is it possible to block users from using api operations in azure api management?
Question
I wrote below code for blocking user from group dev, from using an api operation. I would like to know if there is a method for blocking users in a group from accessing a particular method like put, delete and only allow user from a group to use get method?
<choose>
<when condition="@(context.User.Groups.Any(g => g.Name == "dev"))">
<return-response>
<set-status code="403" reason="Unauthorized" />
<set-body>Users in group dev do not have access to this method.</set-body>
</return-response>
</when>
</choose>
2 answers
solution1
1 ACCPTED 2022-03-24 03:12:29
<set-variable name="isAccessible" value="@(context.User.Groups.Any(g => g.Name == "dev") && context.Request.Method==PUT)" />
<choose>
<when condition="@(context.Variables.GetValueOrDefault<bool>("isAccessible"))">
<return-response>
<set-status code="403" reason="Unauthorized" />
<set-body>Users in group dev do not have access to this method.</set-body>
</return-response>
</when>
</choose>
PS: Not Tested
solution2
0 2022-03-21 06:49:27
You can use 'validate-jwt' policy and Allow/restrict the access based on method called. Users will present the JWT token while calling the API, you can use operation level policy or API level policy(based on method check) and verify the JWT token claim.
You can refer microsoft documentation here for use of policy: https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.