Authorize Azure App Service endpoints for different user groups
Question
I have a simple Azure App Service that exposes two REST endpoints. Is it possible to set up an authentication scheme so that each endpoint can only be accessed by a specific group of Azure AD users?
Endpoint A (HTTP/GET) <- Accessible by User Group A
Endpoint B (HTTP/POST) <- Accessible by User Group B
If not by configuration, is it possible to do this programmatically?
Thanks in advance.
1 answers
solution1
0 2022-01-25 09:15:43
The short answer: yes, that is possible.
The longer answer: this is not something that can be done with a single configuration setting or one line of code. The exact steps depend on the language you used to write the API.
In general, you need to add AAD authentication to the application. Make sure the token you're getting from AAD includes security groups in its claims. Then, add authorization based on the security groups in those claims.
For ASP.NET, here's are two great articles:
Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform
Add authorization using groups & group claims to an ASP.NET Core Web app that signs-in users with the Microsoft identity platform
Interesting links:
Microsoft Identity Platform
Microsoft Authentication Library (MSAL)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.