如何限制对 Azure 应用服务的访问？

要仅允许特定用户访问应用服务，我们可以使用

Microsoft Entra ID

(Azure Active Directory) 并对用户进行身份验证。

检查 MSDoc 以配置您的应用服务以使用 Microsoft Entra 登录。

另请参阅 SO 线程 1 和 2 从 Visual Studio 中的连接服务配置 Microsoft Identity Platform

• 使用

  Connected Services

  为现有应用程序进行配置。

限制除少数用户之外的所有用户的访问。

导航至

Microsoft Entra ID

=>

App registrations

=> 选择您的应用程序 =>

App roles

=> 单击

How do I assign App roles

=>

Enterprise applications

• 启用

  Assignment required

  部分和

  Properties

  中的

  Save

  选项。

• 选择

  Users and groups

  选项 => 单击

  Add user/group

• 搜索并分配您想要授予应用程序访问权限的用户，然后

  Assign

  。

没有访问权限的用户将会收到以下错误。

You don't have access to this Your sign-in was successful but you don't have permission to access this resource. 

Sorry, but we’re having trouble signing you in.

AADSTS50105: Your administrator has configured the application RestrictAccess ('****') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.

有访问权限的用户