Hi Soni,
You definitely can leverage Azure AD RBAC for this purpose. Here is detailed documentation on leveraging App roles https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
a .net sample is here https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
.If you don't want to use app roles, you can even use group-based authentication to remain consistent with your current architecture and get the groups in the token claims by following this guide. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims
If there are a bigger no of groups to fit into the token you can also use Microsoft Graph APIs to fetch the groups and then perform the AuthZ. https://learn.microsoft.com/en-us/graph/api/user-getmembergroups?view=graph-rest-1.0&tabs=http If this helped please mark the answer as verified for the benefit of other readers.
RBAC in PHP application(hosted as Azure App Service)
Soni
291
Reputation points Microsoft Employee
Hello Team,
We are assessing on prem PHP application to move to Azure App service. Currently we have implemented folder based permission for Authorization flow in the application, where we create groups in AD, add users to it & provide permission to groups on respective folders. As part of migration, we are planning to move Authentication to AAD, can we leverage RBAC service for Authorization, do we have any reference links for the same.
Regards,
Soni
1 answer
Sort by: Most helpful
-
Jeevan-MSFT 81 Reputation points Microsoft Employee
2021-02-09T05:59:53.783+00:00