Net6 Web Api Azure AD Authentication And Authorization With Azure Ad Groups

Net6 Web Api Azure AD Authentication And Authorization With Azure Ad Groups | Using Azure AD groups authorization in ASP.NET Core | How to do Authorization based on Azure AD groups and Authenticate using Azure AD in .net core application?

How to implement Web Api Azure AD Authentication and AD Groups authorization? This video has the answer for doing that. Azure AD Authorization using AD groups is an elegant way of authorizing the user because the same Azure AD group can be authorized for other applications too. If any new user need access on multiple applications, for basic web api authentication with azure ad scenarios, we can create an Azure AD group and add it to the user, later provide access on Asp.net core application with azure ad and authorize using Azure AD groups.

To do .Net6 Azure AD Authentication and Authorization using Azure AD Groups, first we need to create azure app registration for web api application uses Azure AD Groups Authorization. we need to create application scopes in Azure AD app registration. Then go to Token Configuration, Add Group claims, select Security Group and add. It will ensure to return the groups information in the token which will make sure that the Web API application + azure AD + Azure AD Groups authorization can validate the groups for providing Azure AD Groups Authorization on Asp.net Core Web Application.

.Net core Web API application with Azure AD Groups authorization has to configure above created application registration configuration in its appsettings.json file. In startup.cs class, we need to add code related to Azure AD authentication. We need to add Microsoft.Identity.Web, Microsoft.Identity.Web.UI packages to WebAPI azure ad authorize using AD groups application. Later, we need to define Azure AD Group Policy in .Net core Azure AD Groups authentication and authorization application. In our Asp.net Web API Azure AD Authentication and Azure AD Groups authorization application, we need to add a Authorization handler class to handle the validation against Azure AD Groups.

Generally the Azure Token will have the groups related information, however if the user have 5+ number of groups in the token, Azure token will be created with "hasgroups"=true. This is called Groups overage.

In this scenario, our Azure AD Groups Authorization Web API application has to call Azure Graph API to check if the user has the required group or not. Web API using Azure Graph API can validate the groups by passing the required group IDs. If the groups are assigned to the user, Graph API will return the groups information to Web API application and Web API can validate the presence of Azure Group Groups.

To test Web API Azure AD with Postman, we need to use Oauth2.0 and generate an implicit token. We need to pass the required scopes to Azure AD. Postman authorize Azure AD can be done after specifying the required groups.

#AzureADGroupsAuthorization#
#Net6AzureAD#
#WebAPIAzureGraphAI#

Chapters
00:00 Web API Azure AD Azure AD Groups Authorization Intro
03:19 Net6 Azure AD Groups Authorization app creation
05:15 Explanation to Azure AD code
26:00 Azure AD Groups overage in .Net6 Web API
28:00 Web API calling Azure Graph API
31:00 Web API Azure AD Testing With Postman

Buy Me A Coffee - https://www.buymeacoffee.com/azuretea...