Role based
Access control – Azure AD B2C – work around
We can enable Role Based
access control with Azure AD B2C using custom attributes (defined in the
Sign-Up/Signin User Flow in Azure AD B2C) ( also known as custom claims)
- For this first define a
Custom Attribute named “Role” in Sign-up/Signin User Flow in Azure AD B2C
as detailed here ---(Define
custom attributes in Azure Active Directory B2C).
- Using
custom claims for Azure AD B2C roles
- Next we need to add this
custom Attribute “Role” for each AD B2C User that needs privileged
Access in Azure AD B2C (in portal.azure.com) and set its value to say
“Admin”, “StudyUser”, “TestUser” etc…
- Next we need to check
for presence of this attribute in the Authorization JWT token as part of
the ClaimsPrincipal.
- For checking for the
presence of the “Role” Claim we can make use of the “RoleAuthorizeAttribute” as described here.
- Role
based authorization in Azure Functions with Azure AD and app roles and
apply the “RoleAuthorizeAttribute” to each API Controller/Method e.g. ([RoleAuthorize("Admin")])
- Note we also need to add the “ClaimsPrincipal
principal” parameter to each Azure Function method that
needs to check for the Role