Continuing series with more detail on security. Add C# code to detect Azure AD group membership. When REST API call for data is made to WebAPI HTTPS endpoint we already validate Azure AD authentication token (user part of AAD).
Building upon this, we can add AAD Security Group membership detection for business logic “If user is member of HELLOWORLD group then provide data. Otherwise access denied.”
For that, we translate the AAD Security Group into GUID number by locating the group at https://portal.azure.com. Steps cover how to update AAD token, C# dot net code for WebAPI endpoint, and verify secrurity with Postman. Cheers.
This post is part of series with three posts:
- VIDEO – AngularJS SPA and WebAPI SQL database secured with Azure AD – SETUP (Part 1 of 3)
- VIDEO – AngularJS SPA and WebAPI SQL database secured with Azure AD – SECURITY GROUP (Part 2 of 3)
- VIDEO – AngularJS SPA and WebAPI SQL database secured with Azure AD – MS FLOW EMAIL(Part 3 of 3)
HTTP API Test Responses
- “ACCESS DENIED, NOT MEMBER OF GROUP”
- “REAL DATA HERE”
API Permission Grants