-
ms-identity-javascript-angular-spa-dotnetcore-webapi-roles-groups
Discontinued Angular single-page application (SPA) calling .NET Core web API using App Roles and Security Groups for Implementing Role-Based Access Control (RBAC) using MSAL Angular
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
import { Injectable } from '@angular/core'; import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, UrlTree } from '@angular/router'; import { MsalService } from '@azure/msal-angular'; import { AccountInfo } from '@azure/msal-common'; import { Observable } from 'rxjs'; interface Account extends AccountInfo { idTokenClaims?: { roles?: string[] } } @Injectable({ providedIn: 'root' }) export class RoleGuard implements CanActivate { constructor(private authService: MsalService) {} //from the msal tutorial https://github.com/Azure-Samples/ms-identity-javascript-angular-spa-dotnetcore-webapi-roles-groups canActivate(route: ActivatedRouteSnapshot): boolean { const expectedRole = route.data.expectedRole; let account: Account = this.authService.instance.getAllAccounts()[0]; if (!account.idTokenClaims?.roles) { window.alert('Token does not have roles claim. Please ensure that your account is assigned to an app role and then sign-out and sign-in again.'); return false; } else if (!account.idTokenClaims?.roles?.includes(expectedRole)) { window.alert('You do not have access as expected role is missing. Please ensure that your account is assigned to an app role and then sign-out and sign-in again.'); return false; } return true; } //from this tutorial https://medium.com/medialesson/group-authorization-in-angular-with-azure-ad-and-app-roles-1120c4b91163 // canActivate( // next: ActivatedRouteSnapshot, // state: RouterStateSnapshot): Observable | Promise | boolean | UrlTree { // const userRoles = (this.authService.instance.getAllAccounts().idToken as any).roles; // const allowedRoles = next.data["roles"]; // const matchingRoles = userRoles.filter(x => allowedRoles.includes(x)); // return matchingRoles.length > 0; // } }