I have a .Net MVC application. It is protected by Azure AD. Then, all users in our company's tenant can login the application and other users cannot login. But at the moment, we just allowsome users in our company's tenant to login the application. How to implement it.
Asked
Active
Viewed 149 times
2 Answers
1
Go to the application page in the Azure portal and under the application Properties set User assignment required to Yes. That would force you to assign users to the app (they cant self assign).
4c74356b41
- 69,186
- 6
- 100
- 141
0
As another option, besides what @4c74356b41 said, you can assign roles to users, and check in your app if that particular user is a member of the allowed group or not.
PS: the JWT token is limited so there's a chance the groups property will be empty, so you'll need to query azure ad in order to retrieve the user groups.
Thiago Custodio
- 17,332
- 6
- 45
- 90
-
Could you please tell me how to implement it? – Dec 09 '19 at 01:30
-
sure, here it is: https://stackoverflow.com/a/35553376/1384539 – Thiago Custodio Dec 09 '19 at 02:22
-
then, just create an action filter to check if the user has the group or not, then block / allow the request. (PS: cache the user groups in a redis cache to avoid doing this every request) – Thiago Custodio Dec 09 '19 at 02:24