question

MMEGFL-0396 avatar image
0 Votes"
MMEGFL-0396 asked ryanchill answered

Best Practice to Protect Azure WebApp for Individual Users versus only Issuer on SaaS / Multi-Tenant Implementations

Hello,

Situation:

  • I have a Multi-Tenant Azure WebApp that is protected with [Authorize] and AAD.

  • I have a Multi-Tenant Azure WebApi that is access by the WebApp that also uses [Authorize] and AAD and User Claim Scope validations

Help Needed:

  • I am looking for the proper way to protect the WebApp, so that although it is Multi-Tenant that is can validate individual users ability to use the WebApp, versus merely doing IssuerValidation, which is the default way. Using this however merely ensures that I can check that a Tenant is ok to call the App, not that an individual in the Tenant can.

I would love any suggestions, guidance etc on how to implement this based on what is available in the StartUp.Auth.cs at run time. Maybe I need to track both Tenants (Guids/issuers) plus the individuals guid/id within their directory and store that in a DB/Azure Table/Something and then when they attempt to access, check?

I guess if that is the cause, how is the proper way to get that information at run-time both from a registration perspective (I guess have a sign up flow) and then in the Startup.Auth to get the current attempting to log in persons credentials?

Thank you!!!!!



azure-active-directoryazure-webappsazure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ryanchill avatar image
0 Votes"
ryanchill answered

Hi @MMEGFL-0396,

I think what you are looking for is Azure B2C for customers that are outside of your AAD tenant. You can learn more about it on https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview in addition to looking over concepts, samples, and tutorials. One sample app you may want to look at is https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi.

Hope this helps. If not, please let me know.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.