We need to build web API, which should be Authenticated and Authorize based on token sent in headers in .net core 2.1.
I am able to do Authentication using Azure AD app (client ID, Client secret, tenant id, etc.) but I want to do Authorization, I have created 3 groups in Azure AD and assign groups to the users as well.
1) How should I achieve this, as it is an urgent requirement, the consumer will be another website, that will be sent a request with a token to web API.
2) As per my understanding token should be generated using user credentials instead Azure AD app. I am able to do to Authorization in the MVC app, but not in WebApi.
3) For Authorization should I or can I maintain role mapping in SQL table?
Any help is much appreciated.