stackoom
  简体   繁体   中英

Blazor (Server-Side) with Organizational/Office 365/Microsoft Account Authentication; How to do Local Multiple Roles?

 原文  2020-05-18 10:31:04       c#/ authentication/ azure-active-directory/ office365/ blazor

Question

There's a somewhat similar question here that was asked 8 months ago with no response: How do I implement Office 365 Authentication in ASP.NET Core and Blazor (Server-Client app)

What I do have is a new project in Visual Studio Community 2019:

  1. Type is Blazor Server-Side app.
  2. I selected "Work or School" for authentication when creating the project. To use Microsoft Accounts.
  3. I selected organizational "Single Tenant" account type. Filled in my org's domain.
  4. I went to my Azure Portal and the app appeared there. The Tenant/Client ID match the ones in appsettings.json.
  5. When I launch the app it asks for my organizational login and it redirects to the homepage fine!

The issue is all users have the same levels of access.

What I want to create is a page (visible to an Admin) where I can:

  1. add organizational users by searching the active directory.
  2. assign roles (stored in my local database).

My question is:

  • How can I assign roles to o365 users from within my app? The scope is my app only so to be stored in a local db.
  • If the above is not doable, what is the alternative to achieve the same goal?

1 answers

solution1
 0 ACCPTED  2020-05-18 14:56:23

you could probably store all the users in the local db, if you were developing a multi tenant app or an app that would be used by other companies and such, then I may go that route in terms local db and etc. if it just for your org, and you have access to aad, I would create roles in the app reg manifest, then assign them in the enterprise application. here's how: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

then in blazor at least for .netcore, i would access them with something like this

You can only see this if you're an admin or superuser.

or the authorize attribute. https://docs.microsoft.com/en-us/aspnet/core/security/blazor/?view=aspnetcore-3.1#role-based-and-policy-based-authorization

Hope that helps you get started,

Update

As per your update, you wanted to know if you could do it without admin access. Once you have the user authenticated from aad, you could add some code to query a database, for the username, and add role or other claims to the claimsprincipal, as per https://visualstudiomagazine.com/articles/2019/11/01/authorization-claims.aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I implement authentication from a local Active Directory in Blazor Server-Side application? Server-side task to query Office 365 account for new emails Custom blazor server-side authentication MailKit, Office 365 and OAUTH2: Problem in authentication of a server side app How do I extend the authentication process in a blazor server side app? UseExceptionHandler Blazor server-side Multiple Model validation in single EditForm in Server-Side Blazor Run Blazor WASM as Blazor Server-Side How do I get the access token from a blazor (server-side) web app? How to add logging to Blazor Server-side component?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM