授权 Azure AD b2c
[英]Authorization Azure AD b2c
问题描述
I'm trying to get some, simple, authorization for my api and I can't see the forest because of all the trees.
我正在尝试为我的 api 获得一些简单的授权,但由于所有的树木,我看不到森林。 The setup in Azure AD b2c: web: login api: GetStuff Azure AD b2c 中的设置:web:登录 api:GetStuff
web->sign-in>azure userflow:signinpolicy -(success)-> token = AccessTokenForUser("scope1","scope2"..) call [Authorize(Policy = "scope1")]api.GetStuff with requestheader=token. web->登录>azure userflow:signinpolicy -(success)-> token = AccessTokenForUser("scope1","scope2"..) 使用 requestheader=token 调用 [Authorize(Policy = "scope1")]api.GetStuff。 Works great but this is only Authentication.效果很好,但这只是身份验证。
I wan't to implement Authorization and the stuff the turns up when I google it seem way over the top.我不想实施授权,当我在谷歌上搜索时出现的东西似乎太过分了。
- Divide api into several apps with different scopes.将api分成几个不同范围的app。
- Setting up AZ functions and separate user store设置 AZ 功能和单独的用户存储
- Get going with Microsoft Graph开始使用 Microsoft Graph
I think all of those seem very over the top.我认为所有这些似乎都非常过分。 I beleive I'm missing something basic but it eludes me.我相信我错过了一些基本的东西,但它让我望而却步。 The a basic supported scenario should be:一个基本的支持场景应该是:
If I belong to an item I should be able to edit it, ie write otherwise I should only have read.如果我属于某个项目,我应该能够编辑它,即写,否则我应该只阅读。
1 个解决方案
解决方案1
1 2021-01-28 11:15:45
Please refer below sample documents and it will help how to implement RBAC in B2C using Security Group.请参考下面的示例文档,它将帮助如何使用安全组在 B2C 中实施 RBAC。 Using below sample you can consider attaching the roles to the user object as custom claim.使用以下示例,您可以考虑将角色附加到用户 object 作为自定义声明。
Reference: https://github.com/azure-ad-b2c/samples/tree/master/policies/relying-party-rbac参考: https://github.com/azure-ad-b2c/samples/tree/master/policies/relying-party-rbac
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.