Skip to content
This repository has been archived by the owner on Feb 7, 2020. It is now read-only.

Adding a proper authorization #36

Merged
merged 3 commits into from
Jun 5, 2019
Merged

Adding a proper authorization #36

merged 3 commits into from
Jun 5, 2019

Conversation

jmprieur
Copy link
Contributor

@jmprieur jmprieur commented Jun 5, 2019

  1. Updating the code so that the controller checks that the client has the role access_as_application
  2. Explains how to direct Azure AD to not even issue a token for client which would not be approved to get a token for the protected Web API.

@jmprieur
Adding a proper authorization
4223004 
1. Updating the code so that the controller checks that the client has the role `access_as_application`
2. Explains how to direct Azure AD to not even issue a token for client which would not be approved to get a token for the protected Web API.
@jmprieur
Adding a reference to app roles doc
b96938a
@jmprieur
Copy link
Contributor Author

jmprieur commented Jun 5, 2019

Also fixes #35

@jmprieur jmprieur mentioned this pull request Jun 5, 2019
Closed
henrik-me
henrik-me reviewed Jun 5, 2019
View reviewed changes
TodoListService/Controllers/TodoListController.cs
Claim scopeClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope");
if (scopeClaim != null)
Claim scopeClaim = ClaimsPrincipal.Current.FindFirst("roles");
if (scopeClaim == null || (scopeClaim.Value != "access_as_application"))
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some duplicate code, consider adding a function (ValidateRoleClaim) for this authz check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @henrik-me. Will address in later commit

henrik-me
henrik-me approved these changes Jun 5, 2019
View reviewed changes
Copy link

@henrik-me henrik-me left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

TiagoBrenck
TiagoBrenck approved these changes Jun 5, 2019
View reviewed changes
Copy link
Contributor

@TiagoBrenck TiagoBrenck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ve added a manual step on the powershell to set 'User assignment required' and to grant admin consent to the tenant.

LGTM

@jmprieur
Copy link
Contributor Author

jmprieur commented Jun 5, 2019

Thanks @TiagoBrenck @henrik-me @kalyankrishna1

@jmprieur jmprieur merged commit c23507c into master Jun 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kalyankrishna1 kalyankrishna1 kalyankrishna1 approved these changes

@TiagoBrenck TiagoBrenck TiagoBrenck approved these changes

@henrik-me henrik-me henrik-me approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jmprieur @kalyankrishna1 @TiagoBrenck @henrik-me