I have a small application I am writing in PHP where I need to check if a given user has a given role assigned to them. I am using Azure App Service with app service authentication enabled to authenticate users against the azure active directory. As part of the application I need to get the users username, display name, and if they are a member of one or more of three security groups which they could be a part of to define what access levels they have within the application.
I need to do it this way as I can't have the roles managed within the application, instead it needs to be managed through active directory security groups. I am seeking a method that is native to azure app service (as in ideally not doing a separate LDAP lookup if possible). I know how to extract the authenticated username from the header data sent to the application (HTTP_X_MS_CLIENT_PRINCIPAL_NAME) however I don't know how I can get the full display name and how to check if a user has specific roles assigned to them. I have already output a copy of the entire php $_SERVER super global array to see if the data I am seeking is in there but I can't find it in there.
For the purposes of this question make the following assumptions...
user1@domain.com is assigned the roles role1, role2, role3
user2@domain.com is assigned the role role3 only
So if either user logs in I need to be able to show their full name based on their AD entry and need to be able to check if they are part of security groups role1 role2 and/or role3.
I would post an example of my code but I have no idea where to start with getting this data so the only code I have thus far is a test block to print all the $_SERVER values onto the page for testing purposes.
Thanks
