Home > Net >  Webapp Being Made Aware of AAD Groups
Webapp Being Made Aware of AAD Groups

Time:01-06

So I have a challenge. My engineers are designing a webapp and we're looking to use AAD permissions inside of the webapp to determine different access items.

Currently our WebApp is authenticating with AAD Though it's worth noting that the web server is joined to an onprem DC. When a user logs in - My engineer sees groups that look like this: (Just in case these are private numbers, I've filled in the middle of the 9-10 digit strings with # signs)

S-1-5-21-53####977-288####803-178####374-3110 and only the last 4 digits seem to change.

However, when I look up the "GroupID" in AAD, I get something that looks more like this: adba0c62-be09-96cb-fd6cb113061e

My question is this:

  1. What is the first item I'm seeing. That's what the App sees and we have a hunch it's gorup memberships.
  2. How can I chase down which AAD group those correspond to? Obviously I'd like to have an AAD group that says "WebApp Module 1 Admin Access" and have the Webapp look for that group, but I can't do it if the webapp and AAD seem to have 2 different codes for each group.

CodePudding user response:

You can use the memberof graph API offered by Azure AD.

https://docs.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0&tabs=go

Page link:https//www.codepudding.com/net/252686.html

Prev:Run different background jobs at optimal times
Next:Backup Sharepoint Online with Azure functions
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding