Hello:
I have the following scenario. A web site and an API. I need to have communication between both sites.
I login in the web site against azure active directory using OpenIDConnect and I can communite with the API using a JWT token.
Now I want to protect my sites using appRoles. I can do that definig the appRoles in the manifest of both apps and then adding users to these roles in both app registrations. When I login in the web site I can see the roles in User.Identity.Claims. And If I retrieve the JWT token of the API I can see also the appRoles defined in the API app registration.
My problem is that I need to add the users and define the appRoles in both sites. I want to use the same users and roles in both sites, so It's a problem if I have a lot of users and roles. If I want to remove a user from the web siite I need to do the same change in the api site.
So my question is how can I use the same appRoles in both applications and only define appRoles and add users in one place. I can't use Groups, only appRoles.
I don't know if it's possible to define appRoles and users for each role only in the API app registrartion and themn retrieve this appRoles in the web site after a user login (so the User.Identity.Claims will be populate with the same appRoles that I can see in the JWT token)
The goal is to use in my web site [Autorize (Roles="Admin")] in the controllers and also use [Autorize (Roles="Admin")] in the API methods, but the appRole Admin and role's users are only defined in the API app registration.
Which approach is the best to get this goal?
Thanks in advance
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)