对于基于RBAC的WebApp,是否有办法单独控制和限制浏览,登录和管理 [英] Is there a way to do the Control and Restrict individually the browse, login and manage, for a WebApp based on RBAC
问题描述
对于基于
RBAC的WebApp,有没有办法单独控制和限制以下任务
-
谁可以浏览到WebApp URL(不登录但只导航) -
谁可以登录WebApp URL -
谁可以管理WebApp(规模等活动)
我对当前选项的
理解:
截至目前我了解到,在Azure AD中注册了应用程序后,提供了一些控件来实现其中的一些任务。注册将应用程序置于企业应用程序中,如果你去了,它有2个选项卡申请时,"物业"
和"USERS AND GROUPS"
-
"USERS AND GROUPS"*:允许我将用户(/ groups)分配给应用程序,这些用户可以通过企业分配访问应用程序 -
"PROPERTIES">"用户可见":*这使我可以从用户访问控制台隐藏应用程序,但如果他们直接浏览到URL,则可以访问它。 -
"PROPERTIES">"需要用户分配"*:这使我可以强制用户被分配到应用程序,然后才能访问它。不确定访问的含义是什么,是不是阻止用户浏览URL或者不允许他们通过SSO进入。我理解
如果用户可以浏览到URL,用户仍然可以登录 -
"PROPERTIES">"允许用户登录"*:这允许我启用或禁用用户能够登录应用程序的能力(通过URL或其他方式)
目的是限制和控制Webapp的各个方面,以确保它是安全的。
Hi Mohit,
你可以做所有这些事情限制WebApps。
1.谁可以通过' 访问WebApp网络刀片上的
限制。 您在此处添加要允许访问应用程序的IP - 任何不在允许列表中的IP您指定将不允许连接。
2. 可以通过WebApp刀片的"身份验证/授权"部分控制谁可以登录WebApp URL。
启用App Service身份验证时在这里,您可以选择要用于身份验证的提供商。 这可以控制对WebApps的"登录"。
3.谁可以通过WebApp或资源组上的RBAC权限来管理WebApps,具体取决于您控制权限的方式。
如果您对此有任何疑问,请告知我们: - )
< span style ="font-family:az_ea_font,'Segoe UI',wf_segoe-ui_normal,'Segoe WP',Tahoma,Arial,sans-serif; font-size:14px">谢谢,
Matt
Is there a way to do the Control and Restrict individually the below tasks, for a WebApp based on RBAC
- who can browse to the WebApp URL (not login but only navigation)
- who can Login to the WebApp URL
- who can Manage the WebApp (scale etc. activities)
My understanding for current options:
As of now I understand that after the application is registered in Azure AD, there some controls provided to achieve some of these tasks. Registration get the application under enterprise applications which has 2 tabs if you go to the application, "PROPERTIES" and "USERS AND GROUPS"
- "USERS AND GROUPS"*: Lets me assign users (/groups) to the application, these users can access the application via enterprise assignment
- "PROPERTIES" > "Visible to User":* This lets me hide the application from users access console but if they browse to the URL directly then they can access it.
- "PROPERTIES" > "User assignment required"*: This lets me enforce that the users be assigned to the application before they can access it. Not sure what access means here, does it prevent users from browsing the URL or just not let them in via SSO. I understand that the user can still login if they can browse to the URL
- "PROPERTIES" > "Enable for users to sign in"*: This lets me Enable or Disable the ability of user to be able to sign in the application (via URL or otherwise )
The aim is to restrict and control various aspects of Webapp to make sure it can be secured.
Hi Mohit,
You can do all of those things to restrict WebApps.
1. Who can browser to the URL is controlled via 'Access Restrictions' on the Networking blade of the WebApp. You add the IPs here that you want to allow access to the app - any IPs that aren't in the allow list that you specify won't be allowed to connect in.
2. Who can log into the WebApp URL can be controlled via the 'Authentication / Authorization' section of the WebApp blade. When you enable App Service Authentication here, you can choose which providers to use for authentication. This controls a 'login' to the WebApps.
3. Who can manage the WebApps is controlled via RBAC permissions on either the WebApp or Resource Group, depending on how you control permissions.
If you have any further questions around this then please let me know :-)
Thanks,
Matt
这篇关于对于基于RBAC的WebApp,是否有办法单独控制和限制浏览,登录和管理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
