Reputation: 914
Blazor (Server-Side) with Organizational/Office 365/Microsoft Account Authentication; How to do Local Multiple Roles?
There's a somewhat similar question here that was asked 8 months ago with no response: How do I implement Office 365 Authentication in ASP.NET Core and Blazor (Server-Client app)
What I do have is a new project in Visual Studio Community 2019:
- Type is Blazor Server-Side app.
- I selected "Work or School" for authentication when creating the project. To use Microsoft Accounts.
- I selected organizational "Single Tenant" account type. Filled in my org's domain.
- I went to my Azure Portal and the app appeared there. The Tenant/Client ID match the ones in appsettings.json.
- When I launch the app it asks for my organizational login and it redirects to the homepage fine!
The issue is all users have the same levels of access.
What I want to create is a page (visible to an Admin) where I can:
- add organizational users by searching the active directory.
- assign roles (stored in my local database).
My question is:
- How can I assign roles to o365 users from within my app? The scope is my app only so to be stored in a local db.
- If the above is not doable, what is the alternative to achieve the same goal?
Upvotes: 0
Views: 1974
Answers (1)
Reputation: 2766
you could probably store all the users in the local db, if you were developing a multi tenant app or an app that would be used by other companies and such, then I may go that route in terms local db and etc. if it just for your org, and you have access to aad, I would create roles in the app reg manifest, then assign them in the enterprise application. here's how: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
then in blazor at least for .netcore, i would access them with something like this
You can only see this if you're an admin or superuser.
or the authorize attribute. https://learn.microsoft.com/en-us/aspnet/core/security/blazor/?view=aspnetcore-3.1#role-based-and-policy-based-authorizationHope that helps you get started,
Update
As per your update, you wanted to know if you could do it without admin access. Once you have the user authenticated from aad, you could add some code to query a database, for the username, and add role or other claims to the claimsprincipal, as per https://visualstudiomagazine.com/articles/2019/11/01/authorization-claims.aspx
Upvotes: 1
Related Questions
- Role-based authorization in Blazor WebAssembly .Net5 MsalAuthentication
- Blazor using Azure AD authentication allowing anonymous access
- Adding Azure Active Directory authentication to a Blazor WebAssembly app
- How to use Azure AppRoles in Blazor Server with Azure Active Directory
- Using Active Directory and Windows Authentication to give custom roles in Blazor Server
- Using roles in Blazor Wasm
- Blazor WebAssembly Azure Ad Auth
- Blazor server side role or claim based authorization when using windows login
- Blazor role based authentication
- Asp.Net Hosted Blazor + Azure AD authentication