For instance, I have an application 'myApp' in app registrations and I have a user in Azure Active Directory User1
which is an Admin in AD. I want to use authentication via Azure AD in that app and want User1
to have a permissions only to access 'api/todos' and 'api/vehicles'. So there can be a role 'Role1 with permissions
Todos ,
Vehicles`. Is there a way to configure that? Thanks.
Yes, there is a way to configure that. Azure works with a Role concept. This sample shows how to do it in a web API.
In short: You need to define the possible roles and assign users to them via the application configuration in the admin portal. And then you need to define which roles the user should be in using the [Authorize]
attribute, on the web API controller methods, eg like in one of the sample's controllers :
[Authorize(Roles = "Admin, Observer, Writer, Approver")]
public ActionResult Index()
{
ViewBag.Message = "Tasks";
ViewData["tasks"] = TasksDbHelper.GetAllTasks();
return View();
}
As usual with [Authorize]
it is inherited, so you can put it on the entire controller class.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.