0

I am trying to perform Authetication and Authorization of my .Net core application through Azure Active Directory. So far, I am successfully able to do,

  • Authentication with OIDC
  • Authentication through Graph API
  • Applying groups and roles policies

Above implementation satisfies my half of the expectation. Once Role is assigned, I want to have custom permission under each role and I am stuck with that setup. I understand that using custom claims, I can setup my application entity permission to users. i.e. category claims, which stores accessible categories for that particular user.

Questions:

  • Am I on the right direction?
  • If yes, I believe that we can not setup dynamically other user claims through Graph API. What is the other solution?
  • If no, what are the alternatives?

Summary - I don't want to store any authentication or authorization information on my database. Hence, I want to leverage Azure AD for the same.

DSA
  • 720
  • 2
  • 9
  • 30
  • What is the role you mentioned? Can you please share any related official document? Just want to confirm whether the role you are talking about is rbac or Azure AD role or App role in Azure AD application. The concepts of these roles are a bit confusing. And what is "application entity permission"? – Allen Wu Aug 10 '20 at 01:56
  • @AllenWu It's App Role (defined in application manifest). When I say 'Application Enityt', it's pure object of my application. i.e. product, users. I want to apply additional permission on top of role. – DSA Aug 10 '20 at 06:00
  • OK. But what is "custom permission under each role"? Can you give an example for an app role which you have defined? – Allen Wu Aug 10 '20 at 06:16
  • Hi @DSA, Please let us know you got your answer or you're still looking for help? – Hari Krishna Nov 09 '20 at 06:58
  • @HariKrishna--MSFTIdentity: we came to the conclusion that role can be managed at AAD level but we have to have homegrown sql tables to manage role permissions. – DSA Nov 10 '20 at 12:46

0 Answers0