问题
I have what seems on the face of it a simple requirement when using Azure AD B2C. I have two applications (App A and App B) registered in Azure AD B2C. I want to restrict access so that User 1 can access both App A and App B, but User 2 should only be able to access App A.
I can register appRoleAssignments and assign them to a user via the Azure AD Graph API with a zero id as per this question When a user logs in, I can then query these and restrict access myself, but it feels like I'm reinventing the wheel and this should be provided by B2C.
Is this something Azure AD B2C is able to provide out of the box?
回答1:
Azure AD B2C does not currently have first class support for application assignments.
As you've indicated, you'll need to implement this yourself.
You can request this feature in the Azure AD B2C Feedback Forum
回答2:
I think the way you are doing it is the correct way, eventually Azure B2C will support role and group claims and this extra step wont be needed.
来源:https://stackoverflow.com/questions/44011681/preventing-access-to-applications-in-azure-ad-b2c