always serialize the member with the specified name.
+
+
+
+
+ Gets or sets the type used when serializing the property's collection items.
+
+ The collection's items type.
+
+
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+ When non-null, there must be a constructor defined in the that exactly matches the number,
+ order, and type of these parameters.
+
+
+
+ [JsonProperty(ItemConverterType = typeof(MyContainerConverter), ItemConverterParameters = new object[] { 123, "Four" })]
+
+
+
+
+
+ Gets or sets the of the .
+
+ The of the .
+
+
+
+ The parameter list to use when constructing the described by .
+ If null, the default constructor is used.
+ When non-null, there must be a constructor defined in the that exactly matches the number,
+ order, and type of these parameters.
+
+
+
+ [JsonProperty(NamingStrategyType = typeof(MyNamingStrategy), NamingStrategyParameters = new object[] { 123, "Four" })]
+
+
+
+
+
+ Gets or sets the null value handling used when serializing this property.
+
+ The null value handling.
+
+
+
+ Gets or sets the default value handling used when serializing this property.
+
+ The default value handling.
+
+
+
+ Gets or sets the reference loop handling used when serializing this property.
+
+ The reference loop handling.
+
+
+
+ Gets or sets the object creation handling used when deserializing this property.
+
+ The object creation handling.
+
+
+
+ Gets or sets the type name handling used when serializing this property.
+
+ The type name handling.
+
+
+
+ Gets or sets whether this property's value is serialized as a reference.
+
+ Whether this property's value is serialized as a reference.
+
+
+
+ Gets or sets the order of serialization of a member.
+
+ The numeric order of serialization.
+
+
+
+ Gets or sets a value indicating whether this property is required.
+
+
+ A value indicating whether this property is required.
+
+
+
+
+ Gets or sets the name of the property.
+
+ The name of the property.
+
+
+
+ Gets or sets the reference loop handling used when serializing the property's collection items.
+
+ The collection's items reference loop handling.
+
+
+
+ Gets or sets the type name handling used when serializing the property's collection items.
+
+ The collection's items type name handling.
+
+
+
+ Gets or sets whether this property's collection items are serialized as a reference.
+
+ Whether this property's collection items are serialized as a reference.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class with the specified name.
+
+ Name of the property.
+
+
+
+ Represents a reader that provides fast, non-cached, forward-only access to serialized JSON data.
+
+
+
+
+ Asynchronously reads the next JSON token from the source.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns true if the next token was read successfully; false if there are no more tokens to read.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously skips the children of the current token.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a [].
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the []. This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously reads the next JSON token from the source as a .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the . This result will be null at the end of an array.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Specifies the state of the reader.
+
+
+
+
+ A read method has not been called.
+
+
+
+
+ The end of the file has been reached successfully.
+
+
+
+
+ Reader is at a property.
+
+
+
+
+ Reader is at the start of an object.
+
+
+
+
+ Reader is in an object.
+
+
+
+
+ Reader is at the start of an array.
+
+
+
+
+ Reader is in an array.
+
+
+
+
+ The method has been called.
+
+
+
+
+ Reader has just read a value.
+
+
+
+
+ Reader is at the start of a constructor.
+
+
+
+
+ Reader is in a constructor.
+
+
+
+
+ An error occurred that prevents the read operation from continuing.
+
+
+
+
+ The end of the file has been reached successfully.
+
+
+
+
+ Gets the current reader state.
+
+ The current reader state.
+
+
+
+ Gets or sets a value indicating whether the source should be closed when this reader is closed.
+
+
+ true to close the source when this reader is closed; otherwise false. The default is true.
+
+
+
+
+ Gets or sets a value indicating whether multiple pieces of JSON content can
+ be read from a continuous stream without erroring.
+
+
+ true to support reading multiple pieces of JSON content; otherwise false.
+ The default is false.
+
+
+
+
+ Gets the quotation mark character used to enclose the value of a string.
+
+
+
+
+ Gets or sets how time zones are handled when reading JSON.
+
+
+
+
+ Gets or sets how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON.
+
+
+
+
+ Gets or sets how floating point numbers, e.g. 1.0 and 9.9, are parsed when reading JSON text.
+
+
+
+
+ Gets or sets how custom date formatted strings are parsed when reading JSON.
+
+
+
+
+ Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a .
+
+
+
+
+ Gets the type of the current JSON token.
+
+
+
+
+ Gets the text value of the current JSON token.
+
+
+
+
+ Gets the .NET type for the current JSON token.
+
+
+
+
+ Gets the depth of the current token in the JSON document.
+
+ The depth of the current token in the JSON document.
+
+
+
+ Gets the path of the current JSON token.
+
+
+
+
+ Gets or sets the culture used when reading JSON. Defaults to .
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Reads the next JSON token from the source.
+
+ true if the next token was read successfully; false if there are no more tokens to read.
+
+
+
+ Reads the next JSON token from the source as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a .
+
+ A . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a [].
+
+ A [] or null if the next JSON token is null. This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the source as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Skips the children of the current token.
+
+
+
+
+ Sets the current token.
+
+ The new token.
+
+
+
+ Sets the current token and value.
+
+ The new token.
+ The value.
+
+
+
+ Sets the current token and value.
+
+ The new token.
+ The value.
+ A flag indicating whether the position index inside an array should be updated.
+
+
+
+ Sets the state based on current token type.
+
+
+
+
+ Releases unmanaged and - optionally - managed resources.
+
+ true to release both managed and unmanaged resources; false to release only unmanaged resources.
+
+
+
+ Changes the reader's state to .
+ If is set to true, the source is also closed.
+
+
+
+
+ The exception thrown when an error occurs while reading JSON text.
+
+
+
+
+ Gets the line number indicating where the error occurred.
+
+ The line number indicating where the error occurred.
+
+
+
+ Gets the line position indicating where the error occurred.
+
+ The line position indicating where the error occurred.
+
+
+
+ Gets the path to the JSON where the error occurred.
+
+ The path to the JSON where the error occurred.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class
+ with a specified error message.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the class
+ with a specified error message and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Initializes a new instance of the class.
+
+ The that holds the serialized object data about the exception being thrown.
+ The that contains contextual information about the source or destination.
+ The parameter is null.
+ The class name is null or is zero (0).
+
+
+
+ Initializes a new instance of the class
+ with a specified error message, JSON path, line number, line position, and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The path to the JSON where the error occurred.
+ The line number indicating where the error occurred.
+ The line position indicating where the error occurred.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Instructs the to always serialize the member, and to require that the member has a value.
+
+
+
+
+ The exception thrown when an error occurs during JSON serialization or deserialization.
+
+
+
+
+ Gets the line number indicating where the error occurred.
+
+ The line number indicating where the error occurred.
+
+
+
+ Gets the line position indicating where the error occurred.
+
+ The line position indicating where the error occurred.
+
+
+
+ Gets the path to the JSON where the error occurred.
+
+ The path to the JSON where the error occurred.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class
+ with a specified error message.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the class
+ with a specified error message and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Initializes a new instance of the class.
+
+ The that holds the serialized object data about the exception being thrown.
+ The that contains contextual information about the source or destination.
+ The parameter is null.
+ The class name is null or is zero (0).
+
+
+
+ Initializes a new instance of the class
+ with a specified error message, JSON path, line number, line position, and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The path to the JSON where the error occurred.
+ The line number indicating where the error occurred.
+ The line position indicating where the error occurred.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Serializes and deserializes objects into and from the JSON format.
+ The enables you to control how objects are encoded into JSON.
+
+
+
+
+ Occurs when the errors during serialization and deserialization.
+
+
+
+
+ Gets or sets the used by the serializer when resolving references.
+
+
+
+
+ Gets or sets the used by the serializer when resolving type names.
+
+
+
+
+ Gets or sets the used by the serializer when writing trace messages.
+
+ The trace writer.
+
+
+
+ Gets or sets the equality comparer used by the serializer when comparing references.
+
+ The equality comparer.
+
+
+
+ Gets or sets how type name writing and reading is handled by the serializer.
+ The default value is .
+
+
+ should be used with caution when your application deserializes JSON from an external source.
+ Incoming types should be validated with a custom
+ when deserializing with a value other than .
+
+
+
+
+ Gets or sets how a type name assembly is written and resolved by the serializer.
+ The default value is .
+
+ The type name assembly format.
+
+
+
+ Gets or sets how a type name assembly is written and resolved by the serializer.
+ The default value is .
+
+ The type name assembly format.
+
+
+
+ Gets or sets how object references are preserved by the serializer.
+ The default value is .
+
+
+
+
+ Gets or sets how reference loops (e.g. a class referencing itself) is handled.
+ The default value is .
+
+
+
+
+ Gets or sets how missing members (e.g. JSON contains a property that isn't a member on the object) are handled during deserialization.
+ The default value is .
+
+
+
+
+ Gets or sets how null values are handled during serialization and deserialization.
+ The default value is .
+
+
+
+
+ Gets or sets how default values are handled during serialization and deserialization.
+ The default value is .
+
+
+
+
+ Gets or sets how objects are created during deserialization.
+ The default value is .
+
+ The object creation handling.
+
+
+
+ Gets or sets how constructors are used during deserialization.
+ The default value is .
+
+ The constructor handling.
+
+
+
+ Gets or sets how metadata properties are used during deserialization.
+ The default value is .
+
+ The metadata properties handling.
+
+
+
+ Gets a collection that will be used during serialization.
+
+ Collection that will be used during serialization.
+
+
+
+ Gets or sets the contract resolver used by the serializer when
+ serializing .NET objects to JSON and vice versa.
+
+
+
+
+ Gets or sets the used by the serializer when invoking serialization callback methods.
+
+ The context.
+
+
+
+ Indicates how JSON text output is formatted.
+ The default value is .
+
+
+
+
+ Gets or sets how dates are written to JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets how time zones are handled during serialization and deserialization.
+ The default value is .
+
+
+
+
+ Gets or sets how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON.
+ The default value is .
+
+
+
+
+ Gets or sets how floating point numbers, e.g. 1.0 and 9.9, are parsed when reading JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets how special floating point numbers, e.g. ,
+ and ,
+ are written as JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets how strings are escaped when writing JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets how and values are formatted when writing JSON text,
+ and the expected date format when reading JSON text.
+ The default value is "yyyy'-'MM'-'dd'T'HH':'mm':'ss.FFFFFFFK".
+
+
+
+
+ Gets or sets the culture used when reading JSON.
+ The default value is .
+
+
+
+
+ Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a .
+ A null value means there is no maximum.
+ The default value is null.
+
+
+
+
+ Gets a value indicating whether there will be a check for additional JSON content after deserializing an object.
+ The default value is false.
+
+
+ true if there will be a check for additional JSON content after deserializing an object; otherwise, false.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Creates a new instance.
+ The will not use default settings
+ from .
+
+
+ A new instance.
+ The will not use default settings
+ from .
+
+
+
+
+ Creates a new instance using the specified .
+ The will not use default settings
+ from .
+
+ The settings to be applied to the .
+
+ A new instance using the specified .
+ The will not use default settings
+ from .
+
+
+
+
+ Creates a new instance.
+ The will use default settings
+ from .
+
+
+ A new instance.
+ The will use default settings
+ from .
+
+
+
+
+ Creates a new instance using the specified .
+ The will use default settings
+ from as well as the specified .
+
+ The settings to be applied to the .
+
+ A new instance using the specified .
+ The will use default settings
+ from as well as the specified .
+
+
+
+
+ Populates the JSON values onto the target object.
+
+ The that contains the JSON structure to read values from.
+ The target object to populate values onto.
+
+
+
+ Populates the JSON values onto the target object.
+
+ The that contains the JSON structure to read values from.
+ The target object to populate values onto.
+
+
+
+ Deserializes the JSON structure contained by the specified .
+
+ The that contains the JSON structure to deserialize.
+ The being deserialized.
+
+
+
+ Deserializes the JSON structure contained by the specified
+ into an instance of the specified type.
+
+ The containing the object.
+ The of object being deserialized.
+ The instance of being deserialized.
+
+
+
+ Deserializes the JSON structure contained by the specified
+ into an instance of the specified type.
+
+ The containing the object.
+ The type of the object to deserialize.
+ The instance of being deserialized.
+
+
+
+ Deserializes the JSON structure contained by the specified
+ into an instance of the specified type.
+
+ The containing the object.
+ The of object being deserialized.
+ The instance of being deserialized.
+
+
+
+ Serializes the specified and writes the JSON structure
+ using the specified .
+
+ The used to write the JSON structure.
+ The to serialize.
+
+
+
+ Serializes the specified and writes the JSON structure
+ using the specified .
+
+ The used to write the JSON structure.
+ The to serialize.
+
+ The type of the value being serialized.
+ This parameter is used when is to write out the type name if the type of the value does not match.
+ Specifying the type is optional.
+
+
+
+
+ Serializes the specified and writes the JSON structure
+ using the specified .
+
+ The used to write the JSON structure.
+ The to serialize.
+
+ The type of the value being serialized.
+ This parameter is used when is Auto to write out the type name if the type of the value does not match.
+ Specifying the type is optional.
+
+
+
+
+ Serializes the specified and writes the JSON structure
+ using the specified .
+
+ The used to write the JSON structure.
+ The to serialize.
+
+
+
+ Specifies the settings on a object.
+
+
+
+
+ Gets or sets how reference loops (e.g. a class referencing itself) are handled.
+ The default value is .
+
+ Reference loop handling.
+
+
+
+ Gets or sets how missing members (e.g. JSON contains a property that isn't a member on the object) are handled during deserialization.
+ The default value is .
+
+ Missing member handling.
+
+
+
+ Gets or sets how objects are created during deserialization.
+ The default value is .
+
+ The object creation handling.
+
+
+
+ Gets or sets how null values are handled during serialization and deserialization.
+ The default value is .
+
+ Null value handling.
+
+
+
+ Gets or sets how default values are handled during serialization and deserialization.
+ The default value is .
+
+ The default value handling.
+
+
+
+ Gets or sets a collection that will be used during serialization.
+
+ The converters.
+
+
+
+ Gets or sets how object references are preserved by the serializer.
+ The default value is .
+
+ The preserve references handling.
+
+
+
+ Gets or sets how type name writing and reading is handled by the serializer.
+ The default value is .
+
+
+ should be used with caution when your application deserializes JSON from an external source.
+ Incoming types should be validated with a custom
+ when deserializing with a value other than .
+
+ The type name handling.
+
+
+
+ Gets or sets how metadata properties are used during deserialization.
+ The default value is .
+
+ The metadata properties handling.
+
+
+
+ Gets or sets how a type name assembly is written and resolved by the serializer.
+ The default value is .
+
+ The type name assembly format.
+
+
+
+ Gets or sets how a type name assembly is written and resolved by the serializer.
+ The default value is .
+
+ The type name assembly format.
+
+
+
+ Gets or sets how constructors are used during deserialization.
+ The default value is .
+
+ The constructor handling.
+
+
+
+ Gets or sets the contract resolver used by the serializer when
+ serializing .NET objects to JSON and vice versa.
+
+ The contract resolver.
+
+
+
+ Gets or sets the equality comparer used by the serializer when comparing references.
+
+ The equality comparer.
+
+
+
+ Gets or sets the used by the serializer when resolving references.
+
+ The reference resolver.
+
+
+
+ Gets or sets a function that creates the used by the serializer when resolving references.
+
+ A function that creates the used by the serializer when resolving references.
+
+
+
+ Gets or sets the used by the serializer when writing trace messages.
+
+ The trace writer.
+
+
+
+ Gets or sets the used by the serializer when resolving type names.
+
+ The binder.
+
+
+
+ Gets or sets the error handler called during serialization and deserialization.
+
+ The error handler called during serialization and deserialization.
+
+
+
+ Gets or sets the used by the serializer when invoking serialization callback methods.
+
+ The context.
+
+
+
+ Gets or sets how and values are formatted when writing JSON text,
+ and the expected date format when reading JSON text.
+ The default value is "yyyy'-'MM'-'dd'T'HH':'mm':'ss.FFFFFFFK".
+
+
+
+
+ Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a .
+ A null value means there is no maximum.
+ The default value is null.
+
+
+
+
+ Indicates how JSON text output is formatted.
+ The default value is .
+
+
+
+
+ Gets or sets how dates are written to JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets how time zones are handled during serialization and deserialization.
+ The default value is .
+
+
+
+
+ Gets or sets how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON.
+ The default value is .
+
+
+
+
+ Gets or sets how special floating point numbers, e.g. ,
+ and ,
+ are written as JSON.
+ The default value is .
+
+
+
+
+ Gets or sets how floating point numbers, e.g. 1.0 and 9.9, are parsed when reading JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets how strings are escaped when writing JSON text.
+ The default value is .
+
+
+
+
+ Gets or sets the culture used when reading JSON.
+ The default value is .
+
+
+
+
+ Gets a value indicating whether there will be a check for additional content after deserializing an object.
+ The default value is false.
+
+
+ true if there will be a check for additional content after deserializing an object; otherwise, false.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Represents a reader that provides fast, non-cached, forward-only access to JSON text data.
+
+
+
+
+ Asynchronously reads the next JSON token from the source.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns true if the next token was read successfully; false if there are no more tokens to read.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a [].
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the []. This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a of .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the of . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously reads the next JSON token from the source as a .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous read. The
+ property returns the . This result will be null at the end of an array.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Initializes a new instance of the class with the specified .
+
+ The containing the JSON data to read.
+
+
+
+ Gets or sets the reader's property name table.
+
+
+
+
+ Gets or sets the reader's character buffer pool.
+
+
+
+
+ Reads the next JSON token from the underlying .
+
+
+ true if the next token was read successfully; false if there are no more tokens to read.
+
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a .
+
+ A . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a [].
+
+ A [] or null if the next JSON token is null. This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Changes the reader's state to .
+ If is set to true, the underlying is also closed.
+
+
+
+
+ Gets a value indicating whether the class can return line information.
+
+
+ true if and can be provided; otherwise, false.
+
+
+
+
+ Gets the current line number.
+
+
+ The current line number or 0 if no line information is available (for example, returns false).
+
+
+
+
+ Gets the current line position.
+
+
+ The current line position or 0 if no line information is available (for example, returns false).
+
+
+
+
+ Represents a writer that provides a fast, non-cached, forward-only way of generating JSON data.
+
+
+
+
+ Asynchronously flushes whatever is in the buffer to the destination and also flushes the destination.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the JSON value delimiter.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the specified end token.
+
+ The end token to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously closes this writer.
+ If is set to true, the destination is also closed.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the end of the current JSON object or array.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes indent characters.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes an indent space.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes raw JSON without changing the writer's state.
+
+ The raw JSON to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a null value.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the property name of a name/value pair of a JSON object.
+
+ The name of the property.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the property name of a name/value pair of a JSON object.
+
+ The name of the property.
+ A flag to indicate whether the text should be escaped when it is written as a JSON property name.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the beginning of a JSON array.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the beginning of a JSON object.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the start of a constructor with the given name.
+
+ The name of the constructor.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes an undefined value.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the given white space.
+
+ The string of white space characters.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a [] value.
+
+ The [] value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes a comment /*...*/ containing the specified text.
+
+ Text to place inside the comment.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the end of an array.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the end of a constructor.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes the end of a JSON object.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Asynchronously writes raw JSON where a value is expected and updates the writer's state.
+
+ The raw JSON to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ Derived classes must override this method to get asynchronous behaviour. Otherwise it will
+ execute synchronously, returning an already-completed task.
+
+
+
+ Gets or sets the writer's character array pool.
+
+
+
+
+ Gets or sets how many s to write for each level in the hierarchy when is set to .
+
+
+
+
+ Gets or sets which character to use to quote attribute values.
+
+
+
+
+ Gets or sets which character to use for indenting when is set to .
+
+
+
+
+ Gets or sets a value indicating whether object names will be surrounded with quotes.
+
+
+
+
+ Initializes a new instance of the class using the specified .
+
+ The to write to.
+
+
+
+ Flushes whatever is in the buffer to the underlying and also flushes the underlying .
+
+
+
+
+ Closes this writer.
+ If is set to true, the underlying is also closed.
+ If is set to true, the JSON is auto-completed.
+
+
+
+
+ Writes the beginning of a JSON object.
+
+
+
+
+ Writes the beginning of a JSON array.
+
+
+
+
+ Writes the start of a constructor with the given name.
+
+ The name of the constructor.
+
+
+
+ Writes the specified end token.
+
+ The end token to write.
+
+
+
+ Writes the property name of a name/value pair on a JSON object.
+
+ The name of the property.
+
+
+
+ Writes the property name of a name/value pair on a JSON object.
+
+ The name of the property.
+ A flag to indicate whether the text should be escaped when it is written as a JSON property name.
+
+
+
+ Writes indent characters.
+
+
+
+
+ Writes the JSON value delimiter.
+
+
+
+
+ Writes an indent space.
+
+
+
+
+ Writes a value.
+ An error will raised if the value cannot be written as a single JSON token.
+
+ The value to write.
+
+
+
+ Writes a null value.
+
+
+
+
+ Writes an undefined value.
+
+
+
+
+ Writes raw JSON.
+
+ The raw JSON to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a [] value.
+
+ The [] value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a comment /*...*/ containing the specified text.
+
+ Text to place inside the comment.
+
+
+
+ Writes the given white space.
+
+ The string of white space characters.
+
+
+
+ Specifies the type of JSON token.
+
+
+
+
+ This is returned by the if a read method has not been called.
+
+
+
+
+ An object start token.
+
+
+
+
+ An array start token.
+
+
+
+
+ A constructor start token.
+
+
+
+
+ An object property name.
+
+
+
+
+ A comment.
+
+
+
+
+ Raw JSON.
+
+
+
+
+ An integer.
+
+
+
+
+ A float.
+
+
+
+
+ A string.
+
+
+
+
+ A boolean.
+
+
+
+
+ A null token.
+
+
+
+
+ An undefined token.
+
+
+
+
+ An object end token.
+
+
+
+
+ An array end token.
+
+
+
+
+ A constructor end token.
+
+
+
+
+ A Date.
+
+
+
+
+ Byte data.
+
+
+
+
+
+ Represents a reader that provides validation.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Sets an event handler for receiving schema validation errors.
+
+
+
+
+ Gets the text value of the current JSON token.
+
+
+
+
+
+ Gets the depth of the current token in the JSON document.
+
+ The depth of the current token in the JSON document.
+
+
+
+ Gets the path of the current JSON token.
+
+
+
+
+ Gets the quotation mark character used to enclose the value of a string.
+
+
+
+
+
+ Gets the type of the current JSON token.
+
+
+
+
+
+ Gets the .NET type for the current JSON token.
+
+
+
+
+
+ Initializes a new instance of the class that
+ validates the content returned from the given .
+
+ The to read from while validating.
+
+
+
+ Gets or sets the schema.
+
+ The schema.
+
+
+
+ Gets the used to construct this .
+
+ The specified in the constructor.
+
+
+
+ Changes the reader's state to .
+ If is set to true, the underlying is also closed.
+
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of .
+
+
+
+ Reads the next JSON token from the underlying as a [].
+
+
+ A [] or null if the next JSON token is null.
+
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of .
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of .
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of .
+
+
+
+ Reads the next JSON token from the underlying as a .
+
+ A . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of . This method will return null at the end of an array.
+
+
+
+ Reads the next JSON token from the underlying as a of .
+
+ A of .
+
+
+
+ Reads the next JSON token from the underlying .
+
+
+ true if the next token was read successfully; false if there are no more tokens to read.
+
+
+
+
+ Represents a writer that provides a fast, non-cached, forward-only way of generating JSON data.
+
+
+
+
+ Asynchronously closes this writer.
+ If is set to true, the destination is also closed.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously flushes whatever is in the buffer to the destination and also flushes the destination.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the specified end token.
+
+ The end token to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes indent characters.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the JSON value delimiter.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes an indent space.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes raw JSON without changing the writer's state.
+
+ The raw JSON to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the end of the current JSON object or array.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the end of an array.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the end of a constructor.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the end of a JSON object.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a null value.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the property name of a name/value pair of a JSON object.
+
+ The name of the property.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the property name of a name/value pair of a JSON object.
+
+ The name of the property.
+ A flag to indicate whether the text should be escaped when it is written as a JSON property name.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the beginning of a JSON array.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a comment /*...*/ containing the specified text.
+
+ Text to place inside the comment.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes raw JSON where a value is expected and updates the writer's state.
+
+ The raw JSON to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the start of a constructor with the given name.
+
+ The name of the constructor.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the beginning of a JSON object.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the current token.
+
+ The to read the token from.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the current token.
+
+ The to read the token from.
+ A flag indicating whether the current token's children should be written.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the token and its value.
+
+ The to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the token and its value.
+
+ The to write.
+
+ The value to write.
+ A value is only required for tokens that have an associated value, e.g. the property name for .
+ null can be passed to the method for tokens that don't have a value, e.g. .
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a [] value.
+
+ The [] value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a value.
+
+ The value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes a of value.
+
+ The of value to write.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes an undefined value.
+
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously writes the given white space.
+
+ The string of white space characters.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Asynchronously ets the state of the .
+
+ The being written.
+ The value being written.
+ The token to monitor for cancellation requests. The default value is .
+ A that represents the asynchronous operation.
+ The default behaviour is to execute synchronously, returning an already-completed task. Derived
+ classes can override this behaviour for true asynchronicity.
+
+
+
+ Gets or sets a value indicating whether the destination should be closed when this writer is closed.
+
+
+ true to close the destination when this writer is closed; otherwise false. The default is true.
+
+
+
+
+ Gets or sets a value indicating whether the JSON should be auto-completed when this writer is closed.
+
+
+ true to auto-complete the JSON when this writer is closed; otherwise false. The default is true.
+
+
+
+
+ Gets the top.
+
+ The top.
+
+
+
+ Gets the state of the writer.
+
+
+
+
+ Gets the path of the writer.
+
+
+
+
+ Gets or sets a value indicating how JSON text output should be formatted.
+
+
+
+
+ Gets or sets how dates are written to JSON text.
+
+
+
+
+ Gets or sets how time zones are handled when writing JSON text.
+
+
+
+
+ Gets or sets how strings are escaped when writing JSON text.
+
+
+
+
+ Gets or sets how special floating point numbers, e.g. ,
+ and ,
+ are written to JSON text.
+
+
+
+
+ Gets or sets how and values are formatted when writing JSON text.
+
+
+
+
+ Gets or sets the culture used when writing JSON. Defaults to .
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Flushes whatever is in the buffer to the destination and also flushes the destination.
+
+
+
+
+ Closes this writer.
+ If is set to true, the destination is also closed.
+ If is set to true, the JSON is auto-completed.
+
+
+
+
+ Writes the beginning of a JSON object.
+
+
+
+
+ Writes the end of a JSON object.
+
+
+
+
+ Writes the beginning of a JSON array.
+
+
+
+
+ Writes the end of an array.
+
+
+
+
+ Writes the start of a constructor with the given name.
+
+ The name of the constructor.
+
+
+
+ Writes the end constructor.
+
+
+
+
+ Writes the property name of a name/value pair of a JSON object.
+
+ The name of the property.
+
+
+
+ Writes the property name of a name/value pair of a JSON object.
+
+ The name of the property.
+ A flag to indicate whether the text should be escaped when it is written as a JSON property name.
+
+
+
+ Writes the end of the current JSON object or array.
+
+
+
+
+ Writes the current token and its children.
+
+ The to read the token from.
+
+
+
+ Writes the current token.
+
+ The to read the token from.
+ A flag indicating whether the current token's children should be written.
+
+
+
+ Writes the token and its value.
+
+ The to write.
+
+ The value to write.
+ A value is only required for tokens that have an associated value, e.g. the property name for .
+ null can be passed to the method for tokens that don't have a value, e.g. .
+
+
+
+
+ Writes the token.
+
+ The to write.
+
+
+
+ Writes the specified end token.
+
+ The end token to write.
+
+
+
+ Writes indent characters.
+
+
+
+
+ Writes the JSON value delimiter.
+
+
+
+
+ Writes an indent space.
+
+
+
+
+ Writes a null value.
+
+
+
+
+ Writes an undefined value.
+
+
+
+
+ Writes raw JSON without changing the writer's state.
+
+ The raw JSON to write.
+
+
+
+ Writes raw JSON where a value is expected and updates the writer's state.
+
+ The raw JSON to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a of value.
+
+ The of value to write.
+
+
+
+ Writes a [] value.
+
+ The [] value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+ An error will raised if the value cannot be written as a single JSON token.
+
+ The value to write.
+
+
+
+ Writes a comment /*...*/ containing the specified text.
+
+ Text to place inside the comment.
+
+
+
+ Writes the given white space.
+
+ The string of white space characters.
+
+
+
+ Releases unmanaged and - optionally - managed resources.
+
+ true to release both managed and unmanaged resources; false to release only unmanaged resources.
+
+
+
+ Sets the state of the .
+
+ The being written.
+ The value being written.
+
+
+
+ The exception thrown when an error occurs while writing JSON text.
+
+
+
+
+ Gets the path to the JSON where the error occurred.
+
+ The path to the JSON where the error occurred.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class
+ with a specified error message.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the class
+ with a specified error message and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Initializes a new instance of the class.
+
+ The that holds the serialized object data about the exception being thrown.
+ The that contains contextual information about the source or destination.
+ The parameter is null.
+ The class name is null or is zero (0).
+
+
+
+ Initializes a new instance of the class
+ with a specified error message, JSON path and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The path to the JSON where the error occurred.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Specifies how JSON comments are handled when loading JSON.
+
+
+
+
+ Ignore comments.
+
+
+
+
+ Load comments as a with type .
+
+
+
+
+ Contains the LINQ to JSON extension methods.
+
+
+
+
+ Returns a collection of tokens that contains the ancestors of every token in the source collection.
+
+ The type of the objects in source, constrained to .
+ An of that contains the source collection.
+ An of that contains the ancestors of every token in the source collection.
+
+
+
+ Returns a collection of tokens that contains every token in the source collection, and the ancestors of every token in the source collection.
+
+ The type of the objects in source, constrained to .
+ An of that contains the source collection.
+ An of that contains every token in the source collection, the ancestors of every token in the source collection.
+
+
+
+ Returns a collection of tokens that contains the descendants of every token in the source collection.
+
+ The type of the objects in source, constrained to .
+ An of that contains the source collection.
+ An of that contains the descendants of every token in the source collection.
+
+
+
+ Returns a collection of tokens that contains every token in the source collection, and the descendants of every token in the source collection.
+
+ The type of the objects in source, constrained to .
+ An of that contains the source collection.
+ An of that contains every token in the source collection, and the descendants of every token in the source collection.
+
+
+
+ Returns a collection of child properties of every object in the source collection.
+
+ An of that contains the source collection.
+ An of that contains the properties of every object in the source collection.
+
+
+
+ Returns a collection of child values of every object in the source collection with the given key.
+
+ An of that contains the source collection.
+ The token key.
+ An of that contains the values of every token in the source collection with the given key.
+
+
+
+ Returns a collection of child values of every object in the source collection.
+
+ An of that contains the source collection.
+ An of that contains the values of every token in the source collection.
+
+
+
+ Returns a collection of converted child values of every object in the source collection with the given key.
+
+ The type to convert the values to.
+ An of that contains the source collection.
+ The token key.
+ An that contains the converted values of every token in the source collection with the given key.
+
+
+
+ Returns a collection of converted child values of every object in the source collection.
+
+ The type to convert the values to.
+ An of that contains the source collection.
+ An that contains the converted values of every token in the source collection.
+
+
+
+ Converts the value.
+
+ The type to convert the value to.
+ A cast as a of .
+ A converted value.
+
+
+
+ Converts the value.
+
+ The source collection type.
+ The type to convert the value to.
+ A cast as a of .
+ A converted value.
+
+
+
+ Returns a collection of child tokens of every array in the source collection.
+
+ The source collection type.
+ An of that contains the source collection.
+ An of that contains the values of every token in the source collection.
+
+
+
+ Returns a collection of converted child tokens of every array in the source collection.
+
+ An of that contains the source collection.
+ The type to convert the values to.
+ The source collection type.
+ An that contains the converted values of every token in the source collection.
+
+
+
+ Returns the input typed as .
+
+ An of that contains the source collection.
+ The input typed as .
+
+
+
+ Returns the input typed as .
+
+ The source collection type.
+ An of that contains the source collection.
+ The input typed as .
+
+
+
+ Represents a collection of objects.
+
+ The type of token.
+
+
+
+ Gets the of with the specified key.
+
+
+
+
+
+ Represents a JSON array.
+
+
+
+
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ The token to monitor for cancellation requests.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+ A representing the asynchronous load. The property contains the JSON that was read from the specified .
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+ A representing the asynchronous load. The property contains the JSON that was read from the specified .
+
+
+
+ Gets the container's children tokens.
+
+ The container's children tokens.
+
+
+
+ Gets the node type for this .
+
+ The type.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class from another object.
+
+ A object to copy from.
+
+
+
+ Initializes a new instance of the class with the specified content.
+
+ The contents of the array.
+
+
+
+ Initializes a new instance of the class with the specified content.
+
+ The contents of the array.
+
+
+
+ Loads an from a .
+
+ A that will be read for the content of the .
+ A that contains the JSON that was read from the specified .
+
+
+
+ Loads an from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A that contains the JSON that was read from the specified .
+
+
+
+ Load a from a string that contains JSON.
+
+ A that contains JSON.
+ A populated from the string that contains JSON.
+
+
+
+
+
+
+ Load a from a string that contains JSON.
+
+ A that contains JSON.
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A populated from the string that contains JSON.
+
+
+
+
+
+
+ Creates a from an object.
+
+ The object that will be used to create .
+ A with the values of the specified object.
+
+
+
+ Creates a from an object.
+
+ The object that will be used to create .
+ The that will be used to read the object.
+ A with the values of the specified object.
+
+
+
+ Writes this token to a .
+
+ A into which this method will write.
+ A collection of which will be used when writing the token.
+
+
+
+ Gets the with the specified key.
+
+ The with the specified key.
+
+
+
+ Gets or sets the at the specified index.
+
+
+
+
+
+ Determines the index of a specific item in the .
+
+ The object to locate in the .
+
+ The index of if found in the list; otherwise, -1.
+
+
+
+
+ Inserts an item to the at the specified index.
+
+ The zero-based index at which should be inserted.
+ The object to insert into the .
+
+ is not a valid index in the .
+
+
+
+
+ Removes the item at the specified index.
+
+ The zero-based index of the item to remove.
+
+ is not a valid index in the .
+
+
+
+
+ Returns an enumerator that iterates through the collection.
+
+
+ A of that can be used to iterate through the collection.
+
+
+
+
+ Adds an item to the .
+
+ The object to add to the .
+
+
+
+ Removes all items from the .
+
+
+
+
+ Determines whether the contains a specific value.
+
+ The object to locate in the .
+
+ true if is found in the ; otherwise, false.
+
+
+
+
+ Copies the elements of the to an array, starting at a particular array index.
+
+ The array.
+ Index of the array.
+
+
+
+ Gets a value indicating whether the is read-only.
+
+ true if the is read-only; otherwise, false.
+
+
+
+ Removes the first occurrence of a specific object from the .
+
+ The object to remove from the .
+
+ true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original .
+
+
+
+
+ Represents a JSON constructor.
+
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ The token to monitor for cancellation requests.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous load. The
+ property returns a that contains the JSON that was read from the specified .
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous load. The
+ property returns a that contains the JSON that was read from the specified .
+
+
+
+ Gets the container's children tokens.
+
+ The container's children tokens.
+
+
+
+ Gets or sets the name of this constructor.
+
+ The constructor name.
+
+
+
+ Gets the node type for this .
+
+ The type.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class from another object.
+
+ A object to copy from.
+
+
+
+ Initializes a new instance of the class with the specified name and content.
+
+ The constructor name.
+ The contents of the constructor.
+
+
+
+ Initializes a new instance of the class with the specified name and content.
+
+ The constructor name.
+ The contents of the constructor.
+
+
+
+ Initializes a new instance of the class with the specified name.
+
+ The constructor name.
+
+
+
+ Writes this token to a .
+
+ A into which this method will write.
+ A collection of which will be used when writing the token.
+
+
+
+ Gets the with the specified key.
+
+ The with the specified key.
+
+
+
+ Loads a from a .
+
+ A that will be read for the content of the .
+ A that contains the JSON that was read from the specified .
+
+
+
+ Loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A that contains the JSON that was read from the specified .
+
+
+
+ Represents a token that can contain other tokens.
+
+
+
+
+ Occurs when the list changes or an item in the list changes.
+
+
+
+
+ Occurs before an item is added to the collection.
+
+
+
+
+ Occurs when the items list of the collection has changed, or the collection is reset.
+
+
+
+
+ Gets the container's children tokens.
+
+ The container's children tokens.
+
+
+
+ Raises the event.
+
+ The instance containing the event data.
+
+
+
+ Raises the event.
+
+ The instance containing the event data.
+
+
+
+ Raises the event.
+
+ The instance containing the event data.
+
+
+
+ Gets a value indicating whether this token has child tokens.
+
+
+ true if this token has child values; otherwise, false.
+
+
+
+
+ Get the first child token of this token.
+
+
+ A containing the first child token of the .
+
+
+
+
+ Get the last child token of this token.
+
+
+ A containing the last child token of the .
+
+
+
+
+ Returns a collection of the child tokens of this token, in document order.
+
+
+ An of containing the child tokens of this , in document order.
+
+
+
+
+ Returns a collection of the child values of this token, in document order.
+
+ The type to convert the values to.
+
+ A containing the child values of this , in document order.
+
+
+
+
+ Returns a collection of the descendant tokens for this token in document order.
+
+ An of containing the descendant tokens of the .
+
+
+
+ Returns a collection of the tokens that contain this token, and all descendant tokens of this token, in document order.
+
+ An of containing this token, and all the descendant tokens of the .
+
+
+
+ Adds the specified content as children of this .
+
+ The content to be added.
+
+
+
+ Adds the specified content as the first children of this .
+
+ The content to be added.
+
+
+
+ Creates a that can be used to add tokens to the .
+
+ A that is ready to have content written to it.
+
+
+
+ Replaces the child nodes of this token with the specified content.
+
+ The content.
+
+
+
+ Removes the child nodes from this token.
+
+
+
+
+ Merge the specified content into this .
+
+ The content to be merged.
+
+
+
+ Merge the specified content into this using .
+
+ The content to be merged.
+ The used to merge the content.
+
+
+
+ Gets the count of child JSON tokens.
+
+ The count of child JSON tokens.
+
+
+
+ Represents a collection of objects.
+
+ The type of token.
+
+
+
+ An empty collection of objects.
+
+
+
+
+ Initializes a new instance of the struct.
+
+ The enumerable.
+
+
+
+ Returns an enumerator that can be used to iterate through the collection.
+
+
+ A that can be used to iterate through the collection.
+
+
+
+
+ Gets the of with the specified key.
+
+
+
+
+
+ Determines whether the specified is equal to this instance.
+
+ The to compare with this instance.
+
+ true if the specified is equal to this instance; otherwise, false.
+
+
+
+
+ Determines whether the specified is equal to this instance.
+
+ The to compare with this instance.
+
+ true if the specified is equal to this instance; otherwise, false.
+
+
+
+
+ Returns a hash code for this instance.
+
+
+ A hash code for this instance, suitable for use in hashing algorithms and data structures like a hash table.
+
+
+
+
+ Represents a JSON object.
+
+
+
+
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ The token to monitor for cancellation requests.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous load. The
+ property returns a that contains the JSON that was read from the specified .
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous load. The
+ property returns a that contains the JSON that was read from the specified .
+
+
+
+ Gets the container's children tokens.
+
+ The container's children tokens.
+
+
+
+ Occurs when a property value changes.
+
+
+
+
+ Occurs when a property value is changing.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class from another object.
+
+ A object to copy from.
+
+
+
+ Initializes a new instance of the class with the specified content.
+
+ The contents of the object.
+
+
+
+ Initializes a new instance of the class with the specified content.
+
+ The contents of the object.
+
+
+
+ Gets the node type for this .
+
+ The type.
+
+
+
+ Gets an of of this object's properties.
+
+ An of of this object's properties.
+
+
+
+ Gets a with the specified name.
+
+ The property name.
+ A with the specified name or null.
+
+
+
+ Gets the with the specified name.
+ The exact name will be searched for first and if no matching property is found then
+ the will be used to match a property.
+
+ The property name.
+ One of the enumeration values that specifies how the strings will be compared.
+ A matched with the specified name or null.
+
+
+
+ Gets a of of this object's property values.
+
+ A of of this object's property values.
+
+
+
+ Gets the with the specified key.
+
+ The with the specified key.
+
+
+
+ Gets or sets the with the specified property name.
+
+
+
+
+
+ Loads a from a .
+
+ A that will be read for the content of the .
+ A that contains the JSON that was read from the specified .
+
+ is not valid JSON.
+
+
+
+
+ Loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A that contains the JSON that was read from the specified .
+
+ is not valid JSON.
+
+
+
+
+ Load a from a string that contains JSON.
+
+ A that contains JSON.
+ A populated from the string that contains JSON.
+
+ is not valid JSON.
+
+
+
+
+
+
+
+ Load a from a string that contains JSON.
+
+ A that contains JSON.
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A populated from the string that contains JSON.
+
+ is not valid JSON.
+
+
+
+
+
+
+
+ Creates a from an object.
+
+ The object that will be used to create .
+ A with the values of the specified object.
+
+
+
+ Creates a from an object.
+
+ The object that will be used to create .
+ The that will be used to read the object.
+ A with the values of the specified object.
+
+
+
+ Writes this token to a .
+
+ A into which this method will write.
+ A collection of which will be used when writing the token.
+
+
+
+ Gets the with the specified property name.
+
+ Name of the property.
+ The with the specified property name.
+
+
+
+ Gets the with the specified property name.
+ The exact property name will be searched for first and if no matching property is found then
+ the will be used to match a property.
+
+ Name of the property.
+ One of the enumeration values that specifies how the strings will be compared.
+ The with the specified property name.
+
+
+
+ Tries to get the with the specified property name.
+ The exact property name will be searched for first and if no matching property is found then
+ the will be used to match a property.
+
+ Name of the property.
+ The value.
+ One of the enumeration values that specifies how the strings will be compared.
+ true if a value was successfully retrieved; otherwise, false.
+
+
+
+ Adds the specified property name.
+
+ Name of the property.
+ The value.
+
+
+
+ Determines whether the JSON object has the specified property name.
+
+ Name of the property.
+ true if the JSON object has the specified property name; otherwise, false.
+
+
+
+ Removes the property with the specified name.
+
+ Name of the property.
+ true if item was successfully removed; otherwise, false.
+
+
+
+ Tries to get the with the specified property name.
+
+ Name of the property.
+ The value.
+ true if a value was successfully retrieved; otherwise, false.
+
+
+
+ Returns an enumerator that can be used to iterate through the collection.
+
+
+ A that can be used to iterate through the collection.
+
+
+
+
+ Raises the event with the provided arguments.
+
+ Name of the property.
+
+
+
+ Raises the event with the provided arguments.
+
+ Name of the property.
+
+
+
+ Returns the responsible for binding operations performed on this object.
+
+ The expression tree representation of the runtime value.
+
+ The to bind this object.
+
+
+
+
+ Represents a JSON property.
+
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ The token to monitor for cancellation requests.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The token to monitor for cancellation requests. The default value is .
+ A representing the asynchronous creation. The
+ property returns a that contains the JSON that was read from the specified .
+
+
+
+ Asynchronously loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+ A representing the asynchronous creation. The
+ property returns a that contains the JSON that was read from the specified .
+
+
+
+ Gets the container's children tokens.
+
+ The container's children tokens.
+
+
+
+ Gets the property name.
+
+ The property name.
+
+
+
+ Gets or sets the property value.
+
+ The property value.
+
+
+
+ Initializes a new instance of the class from another object.
+
+ A object to copy from.
+
+
+
+ Gets the node type for this .
+
+ The type.
+
+
+
+ Initializes a new instance of the class.
+
+ The property name.
+ The property content.
+
+
+
+ Initializes a new instance of the class.
+
+ The property name.
+ The property content.
+
+
+
+ Writes this token to a .
+
+ A into which this method will write.
+ A collection of which will be used when writing the token.
+
+
+
+ Loads a from a .
+
+ A that will be read for the content of the .
+ A that contains the JSON that was read from the specified .
+
+
+
+ Loads a from a .
+
+ A that will be read for the content of the .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A that contains the JSON that was read from the specified .
+
+
+
+ Represents a view of a .
+
+
+
+
+ Initializes a new instance of the class.
+
+ The name.
+
+
+
+ When overridden in a derived class, returns whether resetting an object changes its value.
+
+
+ true if resetting the component changes its value; otherwise, false.
+
+ The component to test for reset capability.
+
+
+
+ When overridden in a derived class, gets the current value of the property on a component.
+
+
+ The value of a property for a given component.
+
+ The component with the property for which to retrieve the value.
+
+
+
+ When overridden in a derived class, resets the value for this property of the component to the default value.
+
+ The component with the property value that is to be reset to the default value.
+
+
+
+ When overridden in a derived class, sets the value of the component to a different value.
+
+ The component with the property value that is to be set.
+ The new value.
+
+
+
+ When overridden in a derived class, determines a value indicating whether the value of this property needs to be persisted.
+
+
+ true if the property should be persisted; otherwise, false.
+
+ The component with the property to be examined for persistence.
+
+
+
+ When overridden in a derived class, gets the type of the component this property is bound to.
+
+
+ A that represents the type of component this property is bound to.
+ When the or
+
+ methods are invoked, the object specified might be an instance of this type.
+
+
+
+
+ When overridden in a derived class, gets a value indicating whether this property is read-only.
+
+
+ true if the property is read-only; otherwise, false.
+
+
+
+
+ When overridden in a derived class, gets the type of the property.
+
+
+ A that represents the type of the property.
+
+
+
+
+ Gets the hash code for the name of the member.
+
+
+
+ The hash code for the name of the member.
+
+
+
+
+ Represents a raw JSON string.
+
+
+
+
+ Asynchronously creates an instance of with the content of the reader's current token.
+
+ The reader.
+ The token to monitor for cancellation requests. The default value is .
+ A representing the asynchronous creation. The
+ property returns an instance of with the content of the reader's current token.
+
+
+
+ Initializes a new instance of the class from another object.
+
+ A object to copy from.
+
+
+
+ Initializes a new instance of the class.
+
+ The raw json.
+
+
+
+ Creates an instance of with the content of the reader's current token.
+
+ The reader.
+ An instance of with the content of the reader's current token.
+
+
+
+ Specifies the settings used when loading JSON.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Gets or sets how JSON comments are handled when loading JSON.
+
+ The JSON comment handling.
+
+
+
+ Gets or sets how JSON line info is handled when loading JSON.
+
+ The JSON line info handling.
+
+
+
+ Specifies the settings used when merging JSON.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Gets or sets the method used when merging JSON arrays.
+
+ The method used when merging JSON arrays.
+
+
+
+ Gets or sets how null value properties are merged.
+
+ How null value properties are merged.
+
+
+
+ Gets or sets the comparison used to match property names while merging.
+ The exact property name will be searched for first and if no matching property is found then
+ the will be used to match a property.
+
+ The comparison used to match property names while merging.
+
+
+
+ Represents an abstract JSON token.
+
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ The token to monitor for cancellation requests.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Asynchronously creates a from a .
+
+ An positioned at the token to read into this .
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous creation. The
+ property returns a that contains
+ the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Asynchronously creates a from a .
+
+ An positioned at the token to read into this .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous creation. The
+ property returns a that contains
+ the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Asynchronously creates a from a .
+
+ A positioned at the token to read into this .
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous creation. The
+ property returns a that contains the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Asynchronously creates a from a .
+
+ A positioned at the token to read into this .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ The token to monitor for cancellation requests. The default value is .
+
+ A that represents the asynchronous creation. The
+ property returns a that contains the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Gets a comparer that can compare two tokens for value equality.
+
+ A that can compare two nodes for value equality.
+
+
+
+ Gets or sets the parent.
+
+ The parent.
+
+
+
+ Gets the root of this .
+
+ The root of this .
+
+
+
+ Gets the node type for this .
+
+ The type.
+
+
+
+ Gets a value indicating whether this token has child tokens.
+
+
+ true if this token has child values; otherwise, false.
+
+
+
+
+ Compares the values of two tokens, including the values of all descendant tokens.
+
+ The first to compare.
+ The second to compare.
+ true if the tokens are equal; otherwise false.
+
+
+
+ Gets the next sibling token of this node.
+
+ The that contains the next sibling token.
+
+
+
+ Gets the previous sibling token of this node.
+
+ The that contains the previous sibling token.
+
+
+
+ Gets the path of the JSON token.
+
+
+
+
+ Adds the specified content immediately after this token.
+
+ A content object that contains simple content or a collection of content objects to be added after this token.
+
+
+
+ Adds the specified content immediately before this token.
+
+ A content object that contains simple content or a collection of content objects to be added before this token.
+
+
+
+ Returns a collection of the ancestor tokens of this token.
+
+ A collection of the ancestor tokens of this token.
+
+
+
+ Returns a collection of tokens that contain this token, and the ancestors of this token.
+
+ A collection of tokens that contain this token, and the ancestors of this token.
+
+
+
+ Returns a collection of the sibling tokens after this token, in document order.
+
+ A collection of the sibling tokens after this tokens, in document order.
+
+
+
+ Returns a collection of the sibling tokens before this token, in document order.
+
+ A collection of the sibling tokens before this token, in document order.
+
+
+
+ Gets the with the specified key.
+
+ The with the specified key.
+
+
+
+ Gets the with the specified key converted to the specified type.
+
+ The type to convert the token to.
+ The token key.
+ The converted token value.
+
+
+
+ Get the first child token of this token.
+
+ A containing the first child token of the .
+
+
+
+ Get the last child token of this token.
+
+ A containing the last child token of the .
+
+
+
+ Returns a collection of the child tokens of this token, in document order.
+
+ An of containing the child tokens of this , in document order.
+
+
+
+ Returns a collection of the child tokens of this token, in document order, filtered by the specified type.
+
+ The type to filter the child tokens on.
+ A containing the child tokens of this , in document order.
+
+
+
+ Returns a collection of the child values of this token, in document order.
+
+ The type to convert the values to.
+ A containing the child values of this , in document order.
+
+
+
+ Removes this token from its parent.
+
+
+
+
+ Replaces this token with the specified token.
+
+ The value.
+
+
+
+ Writes this token to a .
+
+ A into which this method will write.
+ A collection of which will be used when writing the token.
+
+
+
+ Returns the indented JSON for this token.
+
+
+ The indented JSON for this token.
+
+
+
+
+ Returns the JSON for this token using the given formatting and converters.
+
+ Indicates how the output should be formatted.
+ A collection of s which will be used when writing the token.
+ The JSON for this token using the given formatting and converters.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to [].
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to of .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an explicit conversion from to .
+
+ The value.
+ The result of the conversion.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from [] to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Performs an implicit conversion from of to .
+
+ The value to create a from.
+ The initialized with the specified value.
+
+
+
+ Creates a for this token.
+
+ A that can be used to read this token and its descendants.
+
+
+
+ Creates a from an object.
+
+ The object that will be used to create .
+ A with the value of the specified object.
+
+
+
+ Creates a from an object using the specified .
+
+ The object that will be used to create .
+ The that will be used when reading the object.
+ A with the value of the specified object.
+
+
+
+ Creates an instance of the specified .NET type from the .
+
+ The object type that the token will be deserialized to.
+ The new object created from the JSON value.
+
+
+
+ Creates an instance of the specified .NET type from the .
+
+ The object type that the token will be deserialized to.
+ The new object created from the JSON value.
+
+
+
+ Creates an instance of the specified .NET type from the using the specified .
+
+ The object type that the token will be deserialized to.
+ The that will be used when creating the object.
+ The new object created from the JSON value.
+
+
+
+ Creates an instance of the specified .NET type from the using the specified .
+
+ The object type that the token will be deserialized to.
+ The that will be used when creating the object.
+ The new object created from the JSON value.
+
+
+
+ Creates a from a .
+
+ A positioned at the token to read into this .
+
+ A that contains the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Creates a from a .
+
+ An positioned at the token to read into this .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+
+ A that contains the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Load a from a string that contains JSON.
+
+ A that contains JSON.
+ A populated from the string that contains JSON.
+
+
+
+ Load a from a string that contains JSON.
+
+ A that contains JSON.
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+ A populated from the string that contains JSON.
+
+
+
+ Creates a from a .
+
+ A positioned at the token to read into this .
+ The used to load the JSON.
+ If this is null, default load settings will be used.
+
+ A that contains the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Creates a from a .
+
+ A positioned at the token to read into this .
+
+ A that contains the token and its descendant tokens
+ that were read from the reader. The runtime type of the token is determined
+ by the token type of the first token encountered in the reader.
+
+
+
+
+ Selects a using a JPath expression. Selects the token that matches the object path.
+
+
+ A that contains a JPath expression.
+
+ A , or null.
+
+
+
+ Selects a using a JPath expression. Selects the token that matches the object path.
+
+
+ A that contains a JPath expression.
+
+ A flag to indicate whether an error should be thrown if no tokens are found when evaluating part of the expression.
+ A .
+
+
+
+ Selects a collection of elements using a JPath expression.
+
+
+ A that contains a JPath expression.
+
+ An of that contains the selected elements.
+
+
+
+ Selects a collection of elements using a JPath expression.
+
+
+ A that contains a JPath expression.
+
+ A flag to indicate whether an error should be thrown if no tokens are found when evaluating part of the expression.
+ An of that contains the selected elements.
+
+
+
+ Returns the responsible for binding operations performed on this object.
+
+ The expression tree representation of the runtime value.
+
+ The to bind this object.
+
+
+
+
+ Returns the responsible for binding operations performed on this object.
+
+ The expression tree representation of the runtime value.
+
+ The to bind this object.
+
+
+
+
+ Creates a new instance of the . All child tokens are recursively cloned.
+
+ A new instance of the .
+
+
+
+ Adds an object to the annotation list of this .
+
+ The annotation to add.
+
+
+
+ Get the first annotation object of the specified type from this .
+
+ The type of the annotation to retrieve.
+ The first annotation object that matches the specified type, or null if no annotation is of the specified type.
+
+
+
+ Gets the first annotation object of the specified type from this .
+
+ The of the annotation to retrieve.
+ The first annotation object that matches the specified type, or null if no annotation is of the specified type.
+
+
+
+ Gets a collection of annotations of the specified type for this .
+
+ The type of the annotations to retrieve.
+ An that contains the annotations for this .
+
+
+
+ Gets a collection of annotations of the specified type for this .
+
+ The of the annotations to retrieve.
+ An of that contains the annotations that match the specified type for this .
+
+
+
+ Removes the annotations of the specified type from this .
+
+ The type of annotations to remove.
+
+
+
+ Removes the annotations of the specified type from this .
+
+ The of annotations to remove.
+
+
+
+ Compares tokens to determine whether they are equal.
+
+
+
+
+ Determines whether the specified objects are equal.
+
+ The first object of type to compare.
+ The second object of type to compare.
+
+ true if the specified objects are equal; otherwise, false.
+
+
+
+
+ Returns a hash code for the specified object.
+
+ The for which a hash code is to be returned.
+ A hash code for the specified object.
+ The type of is a reference type and is null.
+
+
+
+ Represents a reader that provides fast, non-cached, forward-only access to serialized JSON data.
+
+
+
+
+ Gets the at the reader's current position.
+
+
+
+
+ Initializes a new instance of the class.
+
+ The token to read from.
+
+
+
+ Reads the next JSON token from the underlying .
+
+
+ true if the next token was read successfully; false if there are no more tokens to read.
+
+
+
+
+ Gets the path of the current JSON token.
+
+
+
+
+ Specifies the type of token.
+
+
+
+
+ No token type has been set.
+
+
+
+
+ A JSON object.
+
+
+
+
+ A JSON array.
+
+
+
+
+ A JSON constructor.
+
+
+
+
+ A JSON object property.
+
+
+
+
+ A comment.
+
+
+
+
+ An integer value.
+
+
+
+
+ A float value.
+
+
+
+
+ A string value.
+
+
+
+
+ A boolean value.
+
+
+
+
+ A null value.
+
+
+
+
+ An undefined value.
+
+
+
+
+ A date value.
+
+
+
+
+ A raw JSON value.
+
+
+
+
+ A collection of bytes value.
+
+
+
+
+ A Guid value.
+
+
+
+
+ A Uri value.
+
+
+
+
+ A TimeSpan value.
+
+
+
+
+ Represents a writer that provides a fast, non-cached, forward-only way of generating JSON data.
+
+
+
+
+ Gets the at the writer's current position.
+
+
+
+
+ Gets the token being written.
+
+ The token being written.
+
+
+
+ Initializes a new instance of the class writing to the given .
+
+ The container being written to.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Flushes whatever is in the buffer to the underlying .
+
+
+
+
+ Closes this writer.
+ If is set to true, the JSON is auto-completed.
+
+
+ Setting to true has no additional effect, since the underlying is a type that cannot be closed.
+
+
+
+
+ Writes the beginning of a JSON object.
+
+
+
+
+ Writes the beginning of a JSON array.
+
+
+
+
+ Writes the start of a constructor with the given name.
+
+ The name of the constructor.
+
+
+
+ Writes the end.
+
+ The token.
+
+
+
+ Writes the property name of a name/value pair on a JSON object.
+
+ The name of the property.
+
+
+
+ Writes a value.
+ An error will be raised if the value cannot be written as a single JSON token.
+
+ The value to write.
+
+
+
+ Writes a null value.
+
+
+
+
+ Writes an undefined value.
+
+
+
+
+ Writes raw JSON.
+
+ The raw JSON to write.
+
+
+
+ Writes a comment /*...*/ containing the specified text.
+
+ Text to place inside the comment.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a [] value.
+
+ The [] value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Writes a value.
+
+ The value to write.
+
+
+
+ Represents a value in JSON (string, integer, date, etc).
+
+
+
+
+ Writes this token to a asynchronously.
+
+ A into which this method will write.
+ The token to monitor for cancellation requests.
+ A collection of which will be used when writing the token.
+ A that represents the asynchronous write operation.
+
+
+
+ Initializes a new instance of the class from another object.
+
+ A object to copy from.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Initializes a new instance of the class with the given value.
+
+ The value.
+
+
+
+ Gets a value indicating whether this token has child tokens.
+
+
+ true if this token has child values; otherwise, false.
+
+
+
+
+ Creates a comment with the given value.
+
+ The value.
+ A comment with the given value.
+
+
+
+ Creates a string with the given value.
+
+ The value.
+ A string with the given value.
+
+
+
+ Creates a null value.
+
+ A null value.
+
+
+
+ Creates a undefined value.
+
+ A undefined value.
+
+
+
+ Gets the node type for this .
+
+ The type.
+
+
+
+ Gets or sets the underlying token value.
+
+ The underlying token value.
+
+
+
+ Writes this token to a .
+
+ A into which this method will write.
+ A collection of s which will be used when writing the token.
+
+
+
+ Indicates whether the current object is equal to another object of the same type.
+
+
+ true if the current object is equal to the parameter; otherwise, false.
+
+ An object to compare with this object.
+
+
+
+ Determines whether the specified is equal to the current .
+
+ The to compare with the current .
+
+ true if the specified is equal to the current ; otherwise, false.
+
+
+
+
+ Serves as a hash function for a particular type.
+
+
+ A hash code for the current .
+
+
+
+
+ Returns a that represents this instance.
+
+
+ A that represents this instance.
+
+
+
+
+ Returns a that represents this instance.
+
+ The format.
+
+ A that represents this instance.
+
+
+
+
+ Returns a that represents this instance.
+
+ The format provider.
+
+ A that represents this instance.
+
+
+
+
+ Returns a that represents this instance.
+
+ The format.
+ The format provider.
+
+ A that represents this instance.
+
+
+
+
+ Returns the responsible for binding operations performed on this object.
+
+ The expression tree representation of the runtime value.
+
+ The to bind this object.
+
+
+
+
+ Compares the current instance with another object of the same type and returns an integer that indicates whether the current instance precedes, follows, or occurs in the same position in the sort order as the other object.
+
+ An object to compare with this instance.
+
+ A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has these meanings:
+ Value
+ Meaning
+ Less than zero
+ This instance is less than .
+ Zero
+ This instance is equal to .
+ Greater than zero
+ This instance is greater than .
+
+
+ is not of the same type as this instance.
+
+
+
+
+ Specifies how line information is handled when loading JSON.
+
+
+
+
+ Ignore line information.
+
+
+
+
+ Load line information.
+
+
+
+
+ Specifies how JSON arrays are merged together.
+
+
+
+ Concatenate arrays.
+
+
+ Union arrays, skipping items that already exist.
+
+
+ Replace all array items.
+
+
+ Merge array items together, matched by index.
+
+
+
+ Specifies how null value properties are merged.
+
+
+
+
+ The content's null value properties will be ignored during merging.
+
+
+
+
+ The content's null value properties will be merged.
+
+
+
+
+ Specifies the member serialization options for the .
+
+
+
+
+ All public members are serialized by default. Members can be excluded using or .
+ This is the default member serialization mode.
+
+
+
+
+ Only members marked with or are serialized.
+ This member serialization mode can also be set by marking the class with .
+
+
+
+
+ All public and private fields are serialized. Members can be excluded using or .
+ This member serialization mode can also be set by marking the class with
+ and setting IgnoreSerializableAttribute on to false.
+
+
+
+
+ Specifies metadata property handling options for the .
+
+
+
+
+ Read metadata properties located at the start of a JSON object.
+
+
+
+
+ Read metadata properties located anywhere in a JSON object. Note that this setting will impact performance.
+
+
+
+
+ Do not try to read metadata properties.
+
+
+
+
+ Specifies missing member handling options for the .
+
+
+
+
+ Ignore a missing member and do not attempt to deserialize it.
+
+
+
+
+ Throw a when a missing member is encountered during deserialization.
+
+
+
+
+ Specifies null value handling options for the .
+
+
+
+
+
+
+
+
+ Include null values when serializing and deserializing objects.
+
+
+
+
+ Ignore null values when serializing and deserializing objects.
+
+
+
+
+ Specifies how object creation is handled by the .
+
+
+
+
+ Reuse existing objects, create new objects when needed.
+
+
+
+
+ Only reuse existing objects.
+
+
+
+
+ Always create new objects.
+
+
+
+
+ Specifies reference handling options for the .
+ Note that references cannot be preserved when a value is set via a non-default constructor such as types that implement .
+
+
+
+
+
+
+
+ Do not preserve references when serializing types.
+
+
+
+
+ Preserve references when serializing into a JSON object structure.
+
+
+
+
+ Preserve references when serializing into a JSON array structure.
+
+
+
+
+ Preserve references when serializing.
+
+
+
+
+ Specifies reference loop handling options for the .
+
+
+
+
+ Throw a when a loop is encountered.
+
+
+
+
+ Ignore loop references and do not serialize.
+
+
+
+
+ Serialize loop references.
+
+
+
+
+ Indicating whether a property is required.
+
+
+
+
+ The property is not required. The default state.
+
+
+
+
+ The property must be defined in JSON but can be a null value.
+
+
+
+
+ The property must be defined in JSON and cannot be a null value.
+
+
+
+
+ The property is not required but it cannot be a null value.
+
+
+
+
+
+ Contains the JSON schema extension methods.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+
+ Determines whether the is valid.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+ The source to test.
+ The schema to test with.
+
+ true if the specified is valid; otherwise, false.
+
+
+
+
+
+ Determines whether the is valid.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+ The source to test.
+ The schema to test with.
+ When this method returns, contains any error messages generated while validating.
+
+ true if the specified is valid; otherwise, false.
+
+
+
+
+
+ Validates the specified .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+ The source to test.
+ The schema to test with.
+
+
+
+
+ Validates the specified .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+ The source to test.
+ The schema to test with.
+ The validation event handler.
+
+
+
+
+ An in-memory representation of a JSON Schema.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Gets or sets the id.
+
+
+
+
+ Gets or sets the title.
+
+
+
+
+ Gets or sets whether the object is required.
+
+
+
+
+ Gets or sets whether the object is read-only.
+
+
+
+
+ Gets or sets whether the object is visible to users.
+
+
+
+
+ Gets or sets whether the object is transient.
+
+
+
+
+ Gets or sets the description of the object.
+
+
+
+
+ Gets or sets the types of values allowed by the object.
+
+ The type.
+
+
+
+ Gets or sets the pattern.
+
+ The pattern.
+
+
+
+ Gets or sets the minimum length.
+
+ The minimum length.
+
+
+
+ Gets or sets the maximum length.
+
+ The maximum length.
+
+
+
+ Gets or sets a number that the value should be divisible by.
+
+ A number that the value should be divisible by.
+
+
+
+ Gets or sets the minimum.
+
+ The minimum.
+
+
+
+ Gets or sets the maximum.
+
+ The maximum.
+
+
+
+ Gets or sets a flag indicating whether the value can not equal the number defined by the minimum attribute ().
+
+ A flag indicating whether the value can not equal the number defined by the minimum attribute ().
+
+
+
+ Gets or sets a flag indicating whether the value can not equal the number defined by the maximum attribute ().
+
+ A flag indicating whether the value can not equal the number defined by the maximum attribute ().
+
+
+
+ Gets or sets the minimum number of items.
+
+ The minimum number of items.
+
+
+
+ Gets or sets the maximum number of items.
+
+ The maximum number of items.
+
+
+
+ Gets or sets the of items.
+
+ The of items.
+
+
+
+ Gets or sets a value indicating whether items in an array are validated using the instance at their array position from .
+
+
+ true if items are validated using their array position; otherwise, false.
+
+
+
+
+ Gets or sets the of additional items.
+
+ The of additional items.
+
+
+
+ Gets or sets a value indicating whether additional items are allowed.
+
+
+ true if additional items are allowed; otherwise, false.
+
+
+
+
+ Gets or sets whether the array items must be unique.
+
+
+
+
+ Gets or sets the of properties.
+
+ The of properties.
+
+
+
+ Gets or sets the of additional properties.
+
+ The of additional properties.
+
+
+
+ Gets or sets the pattern properties.
+
+ The pattern properties.
+
+
+
+ Gets or sets a value indicating whether additional properties are allowed.
+
+
+ true if additional properties are allowed; otherwise, false.
+
+
+
+
+ Gets or sets the required property if this property is present.
+
+ The required property if this property is present.
+
+
+
+ Gets or sets the a collection of valid enum values allowed.
+
+ A collection of valid enum values allowed.
+
+
+
+ Gets or sets disallowed types.
+
+ The disallowed types.
+
+
+
+ Gets or sets the default value.
+
+ The default value.
+
+
+
+ Gets or sets the collection of that this schema extends.
+
+ The collection of that this schema extends.
+
+
+
+ Gets or sets the format.
+
+ The format.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Reads a from the specified .
+
+ The containing the JSON Schema to read.
+ The object representing the JSON Schema.
+
+
+
+ Reads a from the specified .
+
+ The containing the JSON Schema to read.
+ The to use when resolving schema references.
+ The object representing the JSON Schema.
+
+
+
+ Load a from a string that contains JSON Schema.
+
+ A that contains JSON Schema.
+ A populated from the string that contains JSON Schema.
+
+
+
+ Load a from a string that contains JSON Schema using the specified .
+
+ A that contains JSON Schema.
+ The resolver.
+ A populated from the string that contains JSON Schema.
+
+
+
+ Writes this schema to a .
+
+ A into which this method will write.
+
+
+
+ Writes this schema to a using the specified .
+
+ A into which this method will write.
+ The resolver used.
+
+
+
+ Returns a that represents the current .
+
+
+ A that represents the current .
+
+
+
+
+
+ Returns detailed information about the schema exception.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Gets the line number indicating where the error occurred.
+
+ The line number indicating where the error occurred.
+
+
+
+ Gets the line position indicating where the error occurred.
+
+ The line position indicating where the error occurred.
+
+
+
+ Gets the path to the JSON where the error occurred.
+
+ The path to the JSON where the error occurred.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Initializes a new instance of the class
+ with a specified error message.
+
+ The error message that explains the reason for the exception.
+
+
+
+ Initializes a new instance of the class
+ with a specified error message and a reference to the inner exception that is the cause of this exception.
+
+ The error message that explains the reason for the exception.
+ The exception that is the cause of the current exception, or null if no inner exception is specified.
+
+
+
+ Initializes a new instance of the class.
+
+ The that holds the serialized object data about the exception being thrown.
+ The that contains contextual information about the source or destination.
+ The parameter is null.
+ The class name is null or is zero (0).
+
+
+
+
+ Generates a from a specified .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Gets or sets how undefined schemas are handled by the serializer.
+
+
+
+
+ Gets or sets the contract resolver.
+
+ The contract resolver.
+
+
+
+ Generate a from the specified type.
+
+ The type to generate a from.
+ A generated from the specified type.
+
+
+
+ Generate a from the specified type.
+
+ The type to generate a from.
+ The used to resolve schema references.
+ A generated from the specified type.
+
+
+
+ Generate a from the specified type.
+
+ The type to generate a from.
+ Specify whether the generated root will be nullable.
+ A generated from the specified type.
+
+
+
+ Generate a from the specified type.
+
+ The type to generate a from.
+ The used to resolve schema references.
+ Specify whether the generated root will be nullable.
+ A generated from the specified type.
+
+
+
+
+ Resolves from an id.
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Gets or sets the loaded schemas.
+
+ The loaded schemas.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Gets a for the specified reference.
+
+ The id.
+ A for the specified reference.
+
+
+
+
+ The value types allowed by the .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ No type specified.
+
+
+
+
+ String type.
+
+
+
+
+ Float type.
+
+
+
+
+ Integer type.
+
+
+
+
+ Boolean type.
+
+
+
+
+ Object type.
+
+
+
+
+ Array type.
+
+
+
+
+ Null type.
+
+
+
+
+ Any type.
+
+
+
+
+
+ Specifies undefined schema Id handling options for the .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Do not infer a schema Id.
+
+
+
+
+ Use the .NET type name as the schema Id.
+
+
+
+
+ Use the assembly qualified .NET type name as the schema Id.
+
+
+
+
+
+ Returns detailed information related to the .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ Gets the associated with the validation error.
+
+ The JsonSchemaException associated with the validation error.
+
+
+
+ Gets the path of the JSON location where the validation error occurred.
+
+ The path of the JSON location where the validation error occurred.
+
+
+
+ Gets the text description corresponding to the validation error.
+
+ The text description.
+
+
+
+
+ Represents the callback method that will handle JSON schema validation events and the .
+
+
+ JSON Schema validation has been moved to its own package. See https://www.newtonsoft.com/jsonschema for more details.
+
+
+
+
+
+ A camel case naming strategy.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+ A flag indicating whether dictionary keys should be processed.
+
+
+ A flag indicating whether explicitly specified property names should be processed,
+ e.g. a property name customized with a .
+
+
+
+
+ Initializes a new instance of the class.
+
+
+ A flag indicating whether dictionary keys should be processed.
+
+
+ A flag indicating whether explicitly specified property names should be processed,
+ e.g. a property name customized with a .
+
+
+ A flag indicating whether extension data names should be processed.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Resolves the specified property name.
+
+ The property name to resolve.
+ The resolved property name.
+
+
+
+ Resolves member mappings for a type, camel casing property names.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Resolves the contract for a given type.
+
+ The type to resolve a contract for.
+ The contract for a given type.
+
+
+
+ Used by to resolve a for a given .
+
+
+
+
+ Gets a value indicating whether members are being get and set using dynamic code generation.
+ This value is determined by the runtime permissions available.
+
+
+ true if using dynamic code generation; otherwise, false.
+
+
+
+
+ Gets or sets the default members search flags.
+
+ The default members search flags.
+
+
+
+ Gets or sets a value indicating whether compiler generated members should be serialized.
+
+
+ true if serialized compiler generated members; otherwise, false.
+
+
+
+
+ Gets or sets a value indicating whether to ignore the interface when serializing and deserializing types.
+
+
+ true if the interface will be ignored when serializing and deserializing types; otherwise, false.
+
+
+
+
+ Gets or sets a value indicating whether to ignore the attribute when serializing and deserializing types.
+
+
+ true if the attribute will be ignored when serializing and deserializing types; otherwise, false.
+
+
+
+
+ Gets or sets a value indicating whether to ignore IsSpecified members when serializing and deserializing types.
+
+
+ true if the IsSpecified members will be ignored when serializing and deserializing types; otherwise, false.
+
+
+
+
+ Gets or sets a value indicating whether to ignore ShouldSerialize members when serializing and deserializing types.
+
+
+ true if the ShouldSerialize members will be ignored when serializing and deserializing types; otherwise, false.
+
+
+
+
+ Gets or sets the naming strategy used to resolve how property names and dictionary keys are serialized.
+
+ The naming strategy used to resolve how property names and dictionary keys are serialized.
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Resolves the contract for a given type.
+
+ The type to resolve a contract for.
+ The contract for a given type.
+
+
+
+ Gets the serializable members for the type.
+
+ The type to get serializable members for.
+ The serializable members for the type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates the constructor parameters.
+
+ The constructor to create properties for.
+ The type's member properties.
+ Properties for the given .
+
+
+
+ Creates a for the given .
+
+ The matching member property.
+ The constructor parameter.
+ A created for the given .
+
+
+
+ Resolves the default for the contract.
+
+ Type of the object.
+ The contract's default .
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates a for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Determines which contract type is created for the given type.
+
+ Type of the object.
+ A for the given type.
+
+
+
+ Creates properties for the given .
+
+ The type to create properties for.
+ /// The member serialization mode for the type.
+ Properties for the given .
+
+
+
+ Creates the used by the serializer to get and set values from a member.
+
+ The member.
+ The used by the serializer to get and set values from a member.
+
+
+
+ Creates a for the given .
+
+ The member's parent .
+ The member to create a for.
+ A created for the given .
+
+
+
+ Resolves the name of the property.
+
+ Name of the property.
+ Resolved name of the property.
+
+
+
+ Resolves the name of the extension data. By default no changes are made to extension data names.
+
+ Name of the extension data.
+ Resolved name of the extension data.
+
+
+
+ Resolves the key of the dictionary. By default is used to resolve dictionary keys.
+
+ Key of the dictionary.
+ Resolved key of the dictionary.
+
+
+
+ Gets the resolved name of the property.
+
+ Name of the property.
+ Name of the property.
+
+
+
+ The default naming strategy. Property names and dictionary keys are unchanged.
+
+
+
+
+ Resolves the specified property name.
+
+ The property name to resolve.
+ The resolved property name.
+
+
+
+ The default serialization binder used when resolving and loading classes from type names.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ When overridden in a derived class, controls the binding of a serialized object to a type.
+
+ Specifies the name of the serialized object.
+ Specifies the name of the serialized object.
+
+ The type of the object the formatter creates a new instance of.
+
+
+
+
+ When overridden in a derived class, controls the binding of a serialized object to a type.
+
+ The type of the object the formatter creates a new instance of.
+ Specifies the name of the serialized object.
+ Specifies the name of the serialized object.
+
+
+
+ Represents a trace writer that writes to the application's instances.
+
+
+
+
+ Gets the that will be used to filter the trace messages passed to the writer.
+ For example a filter level of will exclude messages and include ,
+ and messages.
+
+
+ The that will be used to filter the trace messages passed to the writer.
+
+
+
+
+ Writes the specified trace level, message and optional exception.
+
+ The at which to write this trace.
+ The trace message.
+ The trace exception. This parameter is optional.
+
+
+
+ Get and set values for a using dynamic methods.
+
+
+
+
+ Initializes a new instance of the class.
+
+ The member info.
+
+
+
+ Sets the value.
+
+ The target to set the value on.
+ The value to set on the target.
+
+
+
+ Gets the value.
+
+ The target to get the value from.
+ The value.
+
+
+
+ Provides information surrounding an error.
+
+
+
+
+ Gets the error.
+
+ The error.
+
+
+
+ Gets the original object that caused the error.
+
+ The original object that caused the error.
+
+
+
+ Gets the member that caused the error.
+
+ The member that caused the error.
+
+
+
+ Gets the path of the JSON location where the error occurred.
+
+ The path of the JSON location where the error occurred.
+
+
+
+ Gets or sets a value indicating whether this is handled.
+
+ true if handled; otherwise, false.
+
+
+
+ Provides data for the Error event.
+
+
+
+
+ Gets the current object the error event is being raised against.
+
+ The current object the error event is being raised against.
+
+
+
+ Gets the error context.
+
+ The error context.
+
+
+
+ Initializes a new instance of the class.
+
+ The current object.
+ The error context.
+
+
+
+ Get and set values for a using dynamic methods.
+
+
+
+
+ Initializes a new instance of the class.
+
+ The member info.
+
+
+
+ Sets the value.
+
+ The target to set the value on.
+ The value to set on the target.
+
+
+
+ Gets the value.
+
+ The target to get the value from.
+ The value.
+
+
+
+ Provides methods to get attributes.
+
+
+
+
+ Returns a collection of all of the attributes, or an empty collection if there are no attributes.
+
+ When true, look up the hierarchy chain for the inherited custom attribute.
+ A collection of s, or an empty collection.
+
+
+
+ Returns a collection of attributes, identified by type, or an empty collection if there are no attributes.
+
+ The type of the attributes.
+ When true, look up the hierarchy chain for the inherited custom attribute.
+ A collection of s, or an empty collection.
+
+
+
+ Used by to resolve a for a given .
+
+
+
+
+
+
+
+
+ Resolves the contract for a given type.
+
+ The type to resolve a contract for.
+ The contract for a given type.
+
+
+
+ Used to resolve references when serializing and deserializing JSON by the .
+
+
+
+
+ Resolves a reference to its object.
+
+ The serialization context.
+ The reference to resolve.
+ The object that was resolved from the reference.
+
+
+
+ Gets the reference for the specified object.
+
+ The serialization context.
+ The object to get a reference for.
+ The reference to the object.
+
+
+
+ Determines whether the specified object is referenced.
+
+ The serialization context.
+ The object to test for a reference.
+
+ true if the specified object is referenced; otherwise, false.
+
+
+
+
+ Adds a reference to the specified object.
+
+ The serialization context.
+ The reference.
+ The object to reference.
+
+
+
+ Allows users to control class loading and mandate what class to load.
+
+
+
+
+ When implemented, controls the binding of a serialized object to a type.
+
+ Specifies the name of the serialized object.
+ Specifies the name of the serialized object
+ The type of the object the formatter creates a new instance of.
+
+
+
+ When implemented, controls the binding of a serialized object to a type.
+
+ The type of the object the formatter creates a new instance of.
+ Specifies the name of the serialized object.
+ Specifies the name of the serialized object.
+
+
+
+ Represents a trace writer.
+
+
+
+
+ Gets the that will be used to filter the trace messages passed to the writer.
+ For example a filter level of will exclude messages and include ,
+ and messages.
+
+ The that will be used to filter the trace messages passed to the writer.
+
+
+
+ Writes the specified trace level, message and optional exception.
+
+ The at which to write this trace.
+ The trace message.
+ The trace exception. This parameter is optional.
+
+
+
+ Provides methods to get and set values.
+
+
+
+
+ Sets the value.
+
+ The target to set the value on.
+ The value to set on the target.
+
+
+
+ Gets the value.
+
+ The target to get the value from.
+ The value.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets the of the collection items.
+
+ The of the collection items.
+
+
+
+ Gets a value indicating whether the collection type is a multidimensional array.
+
+ true if the collection type is a multidimensional array; otherwise, false.
+
+
+
+ Gets or sets the function used to create the object. When set this function will override .
+
+ The function used to create the object.
+
+
+
+ Gets a value indicating whether the creator has a parameter with the collection values.
+
+ true if the creator has a parameter with the collection values; otherwise, false.
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets or sets the default collection items .
+
+ The converter.
+
+
+
+ Gets or sets a value indicating whether the collection items preserve object references.
+
+ true if collection items preserve object references; otherwise, false.
+
+
+
+ Gets or sets the collection item reference loop handling.
+
+ The reference loop handling.
+
+
+
+ Gets or sets the collection item type name handling.
+
+ The type name handling.
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Handles serialization callback events.
+
+ The object that raised the callback event.
+ The streaming context.
+
+
+
+ Handles serialization error callback events.
+
+ The object that raised the callback event.
+ The streaming context.
+ The error context.
+
+
+
+ Sets extension data for an object during deserialization.
+
+ The object to set extension data on.
+ The extension data key.
+ The extension data value.
+
+
+
+ Gets extension data for an object during serialization.
+
+ The object to set extension data on.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets the underlying type for the contract.
+
+ The underlying type for the contract.
+
+
+
+ Gets or sets the type created during deserialization.
+
+ The type created during deserialization.
+
+
+
+ Gets or sets whether this type contract is serialized as a reference.
+
+ Whether this type contract is serialized as a reference.
+
+
+
+ Gets or sets the default for this contract.
+
+ The converter.
+
+
+
+ Gets or sets all methods called immediately after deserialization of the object.
+
+ The methods called immediately after deserialization of the object.
+
+
+
+ Gets or sets all methods called during deserialization of the object.
+
+ The methods called during deserialization of the object.
+
+
+
+ Gets or sets all methods called after serialization of the object graph.
+
+ The methods called after serialization of the object graph.
+
+
+
+ Gets or sets all methods called before serialization of the object.
+
+ The methods called before serialization of the object.
+
+
+
+ Gets or sets all method called when an error is thrown during the serialization of the object.
+
+ The methods called when an error is thrown during the serialization of the object.
+
+
+
+ Gets or sets the default creator method used to create the object.
+
+ The default creator method used to create the object.
+
+
+
+ Gets or sets a value indicating whether the default creator is non-public.
+
+ true if the default object creator is non-public; otherwise, false.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets or sets the dictionary key resolver.
+
+ The dictionary key resolver.
+
+
+
+ Gets the of the dictionary keys.
+
+ The of the dictionary keys.
+
+
+
+ Gets the of the dictionary values.
+
+ The of the dictionary values.
+
+
+
+ Gets or sets the function used to create the object. When set this function will override .
+
+ The function used to create the object.
+
+
+
+ Gets a value indicating whether the creator has a parameter with the dictionary values.
+
+ true if the creator has a parameter with the dictionary values; otherwise, false.
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets the object's properties.
+
+ The object's properties.
+
+
+
+ Gets or sets the property name resolver.
+
+ The property name resolver.
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets or sets the object constructor.
+
+ The object constructor.
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Gets or sets the object member serialization.
+
+ The member object serialization.
+
+
+
+ Gets or sets a value that indicates whether the object's properties are required.
+
+
+ A value indicating whether the object's properties are required.
+
+
+
+
+ Gets or sets how the object's properties with null values are handled during serialization and deserialization.
+
+ How the object's properties with null values are handled during serialization and deserialization.
+
+
+
+ Gets the object's properties.
+
+ The object's properties.
+
+
+
+ Gets a collection of instances that define the parameters used with .
+
+
+
+
+ Gets or sets the function used to create the object. When set this function will override .
+ This function is called with a collection of arguments which are defined by the collection.
+
+ The function used to create the object.
+
+
+
+ Gets or sets the extension data setter.
+
+
+
+
+ Gets or sets the extension data getter.
+
+
+
+
+ Gets or sets the extension data value type.
+
+
+
+
+ Gets or sets the extension data name resolver.
+
+ The extension data name resolver.
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Maps a JSON property to a .NET member or constructor parameter.
+
+
+
+
+ Gets or sets the name of the property.
+
+ The name of the property.
+
+
+
+ Gets or sets the type that declared this property.
+
+ The type that declared this property.
+
+
+
+ Gets or sets the order of serialization of a member.
+
+ The numeric order of serialization.
+
+
+
+ Gets or sets the name of the underlying member or parameter.
+
+ The name of the underlying member or parameter.
+
+
+
+ Gets the that will get and set the during serialization.
+
+ The that will get and set the during serialization.
+
+
+
+ Gets or sets the for this property.
+
+ The for this property.
+
+
+
+ Gets or sets the type of the property.
+
+ The type of the property.
+
+
+
+ Gets or sets the for the property.
+ If set this converter takes precedence over the contract converter for the property type.
+
+ The converter.
+
+
+
+ Gets or sets the member converter.
+
+ The member converter.
+
+
+
+ Gets or sets a value indicating whether this is ignored.
+
+ true if ignored; otherwise, false.
+
+
+
+ Gets or sets a value indicating whether this is readable.
+
+ true if readable; otherwise, false.
+
+
+
+ Gets or sets a value indicating whether this is writable.
+
+ true if writable; otherwise, false.
+
+
+
+ Gets or sets a value indicating whether this has a member attribute.
+
+ true if has a member attribute; otherwise, false.
+
+
+
+ Gets the default value.
+
+ The default value.
+
+
+
+ Gets or sets a value indicating whether this is required.
+
+ A value indicating whether this is required.
+
+
+
+ Gets or sets a value indicating whether this property preserves object references.
+
+
+ true if this instance is reference; otherwise, false.
+
+
+
+
+ Gets or sets the property null value handling.
+
+ The null value handling.
+
+
+
+ Gets or sets the property default value handling.
+
+ The default value handling.
+
+
+
+ Gets or sets the property reference loop handling.
+
+ The reference loop handling.
+
+
+
+ Gets or sets the property object creation handling.
+
+ The object creation handling.
+
+
+
+ Gets or sets or sets the type name handling.
+
+ The type name handling.
+
+
+
+ Gets or sets a predicate used to determine whether the property should be serialized.
+
+ A predicate used to determine whether the property should be serialized.
+
+
+
+ Gets or sets a predicate used to determine whether the property should be deserialized.
+
+ A predicate used to determine whether the property should be deserialized.
+
+
+
+ Gets or sets a predicate used to determine whether the property should be serialized.
+
+ A predicate used to determine whether the property should be serialized.
+
+
+
+ Gets or sets an action used to set whether the property has been deserialized.
+
+ An action used to set whether the property has been deserialized.
+
+
+
+ Returns a that represents this instance.
+
+
+ A that represents this instance.
+
+
+
+
+ Gets or sets the converter used when serializing the property's collection items.
+
+ The collection's items converter.
+
+
+
+ Gets or sets whether this property's collection items are serialized as a reference.
+
+ Whether this property's collection items are serialized as a reference.
+
+
+
+ Gets or sets the type name handling used when serializing the property's collection items.
+
+ The collection's items type name handling.
+
+
+
+ Gets or sets the reference loop handling used when serializing the property's collection items.
+
+ The collection's items reference loop handling.
+
+
+
+ A collection of objects.
+
+
+
+
+ Initializes a new instance of the class.
+
+ The type.
+
+
+
+ When implemented in a derived class, extracts the key from the specified element.
+
+ The element from which to extract the key.
+ The key for the specified element.
+
+
+
+ Adds a object.
+
+ The property to add to the collection.
+
+
+
+ Gets the closest matching object.
+ First attempts to get an exact case match of and then
+ a case insensitive match.
+
+ Name of the property.
+ A matching property if found.
+
+
+
+ Gets a property by property name.
+
+ The name of the property to get.
+ Type property name string comparison.
+ A matching property if found.
+
+
+
+ Contract details for a used by the .
+
+
+
+
+ Initializes a new instance of the class.
+
+ The underlying type for the contract.
+
+
+
+ Lookup and create an instance of the type described by the argument.
+
+ The type to create.
+ Optional arguments to pass to an initializing constructor of the JsonConverter.
+ If null, the default constructor is used.
+
+
+
+ Represents a trace writer that writes to memory. When the trace message limit is
+ reached then old trace messages will be removed as new messages are added.
+
+
+
+
+ Gets the that will be used to filter the trace messages passed to the writer.
+ For example a filter level of will exclude messages and include ,
+ and messages.
+
+
+ The that will be used to filter the trace messages passed to the writer.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Writes the specified trace level, message and optional exception.
+
+ The at which to write this trace.
+ The trace message.
+ The trace exception. This parameter is optional.
+
+
+
+ Returns an enumeration of the most recent trace messages.
+
+ An enumeration of the most recent trace messages.
+
+
+
+ Returns a of the most recent trace messages.
+
+
+ A of the most recent trace messages.
+
+
+
+
+ A base class for resolving how property names and dictionary keys are serialized.
+
+
+
+
+ A flag indicating whether dictionary keys should be processed.
+ Defaults to false.
+
+
+
+
+ A flag indicating whether extension data names should be processed.
+ Defaults to false.
+
+
+
+
+ A flag indicating whether explicitly specified property names,
+ e.g. a property name customized with a , should be processed.
+ Defaults to false.
+
+
+
+
+ Gets the serialized name for a given property name.
+
+ The initial property name.
+ A flag indicating whether the property has had a name explicitly specified.
+ The serialized property name.
+
+
+
+ Gets the serialized name for a given extension data name.
+
+ The initial extension data name.
+ The serialized extension data name.
+
+
+
+ Gets the serialized key for a given dictionary key.
+
+ The initial dictionary key.
+ The serialized dictionary key.
+
+
+
+ Resolves the specified property name.
+
+ The property name to resolve.
+ The resolved property name.
+
+
+
+ Represents a method that constructs an object.
+
+ The object type to create.
+
+
+
+ When applied to a method, specifies that the method is called when an error occurs serializing an object.
+
+
+
+
+ Provides methods to get attributes from a , , or .
+
+
+
+
+ Initializes a new instance of the class.
+
+ The instance to get attributes for. This parameter should be a , , or .
+
+
+
+ Returns a collection of all of the attributes, or an empty collection if there are no attributes.
+
+ When true, look up the hierarchy chain for the inherited custom attribute.
+ A collection of s, or an empty collection.
+
+
+
+ Returns a collection of attributes, identified by type, or an empty collection if there are no attributes.
+
+ The type of the attributes.
+ When true, look up the hierarchy chain for the inherited custom attribute.
+ A collection of s, or an empty collection.
+
+
+
+ Get and set values for a using reflection.
+
+
+
+
+ Initializes a new instance of the class.
+
+ The member info.
+
+
+
+ Sets the value.
+
+ The target to set the value on.
+ The value to set on the target.
+
+
+
+ Gets the value.
+
+ The target to get the value from.
+ The value.
+
+
+
+ A snake case naming strategy.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+ A flag indicating whether dictionary keys should be processed.
+
+
+ A flag indicating whether explicitly specified property names should be processed,
+ e.g. a property name customized with a .
+
+
+
+
+ Initializes a new instance of the class.
+
+
+ A flag indicating whether dictionary keys should be processed.
+
+
+ A flag indicating whether explicitly specified property names should be processed,
+ e.g. a property name customized with a .
+
+
+ A flag indicating whether extension data names should be processed.
+
+
+
+
+ Initializes a new instance of the class.
+
+
+
+
+ Resolves the specified property name.
+
+ The property name to resolve.
+ The resolved property name.
+
+
+
+ Specifies how strings are escaped when writing JSON text.
+
+
+
+
+ Only control characters (e.g. newline) are escaped.
+
+
+
+
+ All non-ASCII and control characters (e.g. newline) are escaped.
+
+
+
+
+ HTML (<, >, &, ', ") and control characters (e.g. newline) are escaped.
+
+
+
+
+ Indicates the method that will be used during deserialization for locating and loading assemblies.
+
+
+
+
+ In simple mode, the assembly used during deserialization need not match exactly the assembly used during serialization. Specifically, the version numbers need not match as the LoadWithPartialName method of the class is used to load the assembly.
+
+
+
+
+ In full mode, the assembly used during deserialization must match exactly the assembly used during serialization. The Load method of the class is used to load the assembly.
+
+
+
+
+ Specifies type name handling options for the .
+
+
+ should be used with caution when your application deserializes JSON from an external source.
+ Incoming types should be validated with a custom
+ when deserializing with a value other than .
+
+
+
+
+ Do not include the .NET type name when serializing types.
+
+
+
+
+ Include the .NET type name when serializing into a JSON object structure.
+
+
+
+
+ Include the .NET type name when serializing into a JSON array structure.
+
+
+
+
+ Always include the .NET type name when serializing.
+
+
+
+
+ Include the .NET type name when the type of the object being serialized is not the same as its declared type.
+ Note that this doesn't include the root serialized object by default. To include the root object's type name in JSON
+ you must specify a root type object with
+ or .
+
+
+
+
+ Determines whether the collection is null or empty.
+
+ The collection.
+
+ true if the collection is null or empty; otherwise, false.
+
+
+
+
+ Adds the elements of the specified collection to the specified generic .
+
+ The list to add to.
+ The collection of elements to add.
+
+
+
+ Converts the value to the specified type. If the value is unable to be converted, the
+ value is checked whether it assignable to the specified type.
+
+ The value to convert.
+ The culture to use when converting.
+ The type to convert or cast the value to.
+
+ The converted type. If conversion was unsuccessful, the initial value
+ is returned if assignable to the target type.
+
+
+
+
+ Helper method for generating a MetaObject which calls a
+ specific method on Dynamic that returns a result
+
+
+
+
+ Helper method for generating a MetaObject which calls a
+ specific method on Dynamic, but uses one of the arguments for
+ the result.
+
+
+
+
+ Helper method for generating a MetaObject which calls a
+ specific method on Dynamic, but uses one of the arguments for
+ the result.
+
+
+
+
+ Returns a Restrictions object which includes our current restrictions merged
+ with a restriction limiting our type
+
+
+
+
+ Helper class for serializing immutable collections.
+ Note that this is used by all builds, even those that don't support immutable collections, in case the DLL is GACed
+ https://github.com/JamesNK/Microsoft.Identity.Json/issues/652
+
+
+
+
+ Gets the type of the typed collection's items.
+
+ The type.
+ The type of the typed collection's items.
+
+
+
+ Gets the member's underlying type.
+
+ The member.
+ The underlying type of the member.
+
+
+
+ Determines whether the member is an indexed property.
+
+ The member.
+
+ true if the member is an indexed property; otherwise, false.
+
+
+
+
+ Determines whether the property is an indexed property.
+
+ The property.
+
+ true if the property is an indexed property; otherwise, false.
+
+
+
+
+ Gets the member's value on the object.
+
+ The member.
+ The target object.
+ The member's value on the object.
+
+
+
+ Sets the member's value on the target object.
+
+ The member.
+ The target.
+ The value.
+
+
+
+ Determines whether the specified MemberInfo can be read.
+
+ The MemberInfo to determine whether can be read.
+ /// if set to true then allow the member to be gotten non-publicly.
+
+ true if the specified MemberInfo can be read; otherwise, false.
+
+
+
+
+ Determines whether the specified MemberInfo can be set.
+
+ The MemberInfo to determine whether can be set.
+ if set to true then allow the member to be set non-publicly.
+ if set to true then allow the member to be set if read-only.
+
+ true if the specified MemberInfo can be set; otherwise, false.
+
+
+
+
+ Builds a string. Unlike this class lets you reuse its internal buffer.
+
+
+
+
+ Determines whether the string is all white space. Empty string will return false.
+
+ The string to test whether it is all white space.
+
+ true if the string is all white space; otherwise, false.
+
+
+
+
+ Specifies the state of the .
+
+
+
+
+ An exception has been thrown, which has left the in an invalid state.
+ You may call the method to put the in the Closed state.
+ Any other method calls result in an being thrown.
+
+
+
+
+ The method has been called.
+
+
+
+
+ An object is being written.
+
+
+
+
+ An array is being written.
+
+
+
+
+ A constructor is being written.
+
+
+
+
+ A property is being written.
+
+
+
+
+ A write method has not been called.
+
+
+
+
diff --git a/Microsoft.WindowsAPICodePack.Shell.dll b/Microsoft.WindowsAPICodePack.Shell.dll
new file mode 100644
index 0000000..eb2ca8c
Binary files /dev/null and b/Microsoft.WindowsAPICodePack.Shell.dll differ
diff --git a/Microsoft.WindowsAPICodePack.dll b/Microsoft.WindowsAPICodePack.dll
new file mode 100644
index 0000000..bd9f3b8
Binary files /dev/null and b/Microsoft.WindowsAPICodePack.dll differ
diff --git a/PSExtensionsHost.ps1 b/PSExtensionsHost.ps1
deleted file mode 100644
index b906d8e..0000000
--- a/PSExtensionsHost.ps1
+++ /dev/null
@@ -1,1268 +0,0 @@
-<#
-.SYNOPSIS
-
-Script for hosting PowerShell extenstions
-
-.DESCRIPTION
-
-This is a foundation UI that act as a host for extensions. The scrtipt itself has no functionallity.
-
-Extension functionallity:
-Menu handling
-Add any type of objects to a data grid
-Logging
-UI
-
-.EXAMPLE
-
-PSExtensionsHost -Title "Intune/Azure PowerShell Management" -ShowConsoleWindow
-
-This will set the windows title and keep the command visible for debug resouns
-
-.NOTES
-Author: Mikael Karlsson
-Date: 2019-06-01
-
-#>
-
-[CmdletBinding(SupportsShouldProcess=$True)]
-param(
- [string]
- $Title = "Intune/Azure PowerShell Management",
- [switch]
- $ShowConsoleWindow
-)
-
-#####################################################################################################
-#
-# Global functions
-#
-#####################################################################################################
-
-function global:Write-Log
-{
- param($Text, $type = 1)
-
- if($script:logFailed -eq $true) { return }
-
- if(-not $global:logFile) { $global:logFile = Get-SettingValue "LogFile" ([IO.Path]::Combine($PSScriptRoot,"PSExtensionsHost.Log")) }
-
- try
- {
- $logPath = [IO.Path]::GetDirectoryName($global:logFile)
- if(-not (Test-Path $logPath)) { mkdir -Path $logPath -Force -ErrorAction SilentlyContinue | Out-Null }
- }
- catch
- {
- $script:logFailed = $true
- return
- }
-
- $date = Get-Date
-
- if($global:PSCommandPath)
- {
- $fileObj = [System.IO.FileInfo]$global:PSCommandPath
- }
- else
- {
- $fileObj = [System.IO.FileInfo]$PSCommandPath
- }
-
- $timeStr = "$($date.ToString(""HH"")):$($date.ToString(""mm"")):$($date.ToString(""ss"")).000+000"
- $dateStr = "$($date.ToString(""MM""))-$($date.ToString(""dd""))-$($date.ToString(""yyyy""))"
- $logOut = ""
-
- if($type -eq 2)
- {
- Write-Warning $Text
- }
- elseif($type -eq 3)
- {
- $host.ui.WriteErrorLine($Text)
- }
- else
- {
- write-host $Text
- }
-
- try
- {
- out-file -filePath $global:logFile -append -encoding "ASCII" -inputObject $logOut
- }
- catch { }
-}
-
-function global:Write-LogError
-{
- param($Text, $Exception)
-
- if($Text -and $Exception.message)
- {
- $Text += " Exception: $($Exception.message)"
- }
-
- Write-Log $Text 3
-}
-
-function global:Write-Status
-{
- param($Text, [switch]$SkipLog)
-
- $txtInfo.Content = $Text
- if($text)
- {
- $grdStatus.Visibility = "Visible"
- if($SkipLog -ne $true) { Write-Log $text }
- }
- else
- {
- $grdStatus.Visibility = "Collapsed"
- }
-
- [System.Windows.Forms.Application]::DoEvents()
-}
-
-function global:Show-AboutDialog
-{
- [xml]$xaml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- See
-
- GitHub
- for more information
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
-
- $script:dlgAbout = [Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $xaml))
-
- $btnOk = $dlgAbout.FindName("btnOk")
- $lstModules = $dlgAbout.FindName("lstModules")
- $linkSource = $dlgAbout.FindName("linkSource")
-
-
- $lstModules.ItemsSource = Get-Module | Where { $_.ModuleBase -like "$($global:PSScriptRoot)*" } | Sort -Property Name
-
- $btnOk.Add_Click({
- $script:dlgAbout.Close()
- })
-
- $linkSource.Add_RequestNavigate({
- [System.Diagnostics.Process]::Start($_.Uri.AbsoluteUri)
- $_.Handled = $true
- })
-
- $script:dlgAbout.ShowDialog() | Out-Null
-
- $global:menuObjects | ForEach-Object {
- # Clear selection in all menu sections - So it can be pressed again
- $PSItem.MenuListBox.SelectedItem = $null
- }
-}
-
-function global:Add-XamlVariables
-{
- param($xaml)
-
- # Generate a global variable for each object with Name property set
- # Ref: https://learn-powershell.net/2014/08/10/powershell-and-wpf-radio-button/
- $xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | ForEach {
- New-Variable -Name $_.Name -Value $Window.FindName($_.Name) -Force -Scope Global
- }
-}
-
-function global:Remove-InvalidFileNameChars
-{
- param($Name)
-
- $re = "[{0}]" -f [RegEx]::Escape(([IO.Path]::GetInvalidFileNameChars() -join ''))
-
- $Name = $Name -replace $re
- $Name = $Name -replace "[]]", ""
- $Name = $Name -replace "[[]", ""
-
- return $Name
-}
-
-function global:Remove-ObjectProperty
-{
- param($obj, $property)
-
- if(-not $obj -or -not $property) { return }
-
- if(($obj | GM -MemberType NoteProperty -Name $property))
- {
- $obj.PSObject.Properties.Remove($property)
- }
-}
-
-function global:Show-InputDialog
-{
- param(
- $FormTitle = "Input",
- $FormText,
- $DefaultValue)
-
- [xml]$xaml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
- $DefaultValue
-
-
-
-
-
-
-
-"@
- $reader = (New-Object System.Xml.XmlNodeReader $xaml)
- $script:inputBox = [Windows.Markup.XamlReader]::Load($reader)
-
- $script:txtValue = $script:inputBox.FindName("txtValue")
- $btnOk = $script:inputBox.FindName("btnOk")
- $btnCancel = $script:inputBox.FindName("btnCancel")
-
- $inputBox.Add_ContentRendered({
- $script:txtValue.SelectAll();
- $script:txtValue.Focus();
- })
-
- $script:InputDialogValue = ""
-
- $btnOk.Add_Click({
- $script:inputBox.Close()
- })
-
- $btnCancel.Add_Click({
- $script:txtValue.Text =""
- $script:inputBox.Close()
- })
-
- $inputBox.ShowDialog() | Out-null
-
- return $script:txtValue.Text
-}
-
-function global:Set-ObjectGrid
-{
- param( $obj )
-
- if($obj)
- {
- $grdObject.Children.Add($obj)
- $grdObject.Visibility = "Visible"
- }
- else
- {
- $grdObject.Children.Clear()
- $grdObject.Visibility = "Collapsed"
- }
-
- [System.Windows.Forms.Application]::DoEvents()
-}
-
-function global:Clear-Objects
-{
- $global:txtFormTitle.Text = ""
- $global:txtFormTitle.Visibility = "Collapsed"
- $spSubMenu.Visibility = "Collapsed"
- $spSubMenu.Children.Clear()
- $grdObject.Children.Clear()
- $dgObjects.ItemsSource = $null
- Set-ObjectGrid
-
- [System.Windows.Forms.Application]::DoEvents()
-}
-
-function global:Show-SubMenu
-{
- $spSubMenu.Visibility = "Visible"
- [System.Windows.Forms.Application]::DoEvents()
-}
-
-function global:Get-Folder
-{
- param($path = $env:temp)
-
- if($global:useDefaultFolderDialog -ne $true)
- {
- try
- {
- if($global:WindowsAPICodePackLoaded -eq $false)
- {
-
- $apiCodec = Join-Path $PSScriptRoot "Microsoft.WindowsAPICodePack.Shell.dll"
- if([IO.File]::Exists($apiCodec))
- {
- Add-Type -Path $apiCodec | Out-Null
- $global:WindowsAPICodePackLoaded = $true
- }
- else
- {
- }
- }
- else
- {
- }
- $dlgCOFD = New-Object Microsoft.WindowsAPICodePack.Dialogs.CommonOpenFileDialog
- }
- catch {
- }
- }
-
- if($dlgCOFD -and $global:useDefaultFolderDialog -ne $true)
- {
- $dlgCOFD.EnsureReadOnly = $true
- $dlgCOFD.IsFolderPicker = $true
- $dlgCOFD.AllowNonFileSystemItems = $false
- $dlgCOFD.Multiselect = $false
- $dlgCOFD.Title = "Please select the destination directory"
-
- if($path -and (Test-Path $path))
- {
- $dlgCOFD.InitialDirectory = $path
- }
- if($dlgCOFD.ShowDialog($window) = [Microsoft.WindowsAPICodePack.Dialogs.CommonFileDialogResult]::Ok)
- {
- $dlgCofd.FileName
- }
- }
- else
- {
- $global:useDefaultFolderDialog = $true
- [Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
- [System.Windows.Forms.Application]::EnableVisualStyles()
- $dlgFBD = New-Object System.Windows.Forms.FolderBrowserDialog
- $dlgFBD.SelectedPath = "C:\"
- $dlgFBD.ShowNewFolderButton = $false
- $dlgFBD.Description = "Select a directory"
- if($dlgFBD.ShowDialog() -eq "OK")
- {
- $dlgFBD.SelectedPath
- }
- $dlgFBD.Dispose()
- }
-}
-
-#region Reg functions
-########################################################################
-#
-# Reg functions
-#
-########################################################################
-
-function global:Save-RegSetting
-{
- param($SubPath, $Key, $Value, $Type = "String")
-
- $regPath = Get-RegPath $SubPath
- if((Test-Path $regPath) -eq $false)
- {
- New-Item (Get-RegPath $SubPath) -ErrorAction SilentlyContinue
- }
- New-ItemProperty -Path $regPath -Name $Key -Value $Value -Type $Type -Force | Out-Null
-}
-
-function global:Get-RegSetting
-{
- param($SubPath, $Key, $defautValue)
-
- try
- {
- $val = Get-ItemPropertyValue -Path (Get-RegPath $SubPath) -Name $Key -ErrorAction SilentlyContinue
- }
- catch { }
- if(-not $val)
- {
- $defautValue
- }
- else
- {
- $val
- }
-}
-
-function global:Get-RegPath
-{
- param($SubPath)
-
- $path = "HKCU:\Software\IntunePSTools"
- if($SubPath)
- {
- $path = $path + "\" + $SubPath
- }
-
- $path
-}
-#endregion
-
-#region Setting functions
-
-########################################################################
-#
-# Settings functions
-#
-########################################################################
-
-function global:Add-SettingTextBox
-{
- param($id, $value)
-
- $xaml = @"
-$value
-"@
- return [Windows.Markup.XamlReader]::Parse($xaml)
-}
-
-function global:Add-SettingCheckBox
-{
- param($id, $value)
-
- $tmpValue = ($value -eq $true -or $value -eq "true").ToString().ToLower()
-
- $xaml = @"
-
-"@
- return [Windows.Markup.XamlReader]::Parse($xaml)
-}
-
-function global:Add-SettingFolder
-{
- param($id, $value)
- $xaml = @"
-
-
-
-
-
-
- $value
-
-
-
-"@
-
- $obj = [Windows.Markup.XamlReader]::Parse($xaml)
-
- $btnBrowse = $obj.FindName("browse_$($id)")
- $txtObj = $obj.FindName($id)
- if($btnBrowse)
- {
- $btnBrowse.Tag = $txtObj
- $btnBrowse.Add_Click({
- $folder = Get-Folder $this.Tag.Text
- if($folder) { $this.Tag.Text = $folder }
- })
- }
- return $obj
-}
-
-function global:Add-SettingValue
-{
- param($settingValue)
-
- $id = "id_" + [Guid]::NewGuid().ToString('n')
-
- $value = Get-SettingValue $settingValue.Key
-
- if($settingValue.Type -eq "folder")
- {
- $settingObj = Add-SettingFolder $id $value
- }
- elseif($settingValue.Type -eq "Boolean")
- {
- $settingObj = Add-SettingCheckBox $id $value
- }
- else
- {
- $settingObj = Add-SettingTextBox $id $value
- }
-
- $descriptionInfo = ""
- if($settingValue.Description)
- {
- $descriptionInfo = ""
- }
-
- $xaml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
- $descriptionInfo
-
-
-
-
-
-
-"@
- $newSetting = [Windows.Markup.XamlReader]::Parse($xaml)
-
- if($newSetting)
- {
- $spSettings.AddChild($newSetting)
-
- $tmpObj = $newSetting.FindName("border_$($id)")
- $tmpObj.Child = $settingObj
-
- $ctrl = $settingObj.FindName($id)
- $global:settingControls += $ctrl
-
- if(($settingValue | GM -MemberType NoteProperty -Name "Control"))
- {
- $settingValue.Control = $ctrl
- }
- else
- {
- $settingValue | Add-Member -MemberType NoteProperty -Name "Control" -Value $ctrl
- }
- }
-}
-
-function global:Add-SettingTitle
-{
- param($title, $marginTop = "0")
-
- $xaml = @"
-
-"@
- $global:spSettings.Children.Add([Windows.Markup.XamlReader]::Parse($xaml))
-}
-
-function global:Save-Setting
-{
- foreach($ctrl in $global:settingControls)
- {
- Write-Host "$($ctrl.Text) $($ctrl.Tag)"
- }
-}
-
-function Show-SettingsForm
-{
- $settingsStr = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
-
- $global:settingControls = @()
-
- $settingsForm = [Windows.Markup.XamlReader]::Parse($settingsStr)
-
- $global:spSettings = $settingsForm.FindName("spSettings")
- $btnSave = $settingsForm.FindName("btnSave")
- $btnSave.Add_Click({
- Save-AllSettings
- })
-
- $tmp = $global:appSettingSections | Where Id -eq "General"
- if($tmp.Values.Count -gt 0)
- {
- Add-SettingTitle $tmp.Title
- foreach($settingObj in $tmp.Values)
- {
- Add-SettingValue $settingObj
- }
- }
-
- foreach($section in ($global:appSettingSections | Where Id -ne "General" | Sort -Property Title))
- {
- if($section.Values.Count -eq 0) { continue }
- Add-SettingTitle $section.Title 5
- foreach($settingObj in $section.Values)
- {
- Add-SettingValue $settingObj
- }
- }
-
- Set-ObjectGrid $settingsForm
-}
-
-function global:Get-Setting
-{
- foreach($ctrl in $global:settingControls)
- {
- Write-Host "$($ctrl.Text) $($ctrl.Tag)"
- }
-}
-
-function global:Add-DefaultSettings
-{
- $global:appSettingSections = @()
-
- $global:appSettingSections += (New-Object PSObject -Property @{
- Title = "General"
- Id = "General"
- Values = @()
- })
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Log file"
- Key = "LogFile"
- Type = "File"
- }) "General"
-
- Add-SettingsObject (New-Object PSObject -Property @{
- Title = "Max log file size"
- Key = "LogFileSize"
- Type = "Int"
- DefaultValue = 1024
- }) "General"
-
-}
-
-function global:Add-SettingsObject
-{
- param($obj, $section)
-
- $section = $global:appSettingSections | Where Id -eq $section
- if(-not $section) { return }
- $section.Values += $obj
-}
-
-function global:Save-AllSettings
-{
- foreach($section in $global:appSettingSections)
- {
- foreach($settingObj in $section.Values)
- {
- if($settingObj.Control.GetType().Name -eq "TextBox")
- {
- $value = $settingObj.Control.Text
- if($settingObj.Type -eq "Int")
- {
- try
- {
- $value = [int]$value
- }
- catch
- {
- # Log or set invalid
- $value = $settingObj.Value
- }
- }
- }
- elseif($settingObj.Control.GetType().Name -eq "CheckBox")
- {
- $value = $settingObj.Control.IsChecked
- }
-
- if($value)
- {
- Save-RegSetting $settingObj.SubPath $settingObj.Key $value
- }
- }
- }
-}
-
-function global:Get-SettingValue
-{
- param($Key, $defaultValue)
-
- foreach($section in $global:appSettingSections)
- {
- $settingObj = $section.Values | Where Key -eq $Key
- if($settingObj) { break }
- }
- if(-not $defaultValue) { $defaultValue = $settingObj.DefaultValue }
-
- $value = Get-RegSetting $settingObj.SubPath $settingObj.Key $defaultValue
- if($value)
- {
- if($settingObj.Type -eq "Boolean")
- {
- $value = $value -eq $true -or $value -eq "true"
- }
- elseif($settingObj.Type -eq "Boolean")
- {
- try
- {
- $value = [int]$value
- }
- catch
- {
- if($settingObj.DefaultValue)
- {
- try
- {
- $value = [int]$settingObj.DefaultValue
- }
- catch { }
- }
- }
- }
-
- # Keep last read value
- if(($settingObj | GM -MemberType NoteProperty -Name "Value"))
- {
- $settingObj.Value = $value # Keep last read value
- }
- else
- {
- $settingObj | Add-Member -MemberType NoteProperty -Name "Value" -Value $value
- }
- }
- $value
-}
-
-#endregion
-
-#region Menu functions
-
-#####################################################################################################
-#
-# Menu functions
-#
-#####################################################################################################
-
-function global:Add-MenuSection
-{
- param($menuSection)
-
- $id = [Guid]::NewGuid().ToString('n')
- [xml]$menuXml = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
-
- try
- {
- $objSection = [Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $menuXml))
- $lstBox = $objSection.FindName("Id_lb_$id")
- if($menuSection.Order -gt 0)
- {
- $order = $menuSection.Order
- }
- else
- {
- $order = 90
- }
- $global:menuObjects += New-Object PSObject -Property @{ ID = $id; MenuInfo = $menuSection; Object = $objSection; MenuItems = @(); MenuListBox = $lstBox; Order = $order }
- if($objSection)
- {
- if($lstBox)
- {
- $lstBox.Add_SelectionChanged({
-
- if(-not $this.SelectedItem) { return }
-
- $global:menuObjects | ForEach-Object {
- if($PSItem.MenuListBox -and $this -ne $PSItem.MenuListBox)
- {
- # Clear selection in other menu sections
- $PSItem.MenuListBox.SelectedItem = $null
- }
- }
- if($this.SelectedItem.ShowForm -ne $false)
- {
- Clear-Objects
- $global:txtFormTitle.Text = $this.SelectedItem.Title
- $global:txtFormTitle.Visibility = "Visible"
-
- }
- if($this.SelectedItem.Script)
- {
- Invoke-Command -ScriptBlock $this.SelectedItem.Script
- }
- Write-Status ""
- })
- }
- }
- }
- catch { Write-LogError "Failed to add menu section" $_.Exception }
-}
-
-function global:Add-MenuItem
-{
- param($menuItem)
-
- # Get the menu the item should be added to
- $objSection = $global:menuObjects | Where { $_.MenuInfo.Id -eq $menuItem.MenuId }
- if(-not $objSection)
- {
- if(($arrMenuInlcude -and $arrMenuInlcude -notcontains $menuItem.MenuId) -or ($arrMenuExlcude -and $arrMenuExlcude -contains $menuItem.MenuId)) { return }
-
- Write-Log "Could not find menu with id $($menuItem.MenuId). Item $($menuItem.Title) not added" 2
- return
- }
-
- $objSection.MenuItems += $menuItem
-}
-
-function global:Invoke-ModuleFunction
-{
- param($function)
-
- Write-Log "Trigger function $function"
-
- foreach($module in $global:loadedModules)
- {
- # Get command with ExportedFunctions instead of Get-Command
- $cmd = $module.ExportedFunctions[$function]
- if($cmd)
- {
- Write-Log "Trigger $function in $($module.Name)"
- Invoke-Command -ScriptBlock $cmd.ScriptBlock
- }
- else
- {
- #Write-Log "$function not found in $($module.Name)" 2
- }
- }
-}
-
-function global:Initialize-Menu
-{
- # Add default menu section
- Add-MenuSection (New-Object PSObject -Property @{ Title = "General"; ID="General"; Order = 1000; Sort = $false })
-
- # Add default menu items
- Add-MenuItem (New-Object PSObject -Property @{
- Title = 'Settings'
- MenuID = "General"
- Script = [ScriptBlock]{ Show-SettingsForm }
- })
-
-
- Add-MenuItem (New-Object PSObject -Property @{
- Title = 'About'
- MenuID = "General"
- ShowForm = $false
- Script = [ScriptBlock]{ Show-AboutDialog }
- })
-
- Add-MenuItem (New-Object PSObject -Property @{
- Title = 'Reload'
- MenuID = "General"
- ShowForm = $false
- Script = [ScriptBlock]{ Start-Reload }
- })
-
- Add-MenuItem (New-Object PSObject -Property @{
- Title = 'Exit'
- MenuID = "General"
- ShowForm = $false
- Script = [ScriptBlock]{
- if([System.Windows.MessageBox]::Show("Are you sure you want to exit?", "Exit?", "YesNo", "Question") -eq "Yes")
- {
- $window.Close()
- }
- $global:menuObjects | ForEach-Object {
- # Clear selection in all menu sections - So it can be pressed again
- $PSItem.MenuListBox.SelectedItem = $null
- }
- }
- })
-
- # Get all menu items
- Invoke-ModuleFunction "Add-ModuleMenuItems"
-
- # Filter and sort menu sections based on order and title
- # Add all the menu sections/menuitems to the menu
- foreach($menuObj in ($global:menuObjects | Where { $_.MenuItems.Count -gt 0 } | Sort -Property Order))
- {
- if($menuObj.MenuInfo.Sort -ne $false)
- {
- $menuObj.MenuItems = ($menuObj.MenuItems | Sort -Property Title)
- }
-
- if($menuObj.MenuListBox)
- {
- $spMenu.Children.Add($menuObj.Object) | Out-Null
-
- $menuObj.MenuListBox.ItemsSource = @($menuObj.MenuItems)
- }
- }
-}
-
-#endregion
-
-#region Console management functions
-
-# https://stackoverflow.com/questions/40617800/opening-powershell-script-and-hide-command-prompt-but-not-the-gui
-Add-Type -Name Window -Namespace Console -MemberDefinition '
-[DllImport("Kernel32.dll")]
-public static extern IntPtr GetConsoleWindow();
-
-[DllImport("user32.dll")]
-public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow);
-'
-
-function global:Set-MainTitle
-{
- if(-not $global:window) { return }
-
- Write-Log "Set main title"
-
- $mainTitle = $title
-
- try
- {
- if($global:Me.userPrincipalName)
- {
- $IntuneId = $global:Me.userPrincipalName
- $mainTitle += " - IntuneGraph: $($global:Me.userPrincipalName)"
- }
- }
- catch {}
-
- try
- {
- $ctx = Get-AzContext -ErrorAction SilentlyContinue
- if($ctx.Account.Id)
- {
- $azureADId = $ctx.Account.Id
- $mainTitle += " - AzureAD: $($ctx.Account.Id)"
- }
- }
- catch {}
-
- $global:window.Title = $mainTitle
-}
-
-function Show-Console
-{
- $consolePtr = [Console.Window]::GetConsoleWindow()
-
- # Hide = 0,
- # ShowNormal = 1,
- # ShowMinimized = 2,
- # ShowMaximized = 3,
- # Maximize = 3,
- # ShowNormalNoActivate = 4,
- # Show = 5,
- # Minimize = 6,
- # ShowMinNoActivate = 7,
- # ShowNoActivate = 8,
- # Restore = 9,
- # ShowDefault = 10,
- # ForceMinimized = 11
-
- [Console.Window]::ShowWindow($consolePtr, 4)
-}
-
-function Hide-Console
-{
- $consolePtr = [Console.Window]::GetConsoleWindow()
- #0 hide
- [Console.Window]::ShowWindow($consolePtr, 0)
-}
-
-#endregion
-
-#region Module functions
-
-function Import-AllModules
-{
- foreach($file in (Get-Item -path "$modulesPath\*.psm1"))
- {
- $module = Import-Module $file -PassThru -Force -ErrorAction SilentlyContinue
- if($module)
- {
- $global:loadedModules += $module
- Write-Host "Module $($module.Name) loaded successfully"
- }
- else
- {
- Write-Warning "Failed to load module $file"
- }
- }
-}
-
-function Start-Reload
-{
- if([System.Windows.MessageBox]::Show("Are you sure you want to reload all modules and settings?", "Exit?", "YesNo", "Question") -eq "No")
- {
- return
- }
-
- Write-Status "Reloading modules"
-
- $global:menuObjects = @()
- $tmpList = @()
- $spMenu.Children.Clear()
-
- foreach($tmpModule in $global:loadedModules)
- {
- Remove-Module $tmpModule
-
- $module = Import-Module $tmpModule.Path -PassThru -Force -ErrorAction SilentlyContinue
- if($module)
- {
- $tmpList += $module
- Write-Host "Module $($module.Name) loaded successfully"
- }
- else
- {
- Write-Warning "Failed to load module $file"
- }
- }
- $global:loadedModules = $tmpList
-
- Add-DefaultSettings
-
- Invoke-ModuleFunction "Invoke-InitializeModule"
-
- Initialize-Menu
-
- Write-Status ""
-
-}
-
-
-#endregion
-
-#####################################################################################################
-#
-# Main
-#
-#####################################################################################################
-
-function global:Get-MainWindow
-{
- $resources = @()
- $themes = Join-Path $PSScriptRoot "Themes"
- $themFile = Join-Path $themes "Default.xaml"
- $resources += $themFile
- $styles = Join-Path $themes "Styles.xaml"
- $stylesStr = ""
- if(Test-Path $styles)
- {
- try
- {
- [xml]$styleXml = Get-Content $styles
- $stylesStr = $styleXml.FirstChild.InnerXml
- }
- catch {}
- }
-
- [xml]$xaml = @"
-
-
-
-
-
-
-
-
- $stylesStr
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"@
-
- $global:window = [Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $xaml))
-
- $global:dgObjects = $window.FindName('dgObjects')
- $global:grdData = $window.FindName('grdData')
- $global:spMenu = $window.FindName('spMenu')
- $global:spSubMenu = $window.FindName('spSubMenu')
- $global:txtInfo = $window.FindName('txtInfo')
- $global:grdStatus = $window.FindName('grdStatus')
- $global:grdObject = $window.FindName('grdObject')
- $global:txtFormTitle = $window.FindName('txtFormTitle')
-
- $global:dgObjects.Add_AutoGeneratingColumn({
- if($_.PropertyName -eq "Object")
- {
- $_.Cancel = $true
- }
- })
-}
-
-$global:wpfNS = "xmlns='http://schemas.microsoft.com/winfx/2006/xaml/presentation' xmlns:x='http://schemas.microsoft.com/winfx/2006/xaml'"
-
-Add-Type -AssemblyName PresentationFramework
-
-$global:useDefaultFolderDialog = $false
-$global:WindowsAPICodePackLoaded = $false
-
-$global:loadedModules = @()
-$global:menuObjects = @()
-
-# Load all modules in the Modules folder
-$modulesPath = [IO.Path]::GetDirectoryName($PSCommandPath) + "\Extensions"
-
-if(Test-Path $modulesPath)
-{
- Import-AllModules
-}
-else
-{
- Write-Warning "Modules folder $modulesPath not found. Aborting..." 3
- exit 1
-}
-
-Add-DefaultSettings
-
-Invoke-ModuleFunction "Invoke-InitializeModule"
-
-#This will load the main window
-Get-MainWindow
-
-Initialize-Menu
-
-if($ShowConsoleWindow -ne $true)
-{
- Hide-Console
-}
-
-Set-MainTitle
-
-# Show main window
-# Workaround for ISE crash
-# https://gist.github.com/altrive/6227237
-$async = $global:window.Dispatcher.InvokeAsync({
- $global:window.ShowDialog() | Out-Null
-})
-$async.Wait() | Out-Null
diff --git a/README.md b/README.md
index f548f4a..c8d4b83 100644
--- a/README.md
+++ b/README.md
@@ -1,78 +1,96 @@
# IntuneManagement with PowerShell and WPF UI
-This PowerShell scripts are using Intune PowerShell module, Microsoft Graph APIs and AzureRM PowerShell module to manage objects in Intune and Azure. The scripts has a simple WPF UI and it supports operations like Export, Import, Copy and Download.
+These PowerShell scripts are using Microsoft Authentication Library (MSAL), Microsoft Graph APIs and Azure Management APIs to manage objects in Intune and Azure. The scripts has a simple WPF UI and it supports operations like Export, Import, Copy and Download.
-This makes it easy to backup or clone a complete Intune environment. The scripts will export and import assignments and support import/export between environments. The scripts will create a migration table during export and use that for importing in other environments. It will create groups if they are missing in the environment for import.
+This makes it easy to backup or clone a complete Intune environment. The scripts can export and import objects including assignments and support import/export between tenants. The scripts will create a migration table during export and use that for importing assignments in other environments. It will create missing groups in the target environment during import. Group information like name, description and type will be imported based on the exported group e.g. dynamic groups are supported. There will be one json file for each group in the export folder.
+
+The script also support dependencies e.g. an App Protection is depending on an App, Policy Sets are depending on Compliance Policies, objects has Scope Tags etc. Dependency support requires exported json files and that the dependency objects are imported in the environment. The script uses the exported json files to get the Id and name's of the exported object and uses that information and updates Id's before import an object from a json file. The Bulk Import form shows the import order of the objects. The objects with the lowest order number will be imported first.
-**Note:** The base PowerShell script is only a host for extensions. It is only used as a framework for basic UI, logging etc. The functionality is located in the extension modules which makes it easy to add/remove features.
+This PowerShell application is based on the foundation modules CloudAPIPowerShellManagement and Core. These modules manages UI, settings, logging etc. The functionality for the application is located in the extension modules. This makes it easy to add/remove features, views etc. Additional features will be added...
+
+**Security note:** Since the scripts are not signed, a warning might be display when running it and files might be blocked. The script will unblock all files. This is to avoid issues that it fails to load the MSAL library etc. If there are any security concerns, the PowerShell code can be reviewed. The DLL files are downloaded from Microsoft repositories, see links below. These files can be downloaded and replaced. The DLL files *CAN* be removed but MSAL is a pre-requisite for login. The script will try to find the DLL in the Az or MSAL.PS module if not found in the script root directory. DLL files are included to reduce dependencies.
## Change log
-**Version 2**
+See [Change Log](ReleaseNotes.md) for more information
-**Breaking changes**
-* Removed support for AzureRM
+## Authentication
+See [MSAL Info](MSALInfo.md) for more information about authentication
-**New features**
-* Support for Az module for Azure objects (Conditional access, Company Branding and MDM/MAM settings)
-* Reload - Reloads all modules
-
-**Fixes**
-* Allow more than 9 Conditional Access policies. Issue [#5](https://github.com/Micke-K/IntuneManagement/issues/5)
-* Include WIP policies. Issue [#7](https://github.com/Micke-K/IntuneManagement/issues/7)
-* Import is not working. Issue [#6](https://github.com/Micke-K/IntuneManagement/issues/6) and [#4](https://github.com/Micke-K/IntuneManagement/issues/4)
-* Intune module can now be install with scope user. Issue [#8](https://github.com/Micke-K/IntuneManagement/issues/8)
-
-## Intune objects
-* Administrative Templates
-* App Protection/Configuration policies
+## Supported Intune objects
+* App Configurations
+* App Protection
* Applications
+* Apple Enrolment Types - NOT fully tested
* Autopilot profiles
* Baseline Security profiles
* Compliance policies
-* Configuration Items
-* Enrollment Status Page profiles
-* Intune Branding (Company Portal)
-* PowerShell scripts (Supports download of PowerShell script)
-* Terms and Conditions
-
-**Note:** The Intune PowerShell module are using the BETA version of the Graph API which might change at any time.
-
-## Azure objects
* Conditional Access
-* Company Branding
-* MDM/MAM app settings
+* Device Configuration (Administrative Templates, Configuration Policies, Android OEM Config, Settings Catalog)
+* Endpoint Security (Account Protection, Disk Encryption, Firewall, Security Baselines etc.)
+* Enrollment Restrictions
+* Enrollment Status Page profiles
+* Feature Updates
+* Intune Branding (Company Portal)
+* Locations
+* Named Locations
+* Policy Sets
+* Role Definitions
+* Scope Tags
+* Scripts (Supports download of PowerShell script)
+* Terms and Conditions
+* Update Policies
-**Note:** Azure objects are not using the Microsoft Graph API. They are using undocumented APIs which might not be supported and change at any time.
-## Prerequisites
+**Note:** The scripts are using the BETA version of the Graph API which might change at any time.
+
+## Azure Management APIs
+* Tenants for the current user
+
+**Note:** Azure Management APIs are undocumented APIs which might not be supported and they might change at any time.
+
+## Pre-requisites
* .Net 4.7
-* Intune PowerShell Module
- * Install by running 'Install-Module -Name Microsoft.Graph.Intune'
-* Az PowerShell Module
- * Install by running 'Install-Module -Name Az -AllowClobber'
-* Permissions in Azure to manage objects in Intune and Azure
+* PowerShell 5.1
+* MSAL
+ * Microsoft.Identity.Client.dll version 4.29.0.0 is included in this version
+* License and permissions in Azure to manage objects in Intune and Azure
## References
* [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/api/overview?toc=./ref/toc.json&view=graph-rest-beta)
-* [Microsoft Intune PowerShell Module](https://github.com/microsoft/Intune-PowerShell-SDK)
+* [Microsoft.Identity.Client](https://www.nuget.org/packages/Microsoft.Identity.Client/) (MSAL download)
+* [MSAL.PS Module](https://github.com/AzureAD/MSAL.PS)
* [Az PowerShellModule](https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az)
+* [Microsoft Intune PowerShell Module](https://github.com/microsoft/Intune-PowerShell-SDK)
+* [Microsoft.WindowsAPICodePack](https://www.nuget.org/packages/Microsoft-WindowsAPICodePack-Core) and [Microsoft.WindowsAPICodePack.Shell](https://www.nuget.org/packages/Microsoft-WindowsAPICodePack-Shell) for Browse Folder dialogs
## Acknowledgments
-The app enryption and upload is based on [PowerShell Intune Examples](https://github.com/microsoftgraph/powershell-intune-samples)
+The app encryption and upload is based on [Graph PowerShell Intune Examples](https://github.com/microsoftgraph/powershell-intune-samples)
+Some MSAL functionalities are based on [MSAL.PS Module](https://github.com/AzureAD/MSAL.PS)
## Known Issues
-The scripts are using two separate PowerShell modules for accessing Intune and Azure. This can cause multiple logins since they are authenticating to two different apps in azure and the authentication token for Intune PowerShell module have no permissions on the Azure objects.
-The support for import/export between environments is limited. Only groups in assignments are supported in this version. Additional objects like users, locations, notifications etc. will not be migrated and might cause the import to fail.
+Device Configuration and App Configuration objects are split up in different object types. They are using different Graph APIs and each object type in the menu uses one API. This is also why all Endpoint Security objects are of the same object type. They use the same API but are separated based on the Baseline Template Id they us.
-The script will create a group if it is missing in the destination environment. It will create a security group with manual assigned members. This might not always be the desired case e.g. original group was synched from AD or it was a dynamic group.
+Android Store Apps are **not** imported. The create method is documented in Microsoft Graph but it's not working. Looks like these apps must be synched from Google Play.
+
+Using multiple tenants support causes multiple logins/consent prompts the first time if 'Microsoft Graph PowerShell' is used. Querying the API for tenant list uses a different scope that is not included by default in the 'Microsoft Graph PowerShell' app.
+
+Using multiple tenants support *might* cause and endless loop in the login screen and cause duplicate accounts in token cache. Actual cause is not found yet but it happens on rare occasions and it looks like it happens when a guest account is used. Workaround: Cancel the login, restart the script, logout and restart the script again.
+
+When multi tenant settings is Enabled/Disabled, the Profile Info is not updated until the account is changed or app is restarted. Profile Info popup is built after logon.
+
+The list applications API might not list an imported app immediately after the import. Click Refresh to reload the application objects.
+
+When using the filter box to search for items, the checkbox must be clicked twice to select an item.
+
+Logout will only clear the token from cache and not from the browser e.g. if login is triggered after a logout, the user will still be listed in the 'Select user' dialog.
## TIP
-Download [Microsoft.WindowsAPICodePack](https://www.nuget.org/packages/WindowsAPICodePack-Core) and [Microsoft.WindowsAPICodePack.Shell](https://www.nuget.org/packages/WindowsAPICodePack-Shell) and copy the DLLs into the script folder to get a nicer folder dialog.
+Check the log file for errors. The UI might not show errors why login failed etc. The log uses the Endpoint Configuration Manager (SCCM) format and it is best viewed with CMTrace. An old version can be downloaded [here](https://www.microsoft.com/en-us/download/confirmation.aspx?id=50012).
## License
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
\ No newline at end of file
diff --git a/ReleaseNotes.md b/ReleaseNotes.md
new file mode 100644
index 0000000..5c0ca5c
--- /dev/null
+++ b/ReleaseNotes.md
@@ -0,0 +1,57 @@
+# Release Notes
+
+## 3.0.0 Beta 1 - 2021-04-01
+
+**Breaking changes**
+
+- Dropped support for Azure Branding and MAM/MDM settings...for now
+- Import might not work for items exported with previous versions. Some folders are renamed, import is depending on additional information.
+
+**New features**
+
+- Authentication managed by Microsoft Authentication Library (MSAL)
+ - Support for switching user
+ - Support for switching tenant. Multi tenant support must be enabled in Settings
+ - Token info, Profile picture info support etc.
+ - See [MSAL info](MSALInfo.md) for more information
+- Support for multiple Views - Intune Management and Intune Info for now...
+ - Intune Management - Export/Import/Copy objects in Intune
+ - Intune Info - Show information about some objects in Intune
+- Improved UI experience
+ - Support for resizing the Window
+ - Support for searching for objects
+ - Refresh objects in the list
+ - Scaled popup dialogs
+- API management redeveloped from scratch to simplify support for new object types in the future
+- Support for new object types (Settings Catalog, Named Locations, Scope Tags, Policy Sets etc.)
+- Better support for migrating objects between environments
+ - Group migrations e.g. support for Dynamic Groups, different group types etc.
+ - Support for dependency objects e.g. Policy Sets reference other objects like Compliance Settings etc. The import of an object uses exported json files to identify dependent items and map old Id to the new Id in the target environment
+ - Support for migrating Scope Tags (Uses the dependency functionallity so Scope Tags must be Exported/Imported)
+ - Better support for migrating Assignments
+
+**Dependencies**
+
+- MSAL - **Microsoft.Identity.Client.dll**. This is included in Az / MSAL.PS modules or it can be installed separately. This release was developed and tested with MSAL version 4.21.0.0.
+
+## 2.0.0 - 2021-02-01
+
+**Breaking changes**
+
+- Removed support for AzureRM
+
+**New features**
+
+- Support for Az module
+
+**Fixes**
+
+- Allow more than 9 Conditional Access policies. Issue [#5](https://github.com/Micke-K/IntuneManagement/issues/5)
+- Include WIP policies. Issue [#7](https://github.com/Micke-K/IntuneManagement/issues/7)
+- Import is not working. Issue #6 and [#4](https://github.com/Micke-K/IntuneManagement/issues/4)
+- Intune module can now be install with scope user. Issue [#8](https://github.com/Micke-K/IntuneManagement/issues/8)
+
+## 1.0.0
+
+- Intune Management with PowerShell
+- Dependencies: Intune and AzureRM PowerShell modules
diff --git a/Start-IntuneManagement.ps1 b/Start-IntuneManagement.ps1
new file mode 100644
index 0000000..012a929
--- /dev/null
+++ b/Start-IntuneManagement.ps1
@@ -0,0 +1,7 @@
+[CmdletBinding(SupportsShouldProcess=$True)]
+param(
+ [switch]
+ $ShowConsoleWindow
+)
+Import-Module ($PSScriptRoot + "\CloudAPIPowerShellManagement.psd1") -Force
+Initialize-CloudAPIManagement -View "IntuneGraphAPI" -ShowConsoleWindow:($ShowConsoleWindow)
\ No newline at end of file
diff --git a/Start-WithConsole.cmd b/Start-WithConsole.cmd
new file mode 100644
index 0000000..7ae4c51
--- /dev/null
+++ b/Start-WithConsole.cmd
@@ -0,0 +1,2 @@
+cmd /c powershell -ex bypass -file "%~DP0Start-IntuneManagement.ps1" -ShowConsoleWindow
+pause
\ No newline at end of file
diff --git a/Start.cmd b/Start.cmd
index dc0ea0e..e0b74bb 100644
--- a/Start.cmd
+++ b/Start.cmd
@@ -1 +1 @@
-cmd /c powershell -ex bypass "%~DP0PSExtensionsHost.ps1"
\ No newline at end of file
+cmd /c powershell -ex bypass -File "%~DP0Start-IntuneManagement.ps1"
\ No newline at end of file
diff --git a/Themes/Default.xaml b/Themes/Default.xaml
index be95326..1b7300e 100644
--- a/Themes/Default.xaml
+++ b/Themes/Default.xaml
@@ -1,7 +1,19 @@
-
+
+
+
+
+
+
+
+
+
+ 0.8
+ 1.0
+ 0
+ 2
\ No newline at end of file
diff --git a/Themes/Styles.xaml b/Themes/Styles.xaml
index cb170f0..7c25cc7 100644
--- a/Themes/Styles.xaml
+++ b/Themes/Styles.xaml
@@ -21,4 +21,114 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Xaml/AboutDialog.xaml b/Xaml/AboutDialog.xaml
new file mode 100644
index 0000000..5955ba2
--- /dev/null
+++ b/Xaml/AboutDialog.xaml
@@ -0,0 +1,52 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ See
+
+ GitHub
+ for more information
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/BulkExportForm.xaml b/Xaml/BulkExportForm.xaml
new file mode 100644
index 0000000..538f3a8
--- /dev/null
+++ b/Xaml/BulkExportForm.xaml
@@ -0,0 +1,106 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Xaml/BulkImportForm.xaml b/Xaml/BulkImportForm.xaml
new file mode 100644
index 0000000..026b6bb
--- /dev/null
+++ b/Xaml/BulkImportForm.xaml
@@ -0,0 +1,122 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Xaml/EndpointManagerPanel.xaml b/Xaml/EndpointManagerPanel.xaml
new file mode 100644
index 0000000..f706e38
--- /dev/null
+++ b/Xaml/EndpointManagerPanel.xaml
@@ -0,0 +1,61 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/ExportForm.xaml b/Xaml/ExportForm.xaml
new file mode 100644
index 0000000..0b091ee
--- /dev/null
+++ b/Xaml/ExportForm.xaml
@@ -0,0 +1,64 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Xaml/Icons/AndroidCOWP.xaml b/Xaml/Icons/AndroidCOWP.xaml
new file mode 100644
index 0000000..7a4622f
--- /dev/null
+++ b/Xaml/Icons/AndroidCOWP.xaml
@@ -0,0 +1,13 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/AndroidGooglePlay.xaml b/Xaml/Icons/AndroidGooglePlay.xaml
new file mode 100644
index 0000000..f06858a
--- /dev/null
+++ b/Xaml/Icons/AndroidGooglePlay.xaml
@@ -0,0 +1,9 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/AppConfiguration.xaml b/Xaml/Icons/AppConfiguration.xaml
new file mode 100644
index 0000000..29d4bef
--- /dev/null
+++ b/Xaml/Icons/AppConfiguration.xaml
@@ -0,0 +1,6 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/AppProtection.xaml b/Xaml/Icons/AppProtection.xaml
new file mode 100644
index 0000000..2b034a3
--- /dev/null
+++ b/Xaml/Icons/AppProtection.xaml
@@ -0,0 +1,7 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/AppleEnrollmentTokens.xaml b/Xaml/Icons/AppleEnrollmentTokens.xaml
new file mode 100644
index 0000000..0847d02
--- /dev/null
+++ b/Xaml/Icons/AppleEnrollmentTokens.xaml
@@ -0,0 +1,26 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/AppleEnrollmentTypes.xaml b/Xaml/Icons/AppleEnrollmentTypes.xaml
new file mode 100644
index 0000000..5c89777
--- /dev/null
+++ b/Xaml/Icons/AppleEnrollmentTypes.xaml
@@ -0,0 +1,60 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/AppleVPPTokens.xaml b/Xaml/Icons/AppleVPPTokens.xaml
new file mode 100644
index 0000000..f583d63
--- /dev/null
+++ b/Xaml/Icons/AppleVPPTokens.xaml
@@ -0,0 +1,8 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Applications.xaml b/Xaml/Icons/Applications.xaml
new file mode 100644
index 0000000..9529df5
--- /dev/null
+++ b/Xaml/Icons/Applications.xaml
@@ -0,0 +1,18 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Autopilot.xaml b/Xaml/Icons/Autopilot.xaml
new file mode 100644
index 0000000..b7a459e
--- /dev/null
+++ b/Xaml/Icons/Autopilot.xaml
@@ -0,0 +1,13 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Branding.xaml b/Xaml/Icons/Branding.xaml
new file mode 100644
index 0000000..45ef047
--- /dev/null
+++ b/Xaml/Icons/Branding.xaml
@@ -0,0 +1,39 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/CompliancePolicies.xaml b/Xaml/Icons/CompliancePolicies.xaml
new file mode 100644
index 0000000..d0d861d
--- /dev/null
+++ b/Xaml/Icons/CompliancePolicies.xaml
@@ -0,0 +1,7 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/ConditionalAccess.xaml b/Xaml/Icons/ConditionalAccess.xaml
new file mode 100644
index 0000000..b74427e
--- /dev/null
+++ b/Xaml/Icons/ConditionalAccess.xaml
@@ -0,0 +1,7 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/DeviceConfiguration.xaml b/Xaml/Icons/DeviceConfiguration.xaml
new file mode 100644
index 0000000..8e8379f
--- /dev/null
+++ b/Xaml/Icons/DeviceConfiguration.xaml
@@ -0,0 +1,9 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Devices.xaml b/Xaml/Icons/Devices.xaml
new file mode 100644
index 0000000..234d6e3
--- /dev/null
+++ b/Xaml/Icons/Devices.xaml
@@ -0,0 +1,37 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/EndpointSecurity.xaml b/Xaml/Icons/EndpointSecurity.xaml
new file mode 100644
index 0000000..8fc116a
--- /dev/null
+++ b/Xaml/Icons/EndpointSecurity.xaml
@@ -0,0 +1,19 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/EnrollmentRestrictions.xaml b/Xaml/Icons/EnrollmentRestrictions.xaml
new file mode 100644
index 0000000..0415f86
--- /dev/null
+++ b/Xaml/Icons/EnrollmentRestrictions.xaml
@@ -0,0 +1,15 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/EnrollmentStatusPage.xaml b/Xaml/Icons/EnrollmentStatusPage.xaml
new file mode 100644
index 0000000..0a13993
--- /dev/null
+++ b/Xaml/Icons/EnrollmentStatusPage.xaml
@@ -0,0 +1,11 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/FeatureUpdates.xaml b/Xaml/Icons/FeatureUpdates.xaml
new file mode 100644
index 0000000..ff7fb2b
--- /dev/null
+++ b/Xaml/Icons/FeatureUpdates.xaml
@@ -0,0 +1,5 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Intune.xaml b/Xaml/Icons/Intune.xaml
new file mode 100644
index 0000000..1b65546
--- /dev/null
+++ b/Xaml/Icons/Intune.xaml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Locations.xaml b/Xaml/Icons/Locations.xaml
new file mode 100644
index 0000000..b3dd43b
--- /dev/null
+++ b/Xaml/Icons/Locations.xaml
@@ -0,0 +1,5 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/LoggedOnUser.xaml b/Xaml/Icons/LoggedOnUser.xaml
new file mode 100644
index 0000000..5ce91b0
--- /dev/null
+++ b/Xaml/Icons/LoggedOnUser.xaml
@@ -0,0 +1,16 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Logon.xaml b/Xaml/Icons/Logon.xaml
new file mode 100644
index 0000000..6301718
--- /dev/null
+++ b/Xaml/Icons/Logon.xaml
@@ -0,0 +1,12 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/NamedLocations.xaml b/Xaml/Icons/NamedLocations.xaml
new file mode 100644
index 0000000..06b4bcc
--- /dev/null
+++ b/Xaml/Icons/NamedLocations.xaml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Notifications.xaml b/Xaml/Icons/Notifications.xaml
new file mode 100644
index 0000000..a1c88b0
--- /dev/null
+++ b/Xaml/Icons/Notifications.xaml
@@ -0,0 +1,8 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/PolicySets.xaml b/Xaml/Icons/PolicySets.xaml
new file mode 100644
index 0000000..41d77c9
--- /dev/null
+++ b/Xaml/Icons/PolicySets.xaml
@@ -0,0 +1,24 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Refresh.xaml b/Xaml/Icons/Refresh.xaml
new file mode 100644
index 0000000..2350a4c
--- /dev/null
+++ b/Xaml/Icons/Refresh.xaml
@@ -0,0 +1,5 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/RoleDefinitions.xaml b/Xaml/Icons/RoleDefinitions.xaml
new file mode 100644
index 0000000..c963b84
--- /dev/null
+++ b/Xaml/Icons/RoleDefinitions.xaml
@@ -0,0 +1,30 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/ScopeTags.xaml b/Xaml/Icons/ScopeTags.xaml
new file mode 100644
index 0000000..30d9922
--- /dev/null
+++ b/Xaml/Icons/ScopeTags.xaml
@@ -0,0 +1,7 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Scripts.xaml b/Xaml/Icons/Scripts.xaml
new file mode 100644
index 0000000..500af5d
--- /dev/null
+++ b/Xaml/Icons/Scripts.xaml
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/SecurityBaselines.xaml b/Xaml/Icons/SecurityBaselines.xaml
new file mode 100644
index 0000000..7dab199
--- /dev/null
+++ b/Xaml/Icons/SecurityBaselines.xaml
@@ -0,0 +1,11 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/TermsAndConditions.xaml b/Xaml/Icons/TermsAndConditions.xaml
new file mode 100644
index 0000000..144a0d7
--- /dev/null
+++ b/Xaml/Icons/TermsAndConditions.xaml
@@ -0,0 +1,12 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/Trash.xaml b/Xaml/Icons/Trash.xaml
new file mode 100644
index 0000000..19f6169
--- /dev/null
+++ b/Xaml/Icons/Trash.xaml
@@ -0,0 +1,20 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/UpdatePolicies.xaml b/Xaml/Icons/UpdatePolicies.xaml
new file mode 100644
index 0000000..ff7fb2b
--- /dev/null
+++ b/Xaml/Icons/UpdatePolicies.xaml
@@ -0,0 +1,5 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/Icons/iOSUpdates.xaml b/Xaml/Icons/iOSUpdates.xaml
new file mode 100644
index 0000000..de41157
--- /dev/null
+++ b/Xaml/Icons/iOSUpdates.xaml
@@ -0,0 +1,11 @@
+
+
+
\ No newline at end of file
diff --git a/Xaml/ImportForm.xaml b/Xaml/ImportForm.xaml
new file mode 100644
index 0000000..5eea87d
--- /dev/null
+++ b/Xaml/ImportForm.xaml
@@ -0,0 +1,112 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Xaml/InputDialog.xaml b/Xaml/InputDialog.xaml
new file mode 100644
index 0000000..8de2364
--- /dev/null
+++ b/Xaml/InputDialog.xaml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Xaml/LoginPanel.xaml b/Xaml/LoginPanel.xaml
new file mode 100644
index 0000000..d62ce56
--- /dev/null
+++ b/Xaml/LoginPanel.xaml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/MSALPreReqForm.xaml b/Xaml/MSALPreReqForm.xaml
new file mode 100644
index 0000000..15e1354
--- /dev/null
+++ b/Xaml/MSALPreReqForm.xaml
@@ -0,0 +1,61 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Could not find Microsoft Authentication Library (MSAL) file Microsoft.Identity.Client.dll.
+
+ The full path can be be specified in Settings or the application can automatically find it in the Az or MSAL.PS modules.
+
+ Note that old versions of the Az module might not have the file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ As current user
+ Allow clobber
+ Skip publisher check
+
+
+
+
+
+ Install PowerShellGet
+
+
+
+
+
+ NuGet must be installed as admin and this script was not started with admin credentials.
+
+ Restart the script as Admin
+
+ or
+
+ Quit the script, install NuGet manually and start the script
+
+ Install NuGet
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/MainWindow.xaml b/Xaml/MainWindow.xaml
new file mode 100644
index 0000000..1ac0116
--- /dev/null
+++ b/Xaml/MainWindow.xaml
@@ -0,0 +1,114 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/ModalForm.xaml b/Xaml/ModalForm.xaml
new file mode 100644
index 0000000..edceca3
--- /dev/null
+++ b/Xaml/ModalForm.xaml
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/ObjectDetails.xaml b/Xaml/ObjectDetails.xaml
new file mode 100644
index 0000000..9510f3a
--- /dev/null
+++ b/Xaml/ObjectDetails.xaml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/ProfileInfo.Xaml b/Xaml/ProfileInfo.Xaml
new file mode 100644
index 0000000..1e6017a
--- /dev/null
+++ b/Xaml/ProfileInfo.Xaml
@@ -0,0 +1,44 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/RefreshButton.xaml b/Xaml/RefreshButton.xaml
new file mode 100644
index 0000000..592685d
--- /dev/null
+++ b/Xaml/RefreshButton.xaml
@@ -0,0 +1,38 @@
+
+
+
diff --git a/Xaml/SettingsForm.xaml b/Xaml/SettingsForm.xaml
new file mode 100644
index 0000000..4eb4921
--- /dev/null
+++ b/Xaml/SettingsForm.xaml
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/SplashScreen.xaml b/Xaml/SplashScreen.xaml
new file mode 100644
index 0000000..3e62f39
--- /dev/null
+++ b/Xaml/SplashScreen.xaml
@@ -0,0 +1,30 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Xaml/Welcome.xaml b/Xaml/Welcome.xaml
new file mode 100644
index 0000000..298764e
--- /dev/null
+++ b/Xaml/Welcome.xaml
@@ -0,0 +1,54 @@
+
+
+
+
+
+
+
+
+ Welcome!
+
+ This software uses public APIs (e.g. Microsoft Graph etc.) to manage and view objects.
+
+ It uses the BETA version of Microsoft Graph so some functionallity might change or break.
+
+ Please report any issues to the GitHub repository.
+
+ This is developed outside work hours so please respect that any support is based on best effort.
+
+ See GitHub repository for documentation, issue tracking etc.
+
+ This software has NO association with Microsoft.
+
+ This software is provided AS IS and it is licensed under the MIT license. See LicenseInfo for more information.
+
+ Note:
+
+ The 'Microsoft Intune PowerShell' Enterprise App in Azure is used by default for API calls.
+
+ Go to Settings if you want to use 'Microsoft Graph PowerShell' or a custom App.
+
+ This software might use permissions not granted for the existing App.
+
+ A grant request will be displayed if permissions are missing.
+
+ Enable 'Use Default Permissions' in Settings to only use existing App permissions. Some objects might not be supported.
+
+
+
+
+ Accept conditions
+
+
+
+
\ No newline at end of file