Is there a way to add custom permissions for web app user in azure active directory
Question
For instance, I have an application 'myApp' in app registrations and I have a user in Azure Active Directory User1 which is an Admin in AD. I want to use authentication via Azure AD in that app and want User1 to have a permissions only to access 'api/todos' and 'api/vehicles'. So there can be a role 'Role1 with permissions Todos , Vehicles`. Is there a way to configure that? Thanks.
1 answers
solution1
3 ACCPTED 2017-02-20 12:53:50
Yes, there is a way to configure that. Azure works with a Role concept. This sample shows how to do it in a web API.
In short: You need to define the possible roles and assign users to them via the application configuration in the admin portal. And then you need to define which roles the user should be in using the [Authorize] attribute, on the web API controller methods, eg like in one of the sample's controllers :
[Authorize(Roles = "Admin, Observer, Writer, Approver")]
public ActionResult Index()
{
ViewBag.Message = "Tasks";
ViewData["tasks"] = TasksDbHelper.GetAllTasks();
return View();
}
As usual with [Authorize] it is inherited, so you can put it on the entire controller class.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.