Setting up authorization in Azure for a desktop app

Michael 76

I completed writing a .NET Core 3.1 (WPF) desktop app and added the ability to obtain a token (see: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-windows-desktop)

I assume this is just authentication. What I really need is to figure out how to configure Azure to return what roles I have given to the user. It seems that any valid user in the microsoft AD will return authenticated. I can't see to figure out how to configure authorization.

1 answer

Saurabh Sharma 23,676 Reputation points Microsoft Employee

2020-06-23T23:53:50.587+00:00

@Michael You need to use role claims in the application to implement authorization for the application. You need to define your application roles (appRoles) in Application manifest available under application registration page on Azure portal. Then you need to assign these roles to a user or group in your enterprise app from Azure Active Directory. You can now able to fetch the assigned appRoles in the claims you receive in your code to behave differently based on the assigned roles. You can refer to this GitHub sample which implements this concept using ASP.Net Core.
Please sign in to rate this answer.
Saurabh Sharma 23,676 Reputation points Microsoft Employee

2020-06-26T15:17:17.237+00:00

@Michael Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Saurabh Sharma 23,676 Reputation points Microsoft Employee

2020-07-13T20:36:49.677+00:00

@Michael Please let me know if you have any other questions.

Michael 76 Reputation points

2020-07-13T21:01:52.783+00:00

That means I need to fetch the appRoles from within the desktop app. There is no webapi associated with the desktop app. Do you gave sample code that fetches the appRoles from a desktop app? I can create the roles in the manifest and assign them in azure already.

But, as there is no controller in a webapi I need to know how to fetch appRoles in the desktop app

Saurabh Sharma 23,676 Reputation points Microsoft Employee

2020-07-14T20:23:59.62+00:00

@Michael Yes, that is correct. Sorry, I do not have a sample for the same but you can use the code as shown below to check if the user has a particular claim and then you direct the user to specific page -

if (User.HasClaim(ClaimTypes.Role, "Admin")) { .... }

Reference document is here.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Michael 76 Reputation points

2020-07-16T17:00:14.133+00:00

I do not have a ClaimsPrincipal (User) object in my code. That's something that I would have if there was a webapi with a controller.

I have a desktop app. I does not consume data from a webapi. I was hoping that by registering the app that I could assign users and permissions (which I can) and have access to a ClaimsPrincipal object (which I appear not to have within the Desktop app).

Saurabh Sharma 23,676 Reputation points Microsoft Employee

2020-07-16T20:13:01.81+00:00

@Michael Sorry, my bad. Yes, WPF doesn't have that. You can then try another approach of extracting claims from IdTokens. In this approach, once you update the manifest file, the newly added roles can be extracted from IdTokens. You need to use JsonWebToken and pass the Idtoken received from authentication result.
Please find below the screenshot (After assigning specific role from enterprise applications and then using the same user account to login to the wpf app):

Please let me know if this helps you to achieve what you are looking for or if you have any other question.
Sign in to comment