Update admin page (#342)

* update page

* Update EntraIDProviderConfiguration.cs

* Update CHANGELOG.md

* Update Yvand.EntraCP/TEMPLATE/ADMIN/EntraCP/GlobalSettings.ascx.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* apply suggestions

* Update Yvand.EntraCP/TEMPLATE/ADMIN/EntraCP/GlobalSettings.ascx.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Simplify InvalidGroupIdentifier test using UpdateGroupIdentifier API (#343)

* Initial plan

* Add unit test for invalid GroupIdentifierConfig.EntityProperty validation

Co-authored-by: Yvand <8788631+Yvand@users.noreply.github.com>

* Refactor: Move InvalidGroupIdentifier test to CustomizeConfigTests

Co-authored-by: Yvand <8788631+Yvand@users.noreply.github.com>

* Shorten assertion message in InvalidGroupIdentifier test

Co-authored-by: Yvand <8788631+Yvand@users.noreply.github.com>

* Simplify InvalidGroupIdentifier test using UpdateGroupIdentifier method

Co-authored-by: Yvand <8788631+Yvand@users.noreply.github.com>

* Update CustomizeConfigTests.cs

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Yvand <8788631+Yvand@users.noreply.github.com>
Co-authored-by: Yvan Duhamel <yvandev@outlook.fr>

* Update CustomizeConfigTests.cs

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Yvand <8788631+Yvand@users.noreply.github.com>

Author: 3 people

CHANGELOG.md

@@ -15,6 +15,8 @@
 * Rename both methods UpdateTenantCredentials in class EntraIDProviderConfiguration, to SetTenantSecret and SetTenantCertificate, to prevent using the unexpected overload, due to the last, optional newClientId parameter - https://github.com/Yvand/EntraCP/pull/334
 * Improve performance and make some optimizations in the code - https://github.com/Yvand/EntraCP/pull/327
 * Add proxy information in the logging
+* Restrict the list of properties that can be set as user identifiers in the global config page - https://github.com/Yvand/EntraCP/pull/342
+* Ensure the group identifier property is valid before committing the changes - https://github.com/Yvand/EntraCP/pull/342
 
 ## EntraCP v29.0.20250721.38 - enhancements & bug-fixes - Published in July 21, 2025
 

Yvand.EntraCP.Tests/CustomizeConfigTests.cs

@@ -173,5 +173,21 @@ public void ModifyUserIdentifier()
             configUpdated = Settings.ClaimTypes.UpdateIdentifierForGuestUsers(backupIdentityCTConfig.DirectoryObjectPropertyForGuestUsers);
             Assert.That(configUpdated, Is.False, $"Update user identifier of Guest UserType with the same DirectoryObjectProperty should not change anything and return false");
         }
+
+        [Test]
+        public void InvalidGroupIdentifier()
+        {
+            if (Settings.ClaimTypes.GroupIdentifierConfig != null)
+            {
+                DirectoryObjectProperty backupGroupIdentifier = Settings.ClaimTypes.GroupIdentifierConfig.EntityProperty;
+
+                // Update GroupIdentifierConfig to use UserPrincipalName, which exists for User but not Group
+                Settings.ClaimTypes.UpdateGroupIdentifier(DirectoryObjectProperty.UserPrincipalName);
+                // ValidateConfiguration should throw InvalidOperationException because the group identifier property is invalid
+                Assert.Throws<InvalidOperationException>(() => UnitTestsHelper.PersistedConfiguration.ApplySettings(Settings, true), "ValidateConfiguration should throw when GroupIdentifierConfig.EntityProperty doesn't exist for Group");
+                
+                Settings.ClaimTypes.UpdateGroupIdentifier(backupGroupIdentifier);
+            }
+        }
     }
 }

Yvand.EntraCP/TEMPLATE/ADMIN/EntraCP/GlobalSettings.ascx.cs

@@ -82,16 +82,6 @@ private void PopulateFields()
         {
             // User identifier settings
             this.lblUserIdClaimType.Text = Settings.ClaimTypes.UserIdentifierConfig.ClaimType;
-            if (IdentityCTConfig.EntityPropertyToUseAsDisplayText == DirectoryObjectProperty.NotSet)
-            {
-                this.DdlUserGraphPropertyToDisplay.Items.FindByValue("NotSet").Selected = true;
-            }
-            else
-            {
-                this.DdlUserGraphPropertyToDisplay.Items.FindByValue(((int)IdentityCTConfig.EntityPropertyToUseAsDisplayText).ToString()).Selected = true;
-            }
-            this.DdlUserIdDirectoryPropertyMembers.Items.FindByValue(((int)IdentityCTConfig.EntityProperty).ToString()).Selected = true;
-            this.DdlUserIdDirectoryPropertyGuests.Items.FindByValue(((int)IdentityCTConfig.DirectoryObjectPropertyForGuestUsers).ToString()).Selected = true;
             this.ChkFilterUserAccountsEnabledOnly.Checked = Settings.FilterUserAccountsEnabledOnly;
 
             // Group identifier settings
@@ -138,6 +128,16 @@ private void PopulateFields()
 
         private void PopulateGraphPropertiesLists()
         {
+            List<DirectoryObjectProperty> preferredUserIdentifiers = new List<DirectoryObjectProperty>() { DirectoryObjectProperty.Id, DirectoryObjectProperty.Mail, DirectoryObjectProperty.UserPrincipalName, DirectoryObjectProperty.OnPremisesDistinguishedName, DirectoryObjectProperty.OnPremisesSamAccountName, DirectoryObjectProperty.OnPremisesSecurityIdentifier, DirectoryObjectProperty.OnPremisesUserPrincipalName };
+            if (!preferredUserIdentifiers.Contains(IdentityCTConfig.EntityProperty))
+            {
+                preferredUserIdentifiers.Add(IdentityCTConfig.EntityProperty);
+            }
+            if (!preferredUserIdentifiers.Contains(IdentityCTConfig.DirectoryObjectPropertyForGuestUsers))
+            {
+                preferredUserIdentifiers.Add(IdentityCTConfig.DirectoryObjectPropertyForGuestUsers);
+            }
+
             this.DdlUserGraphPropertyToDisplay.Items.Add(new ListItem("(Same as the identifier property)", "NotSet"));
             this.DdlGroupGraphPropertyToDisplay.Items.Add(new ListItem("(Same as the identifier property)", "NotSet"));
 
@@ -152,8 +152,11 @@ private void PopulateGraphPropertiesLists()
                     PropertyInfo pi = typeof(User).GetProperty(prop.ToString());
                     if (pi != null && pi.PropertyType == typeof(String))
                     {
-                        this.DdlUserIdDirectoryPropertyMembers.Items.Add(new ListItem(prop.ToString(), ((int)prop).ToString()));
-                        this.DdlUserIdDirectoryPropertyGuests.Items.Add(new ListItem(prop.ToString(), ((int)prop).ToString()));
+                        if (preferredUserIdentifiers.Contains(prop))
+                        {
+                            this.DdlUserIdDirectoryPropertyMembers.Items.Add(new ListItem(prop.ToString(), ((int)prop).ToString()));
+                            this.DdlUserIdDirectoryPropertyGuests.Items.Add(new ListItem(prop.ToString(), ((int)prop).ToString()));
+                        }
                         this.DdlUserGraphPropertyToDisplay.Items.Add(new ListItem(prop.ToString(), ((int)prop).ToString()));
                     }
                 }
@@ -170,6 +173,35 @@ private void PopulateGraphPropertiesLists()
                     }
                 }
             }
+
+            ListItem userIdMembersItem = this.DdlUserIdDirectoryPropertyMembers.Items.FindByValue(((int)IdentityCTConfig.EntityProperty).ToString());
+            if (userIdMembersItem != null)
+            {
+                userIdMembersItem.Selected = true;
+            }
+
+            ListItem userIdGuestsItem = this.DdlUserIdDirectoryPropertyGuests.Items.FindByValue(((int)IdentityCTConfig.DirectoryObjectPropertyForGuestUsers).ToString());
+            if (userIdGuestsItem != null)
+            {
+                userIdGuestsItem.Selected = true;
+            }
+
+            if (IdentityCTConfig.EntityPropertyToUseAsDisplayText == DirectoryObjectProperty.NotSet)
+            {
+                ListItem notSetItem = this.DdlUserGraphPropertyToDisplay.Items.FindByValue("NotSet");
+                if (notSetItem != null)
+                {
+                    notSetItem.Selected = true;
+                }
+            }
+            else
+            {
+                ListItem displayTextItem = this.DdlUserGraphPropertyToDisplay.Items.FindByValue(((int)IdentityCTConfig.EntityPropertyToUseAsDisplayText).ToString());
+                if (displayTextItem != null)
+                {
+                    displayTextItem.Selected = true;
+                }
+            }
         }
 
         protected void grdAzureTenants_RowDeleting(object sender, GridViewDeleteEventArgs e)

Yvand.EntraCP/Yvand.EntraClaimsProvider/Configuration/EntraIDProviderConfiguration.cs

@@ -1,4 +1,5 @@
-using Microsoft.SharePoint.Administration;
+using Microsoft.Graph.Models;
+using Microsoft.SharePoint.Administration;
 using Microsoft.SharePoint.Administration.Claims;
 using Microsoft.SharePoint.WebControls;
 using System;
@@ -84,7 +85,7 @@ public interface IEntraIDProviderSettings
         /// Gets if only enabled user accounts should be returned
         /// </summary>
         bool FilterUserAccountsEnabledOnly { get; }
-        
+
         /// <summary>
         /// Gets the count of group members returned per page in a request. Its value must be between 1 and 999 inclusive. Default value is 100.
         /// </summary>
@@ -616,6 +617,12 @@ public virtual void ValidateConfiguration()
             {
                 throw new InvalidOperationException($"{configInvalidStartText} because property {nameof(ProxyAddress)} must be either empty, or start with \"http://\".");
             }
+
+            // Ensure the group identifier is valid
+            if (this.ClaimTypes.GroupIdentifierConfig != null && Utils.GetDirectoryObjectPropertyValue(new Group(), this.ClaimTypes.GroupIdentifierConfig.EntityProperty.ToString()) == null)
+            {
+                throw new InvalidOperationException($"{configInvalidStartText} because the selected group identifier property \"{this.ClaimTypes.GroupIdentifierConfig.EntityProperty}\" does not exist for a Group.");
+            }
         }
 
         /// <summary>