Power Pages – Day 4

The fourth day enables the developer to:

  • Set up and configure Azure AD B2C authentication
  • Assign users to web roles and invite them to register and sign in
  • Configure permissions to ensure personal or commercially sensitive data can only be seen or edited as required

AD B2C authentication

Azure AD B2C is Microsoft’s recommended customer identity access management (CIAM) solution that enables users to sign up and sign into a Power Pages site.

This may be replaced by Microsoft Entra External ID in the future, but currently Power Pages is configured to work with Azure AD B2C.

Password re-set

Pending testing.

Multi-factor authentication

Pending testing.

Web roles

Users are assigned to web roles. Permissions are assigned to web roles. This makes it easier to administer the assignment of multiple permissions to multiple users.

There are three web roles by default: Administrators, Authenticated Users and Anonymous Users, but additional web roles can be created according to each site’s security requirements.

Invitations

To control access to a site, registration of users can be limited by invitations. However, it is also possible to configure a site to allow open registration.

Whichever method is used, each registered user will have a Contact record.

Site visibility

When building a site, visibility is limited to administrators and people granted access by an administrator.

Page permissions

Each page can be accessed by all users or can be restricted to one or more web roles.

Table permissions

Each table can be accessed by all users or can be restricted to one or more web roles.

Multiple permissions e.g. read-only, partial, full, can be created for the same table and assigned to different web roles.

Global permissions

By default, a table permission is global i.e. the permission applies to all rows in the table.

Contact permissions

It is possible to restrict a permission to a related contact i.e. the permission applies to those rows in the table which are related to the signed-in user.

It is also possible to restrict a permission to related data i.e. the permission applies to those rows in the table which are related to defined records.

In the example shown, a site administrator defines which users can administer subject categories and this cascades down to the related subjects, events and participants.