asp.net-coreasp.net-core-mvcmicrosoft-identity-platform
ASP.NET Core 6.0 which uses Microsoft Identity Platform for authentication and Active Directory groups for authorization
We are building an ASP.NET Core MVC web application for an organization. This organization has their users in Azure Office 365. We are planning to create a new ASP.NET Core MVC web application and define the authentication to use the Microsoft Identity Platform. Finally for the authorization, we are going to build Azure security groups and reference them inside our application.
We have this AD security group:
and we reference it inside the program.cs as follows:
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("admin-only", p =>
{ p.RequireClaim("groups", "4876872c-918e-4405-80b3-6fef38bbaa69"); });
options.FallbackPolicy = options.DefaultPolicy;
});
Inside the controller, we use this as follows:
[Authorize("admin-only")]
public IActionResult Privacy()
{
return View();
}
Is my approach valid?
Solution
You also need to add below code
builder.Services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
You code should like below:
builder.Services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("admin-only", p =>
{ p.RequireClaim("groups", "4***a69"); });
options.FallbackPolicy = options.DefaultPolicy;
});
...
app.UseAuthentication();
app.UseAuthorization();
...
- EF Core 8 does not merge entities
- How to use appsettings.json in Asp.net core 6 Program.cs file
- How to determine if asp.net core has been installed on a windows server
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Should EFCore migrations be committed to version control?
- EF Core one-to-one relation returns one-to-many relation
- How to deal with Id property in DTO in ASP.NET Web API
- .NET Core 3.1 GoogleSignIn -The authentication handler registered for scheme 'Bearer' is 'JwtBearerHandler' which cannot be used for SignInAsync
- How do I serve static files only to authorized users?
- .NET 7 and UseEndPoints()
- 'Unable to resolve service for type ¨Microsoft.entityFrameworkCore.DbContextOptions¨1[LibraryData.LibraryContext] while attempting to activate
- Require authenticated user in asp.net core but require custom policy in some actions require custom policy
- Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
- IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize
- Relation between Authorization middleware and filter Asp.net core
- .net 8 blazor navlink style not working for external url
- How to pass a serialized JSON payload to an ASP.NET Core Web API controller
- Filter Serilog logs to different sinks depending on context source?
- How can I securize my code-first gRPC endpoints using Azure Authentication?
- How to auto increment the version (eg. “1.0.*”) of a .NET Core project?
- .NET 8 Blazor web app - single sign-on with Windows credentials
- Roles Authorization not working for Razor Pages site using AddNegotiate
- Dapper returning zero GUID
- HttpClient - Execute an async method before every call to SendAsync
- EF Core disconnected update of collection navigation properties via full replacement
- How to set line_shape in Plotly.Blazor?
- What's the difference between HttpRequest.Path and HttpRequest.PathBase in ASP.NET Core?
- Cannot return null from an action method with a return type of 'Microsoft.AspNetCore.Mvc.IActionResult'
- Streaming with ASP.NET core IAsyncEnumerable not working n Azure App service on Windows
- ASP Versioning, UrlSegmentApiVersionReader, routes match nonsense version numbers