Add Azure AD secured login
JeremyLikness opened this issue · comments
Is your feature request related to a problem? Please describe.
Right now anyone can update the database if they know the app URL.
Describe the solution you'd like
Access should be restricted based on logins.
Describe alternatives you've considered
N/A
Additional context
N/A
I'd like to contribute to this but I need some help. I believe that to avoid these problems described here you need to call one of these caching functions. Note that the list of magical caching functions does not include addCosmosCache... So what is the resolution? Would PlanetaryDocs have to have a Redis Cache to be server farm/OAuth/OpenIDConnect friendly? Seems like we should be able to use Cosmos.
What makes you think the app needs a distributed cache? The data is already distributed across Cosmos DB nodes, all that is needed is a secure Azure AD login and role-based authentication configured in Cosmos.
Oh, Sorry... I forgot to mention that I would like to learn how to implement web farm (app service/kubernetes) autoscaler friendly oauth/openidc authentication for PlanetaryDocs.
A few paragraphs later it says:
When any of the following symptoms occur intermittently, the problem is usually traced to improper Data Protection or caching configuration for a web farm environment:
Authentication breaks: The authentication cookie is misconfigured or can't be decrypted. OAuth (Facebook, Microsoft, Twitter) or OpenIdConnect logins fail with the error "Correlation failed." Authorization breaks: Identity is lost.
Then they have his link that contains a list of magical caches. This list does not include AddCosmosCache. Is this an oversight? Does AddCosmosCache give ASP.NET WebApp webfarm and oauth/openidc compatibility?
If not, I guess I would have to use the StackExchange Redis cache or a AddDistributedSqlServerCache which would silly if we are trying to showcase cosmos.
Thanks
Siegfried