Azure AD App Authorization with active roles
Question
I've got some trouble with Azure AD authorization for APIs with active roles. Here are my steps:
- I've created an Azure AD App and activated the option "User assignment required"
- In the manifest I've created the roles
- In my WebApp I've used ADAL and my assigned users can log in. Everything works fine
My problem: Now I have another API/Batch which should "log in" into my AD-App. Easy I thought -> I've created an secret key and my Parameters for my request looks like:
URL for Login: https://login.microsoftonline.com/MyTenantID
ClientID: myAppID of the AD-App
Key: MyKey
ResourceID: MyAppID of the AD-App
-> Error: Application 'xxx' is not assigned to a role for the ...
So what I am doing wrong? How can I assign the APP to login 'by itself'?
1 answers
solution1
1 2018-06-08 04:50:48
As User assignment required option noted as follows:
If this option is set to yes, then users must first be assigned to this application before being able to access it . If this option is set to no, then any users who navigate to the application will be granted access. This option is only enabled when the application is configured for the following sign-on modes: SAML-based SSO or WIA with Azure AD Authentication.
So what I am doing wrong? How can I assign the APP to login 'by itself'?
Based on your description, I assumed that you are using the Service to Service Client Credentials Grant Flow without user interaction. For your scenario, you need to define the Application roles for Application member, details you could follow this similar issue .
Moreover, you could refer to my test steps as follows:
Define the Application roles:
Create another AAD app and configure required permissions to access another AAD app:
Acquire the token:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.