In my design I want to use DocumentDB as a back-end for my multi tenant SAAS application.
As the data per tenant can be > 10gb I want to use a collection per tenant model.
The requirement is how can I ensure data isolation in my application. Tenant 1 should not be able to see tenant 2 data in code and on azure portal. How can I set permissions on collections for the same?
I want to use a collection per tenant model
You could try to create DocumentDB users for each tenant and associate the permissions with the user to control user access to collection/documents.
string documentCollectionlink = UriFactory.CreateDocumentCollectionUri("{database id}", "{collection id}").ToString();
string databaseLink = UriFactory.CreateDatabaseUri("{database id}").ToString();
Permission docPermission = new Permission
{
PermissionMode = PermissionMode.All,
ResourceLink = documentCollectionlink,
Id = "tenant1perm"
};
await client.CreateUserAsync(databaseLink, new User { Id = "tuser" });
docPermission = await client.CreatePermissionAsync(UriFactory.CreateUserUri("{database id}", "tuser"), docPermission);
and then you could read permissions for DocumentDB user and get access token based on the tenant, and create a new instance of the DocumentClient with the token to operate the resource.
var qclient = new DocumentClient(new Uri(EndpointUri), token);
Related
I am trying to get transfer related data from stripe
TransferService service = new TransferService();
TransferListOptions stripeTransferList = new TransferListOptions
{
Destination = accountId,
Limit = 100
};
var list = await service.ListAsync(stripeTransferList);
var finalData = list.FirstOrDefault(x => x.DestinationPaymentId == paymentId);
so when I try to search paymentId from that list I was not able to find any because the page limit is 100 only
Limit = 100
how to fetch all the data and filter from that??
The stripe-dotnet library supports automatic pagination and it's documented here.
This lets you paginate through all the data in your account based on specific criteria that you passed as parameters. For example you can list all Transfer objects made to a specific connected account this way:
TransferService service = new TransferService();
TransferListOptions listOptions = new TransferListOptions
{
Destination = "acct_123456",
Limit = 100
};
foreach (var transfer in service.ListAutoPaging(listOptions)) {
// Do something with this Transfer
}
Now, this allows you to iterate over every Transfer but if you have a lot of data this could be quite slow. An alternative would be to start from the charge id, the py_123456 that you have from your connected account. If you know which account this charge was created on, you can fetch it directly via the API. This is done using the Retrieve Charge API along with passing the connected account id as documented here.
The Charge resource has the source_transfer property which is the id of the Transfer (tr_123) from the platform that created this charge. You can also use the Expand feature, which lets you fetch the entire Transfer object back to get some detailed information about it.
The code would look like this
var transferOptions = new TransferGetOptions{};
transferOptions.AddExpand("source_transfer");
var requestOptions = new RequestOptions();
requestOptions.StripeAccount = "acct_12345";
TransferService service = new TransferService();
Charge charge = service.Get(transferOptions, requestOptions);
// Access information about the charge or the associated transfer
var transferId = charge.SourceTransfer.Id;
var transferAmount = charge.SourceTransfer.TransferData.Amount;
I am trying to read the Planner task for the users of my tenant. So I configured admin consent for "Tasks.Read", "Tasks.Read.Shared", "Groups.Read.All", "Groups.ReadWrite.All" for the app that is doing that.
Like mentioned here: https://learn.microsoft.com/de-de/graph/api/planneruser-list-tasks?view=graph-rest-1.0&tabs=http
I desined my code to get a token like mentioned here: https://briantjackett.com/2018/12/13/introduction-to-calling-microsoft-graph-from-a-c-net-core-application/
I get a token back and it is valid. (Checked with baerer token check tool.)
I thought that I could access the tasks from the Graph API like '/v1.0/users/{userId}/planner/tasks' but I get HTTP 401 back.
Can anyone give me the missing link? Thanks a lot.
_appId = configuration.GetValue<string>("AppId");
_tenantId = configuration.GetValue<string>("TenantId");
_clientSecret = configuration.GetValue<string>("ClientSecret");
_clientApplication = ConfidentialClientApplicationBuilder
.Create(_appId)
.WithTenantId(_tenantId)
.WithClientSecret(_clientSecret)
.Build();
var graphClient = GraphClientFactory.Create(new DelegateAuthenticationProvider(Authenticate));
var result = await graphClient.GetAsync($"/v1.0/users/{userId}/planner/tasks")
public async Task<string> GetTokenAsync()
{
AuthenticationResult authResult = await _clientApplication.AcquireTokenForClient(_scopes)
.ExecuteAsync();
return authResult.AccessToken;
}
private async Task Authenticate(HttpRequestMessage request)
{
var token = await GetTokenAsync();
request.Headers.Authorization = new AuthenticationHeaderValue("bearer", token);
}
Reading tasks for other users is currently not allowed. A user can only read their assigned tasks. As an alternative, you can read the tasks in specific Plans, and sort out the users from that data, if you want to collect assignments from a set of Plans. You can provide feedback on this behavior in Planner UserVoice with the description of what you are trying to accomplish.
Additionally, application permissions are supported now, if that works for your scenario.
/v1.0/users/{userId}/planner/tasks is for getting tasks via getting a user, and you will need User permissions (User.Read.All) to get tasks via that call.
(Also Do you really need Groups.ReadWrite.All? Are you making changes to groups? -- it's not in your original description)
I have created two app maker apps for different purposes. However, there are some data which is common between two apps.
How can I access/connect data between those app maker apps?
You will need to setup a Custom Google Cloud SQL instance. Then you can point both apps at the instance in Settings > Database > Switch to a Custom Cloud SQL Database
EDIT:
The other option is setting up a calculated reference to a model in another app.
Grant access to App2 in App1's Google Cloud SQL Instance Authorization Settings (see above link).
Create a Calculated model in App2.
In the Datasource query:
var conn = Jdbc.getCloudSqlConnection('jdbc:google:mysql://INSTANCE_CONNECTION_NAME/DATABASE_NAME', 'USERNAME', 'PASSWORD');
var stmt = conn.prepareStatement("SELECT * from TABLE_NAME");
var res = stmt.executeQuery();
var records = [];
while(res.next()) {
var record = app.models.MODEL_NAME.newRecord();
record.FIELD_1 = res.getString(1);
record.FIELD_2 = res.getString(2);
record.FIELD_3 = res.getString(3);
records.push(record);
}
res.close();
stmt.close();
conn.close();
return records;
I’m developing a Xamarin app that uses Azure AD B2C and I’m having some trouble getting data from any of the providers.
Even though I have LinkedIn, Google, Microsoft, Facebook, and Twitter setup as Identity Providers, and they appear to be configured properly, the only data returned is User.IdentityProvider. Both User.Name and User.DisplayableId are null. This happens for all of the providers.
Here is my call to AcquireTokenAsync:
var result = await App.AuthenticationClient.AcquireTokenAsync(Constants.Scopes, user, UIBehavior.SelectAccount, string.Empty, null, Constants.Authority, App.UiParent);
I have my application claims selected:
The login succeeds on every provider, but I don't get email addresses back like I need.
With help from a friend, I discovered that while the values in the User field are returned using Azure AD, the response from an Azure AD B2C call populates the IdToken field instead.
A bit more sleuthing turned up this to be a serialized JwtSecurityToken object. That led me to the following code:
var displayableId = ""; // result.User.DisplayableId;
var token = new JwtSecurityToken(result.IdToken);
foreach (var claim in token.Claims)
{
if (claim.Type == "emails")
{
displayableId = claim.Value;
}
}
Now displayableId contains the user's email address.
I am using Auth0, And I want to retrieve all users of my client application.
Below is my code:
var apiClient = new ManagementApiClient("<<Token>>", new Uri("https://<<Domain>>/api/v2/users"));
var allClients = await apiClient.Users.GetAllAsync();
I am using token which includes Read:User permission in auth0.
But I am getting below error,
Path validation error: 'String does not match pattern ^.+\|.+$: users'
on property id (The user_id of the user to retrieve).
I read this arrticle, But I am not understanding, What changes I need to make in auth0.
https://auth0.com/forum/t/auth-renewidtoken-returns-a-user-id-validation-error/1151
What changed I need to make to solve it?
You need to create the ManagementApiClient in one of the following ways:
// Pass the base Uri of the API (notice it does not include the users path)
var api = new ManagementApiClient("[token]", new Uri("https://[account].auth0.com/api/v2"));
or
// Pass only the domain as a string
var api = new ManagementApiClient("[token]", "[account].auth0.com"));
You're including /users in the base API path which will then cause errors, like the one you observed.