Share via

How to Generate Primary Key and store in AAD Token for Future Sessions?

Siegfried Heintze 1,906 Reputation points
2020-05-11T22:34:07.61+00:00

Let's assume I have a MSSQL Table called projects and there is a one-to-one relationship between users and projects and I'm using authenticated calls to CRUD functions implement as Azure Functions to manipulate this table. (That is to say, the Azure functions are protected by AAD).

Let's further assume that I am using the IDENTITY feature of MSSQL to generate primary keys (sequential integers) so each authenticated user has a unique integer.

(1) How do I associate a newly authenticated user with a newly created primary key so that AAD will provide that primary key for me in the token the next time he/she creates a new session?

(2) Do I need to be concerned about malicious users guessing at future and past primary keys and accessing the projects (rows) of other users via my AAD authenticated Azure functions?

Thank you

Siegfried

Azure SQL Database
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,148 questions
Accepted answer
  1. Mike Ubezzi 2,776 Reputation points
    2020-05-14T17:12:33.59+00:00

    HI Siegfried,

    Here is the approach that was offered:

    The path I’d explore is rather, for (1), insert a new row in the projects table grabbing AAD identity and storing it in a column (with a UNIQUE constraint if they want to enforce the one-to-one relationship). They can then have either an IDENTITY column or a SEQUENCE to generate the sequential integers during the insert.
    For (2), they can use Row Level Security to create a policy where an AAD authenticated user can only access the rows he owns.

    If there is a specific piece of functionality that you are seeking that is currently not available, or you feel would be a great feature to have please post this to the UserVoice forum so others can up vote and comment on what is being suggested to the product group.

    Regards,
    Mike

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siegfried Heintze 1,906 Reputation points
    2020-05-14T17:37:38.717+00:00

    grabbing AAD identity

    (1) Can you elaborate on this please? I assume you mean a field in the token that I can see with http://jwt.ms? I'm looking at a token now and feeling a bit overwhelmed as there are so many fields. Perhaps you mean the OID?

    (2) Hmm... "Row Level Security" is a new one for me. Is this a feature exclusive to Azure SQL Svr or can it be used with other databases like Cosmos and MySQL?

    Thank you
    Siegfried

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.