locked
Assigning different roles to different functions in an Azure app with Azure AD RRS feed

  • Question

  • I am looking for a starter on how to assign different Roles to Functions in Azure in an MVC or WEB API app

    For example using a Movies database as an example,   All Users will want READ Access to all the Tables and the various GET Functions.   UserGroup "MovieEditors" will have Create / Update / Delete Access to the Movies table and the associated functions in the API.  Whereas a distinct group of LookupEditors will have Create / Update / Delete access to the Genre, Actors, Studios and Certificates tables and functions.

    On Premise, Id have coded this manually with System.Web.Http.Filters : 

    [MyFilter]

    public string myFunction(){

    }

    [MyFilter2]

    public string myFunction2(){

    }

    Can this be done with RBAC in Azure?


    Richard

    Thursday, May 7, 2020 11:28 AM

Answers

  • You need to add Azure AD authentication (the Microsoft identity) to your application and need to use authorization using groups & group claims to signs-in users with different group claims.  You also need to make sure that the users being logged to your web application has been assigned to groups like "MovieEditors" to perform CRUD operation on Movies database.  When these users sign-ins to your application the groups which are they assigned to will be passed as claims to access token of your application. 

    Please refer to sample application which provides you information on how to use group claims in an Asp.net application. Also, refer to the documentation to understand OpenId connect with Azure Active Directory.

    Friday, May 8, 2020 12:05 AM

All replies

  • You need to add Azure AD authentication (the Microsoft identity) to your application and need to use authorization using groups & group claims to signs-in users with different group claims.  You also need to make sure that the users being logged to your web application has been assigned to groups like "MovieEditors" to perform CRUD operation on Movies database.  When these users sign-ins to your application the groups which are they assigned to will be passed as claims to access token of your application. 

    Please refer to sample application which provides you information on how to use group claims in an Asp.net application. Also, refer to the documentation to understand OpenId connect with Azure Active Directory.

    Friday, May 8, 2020 12:05 AM
  • Thank you for this

    Richard

    Monday, May 11, 2020 1:46 PM