Implementing Azure AD group authorization

We talked about implementing AD single sign-on authentication to our sales administrator website, but because we're going to use the Azure Bakery AD across all the business domains, we need to add groups so that we have better control over users in the different business units. Azure AD doesn't currently allow addition of new roles or custom roles; there are a number of built-in administrator roles; however, we have full control over groups, so we can use them for authorization.

Unfortunately, authorization isn't as simple as just using the Authorize attribute with a role, as you would with ASP.NET roles; we need to query the Azure AD Graph API to check whether a user is a member of the group. We'll add ...

Get Learning Microsoft Azure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.