在SPA中为Azure AD组授权用户（React JS） [英] Authorize User against Azure AD Group in SPA (React JS)

问题描述

我们想要在SPA（React JS）中针对Azure AD组授权用户;即如果用户属于特定组（例如测试组），则用户可以从SPA访问API。找到示例代码  Msal.JS 。

我跟随

• 
  创建UserAgentApplication对象
• 
  调用Loginpopup（此处图形范围为 - " Directory.Read.All"）
• 
  调用acquireTokenSilent（获取访问令牌以调用MS Graph Api）
• 
  

  
  调用MS Graph检索用户所属的所有AD组

  
  

  
  Url获取AD群组 -   https://graph.microsoft.com/v1.0/me/memberOf

  
  
• 
  收到  广告组 （用户所属），验证用户是否属于该广告组的
  （此处为 - testgroup）

请建议我是否正确的方向或任何其他选项可用。感谢Azure AD for SPA中的组声明的任何示例代码（反应js）。

感谢您的建议。

问候，

Deb

解决方案

嗨DebOnCloud，

上述步骤是正确的。有关更多信息，请查看以下文档链接：

https://github.com/salvoravida/react-adal  

https://stackoverflow.com/questions/50305568/how-to-整合-azure-ad-into-a-react-web-app-that-c​​onsume-rest-api-in-azure

我希望这会有所帮助。

谢谢。

We want to authorize User against Azure AD group in SPA (React JS); i.e. User allows to access API from SPA if he/she belongs to a Particular group (e.g. testgroup). Found sample code in Msal.JS.

I'm following

• Create UserAgentApplication object
• Call Loginpopup (here graph scope is - "Directory.Read.All")
• Call acquireTokenSilent (get access token to call MS Graph Api)

• Call MS Graph to retrieve all AD Groups where User belong to

  Url to get AD Groups - https://graph.microsoft.com/v1.0/me/memberOf

• After receiving the Ad Groups (user belong to), validating whether User belong to that AD groups ( here - testgroup)

Please suggest me whether I am going in Right direction or any other options are available. Appreciate any sample code on group claims in Azure AD for SPA (react js).

Thanks for your suggestion.

Regards,

Deb

解决方案

Hi DebOnCloud,

Above mentioned steps are correct. For more information please check the below documentation links:

https://github.com/salvoravida/react-adal 

https://stackoverflow.com/questions/50305568/how-to-integrate-azure-ad-into-a-react-web-app-that-consumes-a-rest-api-in-azure

I hope this helps.

Thank you.

这篇关于在SPA中为Azure AD组授权用户（React JS）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！