How i can assign to user with specific role in azure ad?

Question

In .NET Core web app i have different user roles (Admin, User), based on that i want to show different pages using Azure ad app role.

How i can assign user with specific role to azure ad app?

Currently i am getting user roles from database using Middleware approach because of that number of of API calls.

Answer 1

If you want to assign a user to that application, in one of the specified app roles, you'll need to set the appRoleAssignment on the user . If you are using Microsoft Graph API , you could use below rest API :

https://graph.microsoft.com/v1.0/users/cde330e5-2150-4c11-9c5b-14bfdc948c79/appRoleAssignments
Content-Type:application/json
Authorization: Bearer {token}
{

  "principalId": "9028d19c-26a9-4809-8e3f-20ff73e2d75e",
  "resourceId": "8fce32da-1246-437b-99cd-76d1d4677bd5",
  "appRoleId": "498476ce-e0fe-48b0-b801-37ba7e2685c6"
}

principalId :The id of the client service principal to which you are assigning the app role.

appRoleId :The id of the appRole (defined on the resource service principal) to assign to the client service principal.

resourceId : Service Principal ID of the application . To get service principal id , you could use below api (objectId claim) :

Get https://graph.microsoft.com/v1.0/servicePrincipals/{your resourceId}

If want to filter then

  https://graph.microsoft.com/v1.0/servicePrincipals/{id}&$filter=appId eq 'appid'

Note: You can check the official document for details information on service principal

Get appRoleId:

You can get the app role Id By calling below Graph API

GET https://graph.microsoft.com/v1.0/applications?$select=displayName, appId, appRoles&$filter=startswith(displayName, 'App-Name')

For further details you could check our official document here

Hope above information guided you accordingly.