Member-only story
Role Based Access Control with App Roles in Azure Static Web Apps
Build a secure web app with Azure SWA and Azure Active Directory App Roles
Azure Static Web Apps is a fantastic service to build and deploy a full-stack web app from a code repository. Content is automatically distributed globally, no CORS & network configuration is required when integrating a backend API and the authentication experience is really good. However, the built-in mechanisms for Role Based Access Control is extremly limiting, so let’s dig a little deeper and explore our options with Azure Active Directory (AAD).
TLDR: Create an AAD application that defines App Roles and assign them to users or groups. Then, configure the SWA to programmatically set the user roles based on the app roles in the user’s token.
The GitHub repository for the frontend (React), backend (Python) & infrastructure code (Terraform — CDKTF Python) can be found here:
It’s a minmal frontend app (React), that displays the content of /.auth/me (user information) in the Home view. The user can login using the built-in /.auth/login/aad endpoint and logout with /.auth/logout. For the User and Admin view, some content is fetched from the backend API (Managed Functions). But access to these…
