我通过 Azure AD -> 应用程序注册(按照 link below 上的步骤)为 ASP.NET MVC 应用程序设置应用程序注册。
是否可以将对应用程序的访问权限限制为在 Azure AD 上创建的组(或用户),而不是 Azure AD 上的所有其他组或用户?
Step 2: Register the sample with your Azure Active Directory tenant Sign in to the Azure portal. On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application. Click on More Services in the left hand nav, and choose Azure Active Directory. Click on App registrations and choose Add. Enter a friendly name for the application, for example 'WebApp-OpenIDConnect-DotNet' and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter the base URL for the sample, which is by default https://localhost:44320/. Click on Create to create the application. While still in the Azure portal, choose your application, click on Settings and choose Properties. Find the Application ID value and copy it to the clipboard. In the same page, change the logoutUrl property to https://localhost:44320/Account/EndSession. This is the default single sign out URL for this sample. For the App ID URI, enter https:///WebApp-OpenIDConnect-DotNet, replacing with the name of your Azure AD tenant.
最佳答案
是的,您可以实现这一目标。
解决方案:
Pre:只有在开始 Azure AD Premium 试用或购买 Azure AD Premium 或 Azure AD Basic 许可证后才能使用此功能。
- 您需要将应用程序添加到企业应用程序:
转至您的 Azure AD 应用程序 > 所有设置 > 所需权限 > 授予权限 > 是
您的企业应用程序 > 属性 > 需要用户分配 > 是 > 保存
您可以在this document中查看有关此功能的更多详细信息。 .
关于asp.net-mvc - 通过应用程序注册、用户和组、Azure Active Directory 的应用程序访问权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48272345/