I currently have a Xamarin Forms app correctly logging in and using Microsoft Azure AD for authentication before accessing a web api that is also configured in Azure.
Now I want to add role based authorization like I used to do using IdentityServer 4.0. So within my webapi I put this on my controller:
[Authorize(Roles = "SOMEDOMAIN\\ADGroup")]
So now I'm trying to follow documentation on the web but people aren't being descriptive enough. I have 1 question but let me first explain my setup.
For my Native Xamarin App
Under "Required Permissions
- I've already added Windows Azure Active Directory
- I've already added my web api
I edited the Manifest
- "groupMembershipClaims": "SecurityGroup",
For my Web Api
Under "Required Permissions
- I've already added Windows Azure Active Directory
I edited the Manifest
- "groupMembershipClaims": "SecurityGroup",
Question
1) Within each app above, do I need to enable Read Directory Data for the Windows Azure Active Directory permission? If not, which one needs it?