Reputation: 3704
Lookup Username for SID in Azure Rest API C#
I have a SID (Microsoft.TeamFoundation.Identity;S-1-9-1531374245-1204410969-2402986413-2179508616-0-0-0-0-1) and I have the ACLs for it using the Azure DevOps Security Rest API. What I am trying to do is lookup the user (username or email) associated with that and I can't seem to find the right API call. Anyone ever tried to do this? PS the SID above is bogus but I included it as an example of what I am trying to lookup.
I have tried using the graph api to lookup a user and go the other direction as well. But I haven't been able to find a way to create a SID for a user in that direction. If I could then I would be able to brute force search for the SID in the descriptors of the access control lists. Not really what I want to do but if it is the only way I will take it.
If it would help I can describe what it is I am trying to do:
- We have 70+ Team Projects that we manage
- We need to grant access to the QA managers team to work with shared queries on the Board.
- We do this manually by Clicking on Board > Queries > Shared Queries > … > Security
- We then add the groups and then Allow the Contributor permission for that group
- We want to programmatically do this set of steps using the Azure DevOps Rest API
- I need to translate between a Graph User and the SID listed in the ACE entries on an ACL in the SecurityNamespace for the Query permission
Upvotes: 0
Views: 874
Answers (1)
Reputation: 3768
Kevin's answer here contains more details about the identities call.
There is an identities api you can call to translate. You send the whole descriptor, or a list of descriptors, and it will give back the entries. Contained is the Display name for the principal.
There must be a better way to get the raw data, but here is an example powershell...
$namespaces = Invoke-RestMethod -Method get -Headers $securityHeader -Uri 'https://dev.azure.com/<Your Account>/_apis/securitynamespaces/?api-version=5.1'
$projectsGuid = <The GUID for Project from the $namespaces>
$projectACLs = Invoke-RestMethod -Method Get -Headers $securityHeader -Uri "https://dev.azure.com/<Your Account>/_apis/accesscontrollists/$projectsGuid/?api-version=5.1&recurse=true"
$projectACLs.value | % {
$project = $_
$props = Get-Member -InputObject $project.acesDictionary -MemberType NoteProperty
$props | % {
Invoke-RestMethod -Method Get -Headers $securityHeader -Uri "https://vssps.dev.azure.com/<Your Account>/_apis/identities?descriptors=$($_.Name)"
}
}
Upvotes: 1
Related Questions
- Get username from Azure Identity
- How to get username from Azure Active Directory using user Id (object id)
- How to get current user information from REST API in Azure DevOps?
- Azure AD bearer token - Get User identifier
- Azure Devops REST API with C# Authentication
- Getting user/users details based on user name/alias as parameter in azure devops
- How to get the logon SID in C#
- Azure DevOps REST call - How to find out my identity
- Azure REST Api Authentication using C#
- Get user name from Azure authenticated AD in .Net Web API