Yes @john john , this is a valid approach to enabling policies. I came across this Nick Chapsas youtube video that does great job outlining how to implement authorization claims policies in a ASP.NET app.
ASP.NET Core 6.0 which uses Microsoft Identity Platform for authentication and Active Directory groups for authorization
john john
961
Reputation points
We are building an ASP.NET Core MVC web application for an organization. This organization has their users in Azure Office 365. We are planning to create a new ASP.NET Core MVC web application and define the authentication to use the Microsoft Identity Platform. Finally for the authorization, we are going to build Azure security groups and reference them inside our application. We have this AD security group: [
](https://i.stack.imgur.com/oSUJX.png)
and we reference it inside the program.cs
as follows:
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("admin-only", p =>
{ p.RequireClaim("groups", "4876872c-918e-4405-80b3-6fef38bbaa69"); });
options.FallbackPolicy = options.DefaultPolicy;
});
Inside the controller, we use this as follows:
[Authorize("admin-only")]
public IActionResult Privacy()
{
return View();
}
Is my approach valid?
1 answer
Sort by: Most helpful
-
Ryan Hill 28,106 Reputation points Microsoft Employee
2023-04-26T16:33:03.72+00:00