I have a small application I am writing in PHP where I need to check if a given user has a given role assigned to them. I am using Azure App Service with app service authentication enabled to authenticate users against the azure active directory. As part of the application I need to get the users username, display name, and if they are a member of one or more of three security groups which they could be a part of to define what access levels they have within the application.
I need to do it this way as I can't have the roles managed within the application, instead it needs to be managed through active directory security groups. I am seeking a method that is native to azure app service (as in ideally not doing a separate LDAP lookup if possible). I know how to extract the authenticated username from the header data sent to the application (
HTTP_X_MS_CLIENT_PRINCIPAL_NAME) however I don't know how I can get the full display name and how to check if a user has specific roles assigned to them. I have already output a copy of the entire php
$_SERVER super global array to see if the data I am seeking is in there but I can't find it in there.
For the purposes of this question make the following assumptions...
firstname.lastname@example.org is assigned the roles role1, role2, role3
email@example.com is assigned the role role3 only
So if either user logs in I need to be able to show their full name based on their AD entry and need to be able to check if they are part of security groups
I would post an example of my code but I have no idea where to start with getting this data so the only code I have thus far is a test block to print all the
$_SERVER values onto the page for testing purposes.