User Assignment in Azure App registration
Question
So, I have a WPF application, and I wanted to integrate SSO to it. I successfully made it with "App registration" under Azure.
But now I have a problem, the users under the Azure AD can successfully connect to the app, but I want to specify which users in my AD can access to this app.
I didn't find any way to do this, and I see that in "Enterprise application" we can do so.
I wanted to know if there is any way to do it with "App registration" or if I must switch to use "Enterprise Application" and if so how can I handle the authentication in my WPF app.
In my case I use this to authenticate in the wpf app with "Tenant" and "clientId" from the app registration:
PublicClientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
.Build();
authResult = await PublicClientApp.AcquireTokenInteractive(scopes)
.ExecuteAsync();
2 answers
solution1
1 2022-01-11 14:03:08
The "registered application" is just a notification to the AAD that this application uses AAD for authentication. Once your user logs in, you can check that the user belongs to a security group that is allowed permission to use the application. There may be a better way to do this, but I check in the application itself.
solution2
0 2022-01-11 14:44:03
To grant access only for a specific subset of users/groups in Azure AD you should create "Enterprise Application" and assign necessary users/groups to it like in this example .
Also you will need to configure single sign-on (SSO) and ensure that app's "User assignment required" property is enabled. All the steps are described here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.