我有 Azure 应用服务。现在我想限制除 a 之外的所有用户的访问 某些少数用户。
我尝试通过访问控制(IAM)授予访问权限,我选择“添加角色” 分配”,如果我这样做,我会让用户成为贡献者。 同时任何其他用户都可以进来,只需单击默认域 URL,他们就可以 进去吗?
有简单的方法吗?
要仅允许特定用户访问应用服务,我们可以使用
Microsoft Entra ID
(Azure Active Directory) 并对用户进行身份验证。
检查 MSDoc 以配置您的应用服务以使用 Microsoft Entra 登录。
另请参阅 SO 线程 1 和 2 从 Visual Studio 中的连接服务配置 Microsoft Identity Platform
Connected Services
为现有应用程序进行配置。限制除少数用户之外的所有用户的访问。
导航至
Microsoft Entra ID
=> App registrations
=> 选择您的应用程序 => App roles
=> 单击 How do I assign App roles
=> Enterprise applications
Assignment required
部分和Properties
中的Save
选项。选择
Users and groups
选项 => 单击 Add user/group
搜索并分配您想要授予应用程序访问权限的用户,然后
Assign
。
没有访问权限的用户将会收到以下错误。
You don't have access to this Your sign-in was successful but you don't have permission to access this resource.
Sorry, but we’re having trouble signing you in. AADSTS50105: Your administrator has configured the application RestrictAccess ('****') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.
有访问权限的用户