implementing azure group based access in an MVC5 app

Question

I'm new to azure active directory and I'm trying to implement a group based access mechanism in my mvc5 (C#) app. I have the Azure side sorted, my users are assigned to groups but I want to be able to determine which group they are in to control access to areas within the web app. (similar to roles based access) so I need something like this

if (User.IsInGroup("Admin") || User.IsIngroup("Creator"))
        {
            //do something here
        }

there are only 2 groups so I don't really need roles. I've looked at a few options using the graph api and they seem like massive overkill for what I'm trying to achieve. Whats the best way to implement this ? Do I need to implement the graph API ? Id appreciate any advice

Answer 1

You could enable Group Claims in Azure AD app, that will makes it simple to enable access management using AD groups. To enable your application to receive group claims :

1.In your application page, click on "Manifest" to open the inline manifest editor.

2.Edit the manifest by locating the "groupMembershipClaims" setting, and setting its value to "All" (or to "SecurityGroup" if you are not interested in Distribution Lists).

3.Save the manifest.

Then when user login , you will get the groups information in token ,but it will return the object id of group(that is unique identity, group name could be changed).Please click here and here for more details , also see the new groups claim sample published in the Azure AD samples github repo: https://github.com/AzureADSamples/WebApp-GroupClaims-DotNet

Please let me know if it helps .