oauth 2.0 - How to configure users access to an API protected with Azure AD oAuth2 -


we have existing "private/internal" api (non ms/azure) protect oauth2 provided azure ad, so, user's access api maintained azure ad administrators.

it seems way configure api web application in azure ad. then, users can authorization token azure oauth2 server , send api (e.g. single page web app).

the api expected validate scope, per understanding, received in token , make decision regarding access.

but can't figure out how configure api access scope in azure ad against user. i.e. how link particular user , api scope in azure ad?

can pls advise?

thank you.

when configure app, can enable "user assignment required" (in enterprise application properties in azure portal), , configure users or groups should have access.

alternatively, if need more granularity, can use role based access, define roles in application manifest (https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles), , assign users different roles.

the [authorize] attributes on api controllers or on actions in them can configured required roles access them, so: [authorize(roles = "admin, writer, approver")] (any of 3 named roles have access).

there sample demonstrates this.


Comments

Post a Comment

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

i've set bento/ubuntu-16.04 vagrant box using php 5.6, , getting following error quite few times when try , run shell script: "uncaught reflection exception: class domdocument not exist". i've tried adding following top of script (not together), each no success: "sudo apt-get install php5.6-xml", "sudo apt-get install php5-xml", "sudo apt-get install php-dom" i've tried resetting server "sudo service apache2 restart". does have suggestions?
Read more

vue.js - Create hooks for automated testing -

Image
qa guys complained can't automate frontend testing. because our html looks same outside. lazy hack did this <template> <div :role="$options.name"> ... </div> </template> <script> export default { name: 'vmcomponentname' } </script> which takes name script , applies html. in browser get: <div role="vmcomponentname"> ... </div> line :role="$options.name" goes in every component. is there dry er solutions? please share. additional details i'll explain in details looking for. imagine have vmusercreate form creates user. test case can create user . to automatically test without role, have use following selector: .wrapper > .wrapper > .wrapper > .submit-button the test extremely brittle (will break lot). if use roles can use [role="vmusercreateform"] .submit-button selector. many folds less brittle. so basically, i'm
Read more

.htaccess - ERR_TOO_MANY_REDIRECTS htaccess -

could can explain me .htaccess code doing? rewriterule ([0-9]+)/([^t]{1}[a-za-z0-9_-]{0,})\.([^s]{1}[a-za-z0-9]+)$ ../items/go.php?u=$1/$2.$3 i have folder : mywebsite.com/download/folder1/ .htaccess file in uplevel mywebsite.com/download/ folder contains code above. when access file directly path mywebsite.com/download/folder1/file.mp4 returns error : mywebsite.com redirected many times. try clearing cookies. err_too_many_redirects i tried clear browser cookies issue persist. issue solved when commented out htaccess line above. this rule appears looking specific pattern consisting of: <numbers>/<alphanumeric string not starting t , other conditions applied>.<alphanumeric string not starting s> then redirecting user's browser go.php parsed filename passed file arguments. err_too_many_redirects due infinite redirect loop. without knowing other rewriterule statements present difficult narrow down exact cause. can narrow down
Read more