question

MatthewHolton-7574 avatar image
0 Votes"
MatthewHolton-7574 asked JamesTran-MSFT commented

HOWTO: Azure Identity Custom Claims or Blazor User Security

I have a Blazor wasm project where my users are authenticated through Azure Identity. I need to further restrict functionality and data access based on user/group permissions. Is it possible to put these restrictions in the token from Azure as claims, or is there a more preferred way to do this in the Blazor client and Blazor API?

At the api level, I want to do something like
[Authorize(Policy="CustomerCreationPolicy"), HttpPost]
public async Task<Customer> CreateCustomer(Customer newCustomer)...

At the client I want to manage these permissions.
{"userPermissions": ["username": "John@mydomain.com", "Permissions":{"vipAccessLevel":"Sensitive", "CanCreateAccounts:"true", "CanUpdateAccounts":"true"}]}
{"groupPermissions": ["groupName": "Sales Team", "Permissions":{"vipAccessLevel":"Sensitive", "CanCreateAccounts:"true", "CanUpdateAccounts":"true"}]}

At the client I want to also do something like:
@page "/customers"
@if(_canCreateCustomer)
{
show create customer button
}
@code{
private Dictionary<string, string> _policies = _myPolicyService.LoadPolicies(Page.Customers);
private bool _canCreateCustomer = _policies["CanCreateCustomer'];
}

Can I have Azure tunnel back to my API to read these permissions and add them as Claims?
Do I need to intercept the "After-Authenticate" event and add these somehow? Is this possible?

dotnet-aspnet-core-blazorazure-managed-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MatthewHolton-7574 avatar image
0 Votes"
MatthewHolton-7574 answered JamesTran-MSFT commented

I believe I have found my answer. See: https://chrissainty.com/securing-your-blazor-apps-configuring-policy-based-authorization-with-blazor/

I'll tinker with this. I believe I can place my security rules in my database and use IAuthorizationRequirement and AuthoriationHandler to get where I need to be.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MatthewHolton-7574
I'm glad that you were able to resolve this issue, and thank you for posting your solution so that others running into the same problem can easily reference this!

0 Votes 0 ·