So, I have a WPF application, and I wanted to integrate SSO to it. I successfully made it with "App registration" under Azure.
But now I have a problem, the users under the Azure AD can successfully connect to the app, but I want to specify which users in my AD can access to this app.
I didn't find any way to do this, and I see that in "Enterprise application" we can do so.
I wanted to know if there is any way to do it with "App registration" or if I must switch to use "Enterprise Application" and if so how can I handle the authentication in my WPF app .
In my case I use this to authenticate in the wpf app with "Tenant" and "clientId" from the app registration:
PublicClientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
.Build();
authResult = await PublicClientApp.AcquireTokenInteractive(scopes)
.ExecuteAsync();
The "registered application" is just a notification to the AAD that this application uses AAD for authentication. Once your user logs in, you can check that the user belongs to a security group that is allowed permission to use the application. There may be a better way to do this, but I check in the application itself.