Setting up authorization in Azure for a desktop app

Michael 81 Reputation points

I completed writing a .NET Core 3.1 (WPF) desktop app and added the ability to obtain a token (see:

I assume this is just authentication. What I really need is to figure out how to configure Azure to return what roles I have given to the user. It seems that any valid user in the microsoft AD will return authenticated. I can't see to figure out how to configure authorization.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,566 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Saurabh Sharma 23,791 Reputation points Microsoft Employee

    @Michael You need to use role claims in the application to implement authorization for the application. You need to define your application roles (appRoles) in Application manifest available under application registration page on Azure portal. Then you need to assign these roles to a user or group in your enterprise app from Azure Active Directory. You can now able to fetch the assigned appRoles in the claims you receive in your code to behave differently based on the assigned roles. You can refer to this GitHub sample which implements this concept using ASP.Net Core.