Authorization Azure AD b2c
Question
I'm trying to get some, simple, authorization for my api and I can't see the forest because of all the trees. The setup in Azure AD b2c: web: login api: GetStuff
web->sign-in>azure userflow:signinpolicy -(success)-> token = AccessTokenForUser("scope1","scope2"..) call [Authorize(Policy = "scope1")]api.GetStuff with requestheader=token. Works great but this is only Authentication.
I wan't to implement Authorization and the stuff the turns up when I google it seem way over the top.
- Divide api into several apps with different scopes.
- Setting up AZ functions and separate user store
- Get going with Microsoft Graph
I think all of those seem very over the top. I beleive I'm missing something basic but it eludes me. The a basic supported scenario should be:
If I belong to an item I should be able to edit it, ie write otherwise I should only have read.
1 answers
solution1
1 2021-01-28 11:15:45
Please refer below sample documents and it will help how to implement RBAC in B2C using Security Group. Using below sample you can consider attaching the roles to the user object as custom claim.
Reference: https://github.com/azure-ad-b2c/samples/tree/master/policies/relying-party-rbac
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.