...
Users can log into the Web App via SSO (Authentication Method allowing users to sign in using one set set of credentials to multiple software systems) - What is single sign-on? - Microsoft Entra ID | Microsoft Learn
Azure Web Apps via a Service Principal, can retrieve the Token from the Key Vault before using Azure AI Search
...
Azure Web Apps can access Azure AI Search via the Token
Azure AI Search - Key filter
...
Azure AI Search does not provide document-level
...
permissions. As a workaround, we can create a filter that trims search results based on a string containing a group or user identity (Security filters for trimming results - Azure AI Search | Microsoft Learn)
| Code Block | ||
|---|---|---|
| ||
POST https://[search service].search.windows.net/indexes/securedfiles/docs/index?api-version=2023-11-01
{
"name": "securedfiles",
"fields": [
{"name": "file_id", "type": "Edm.String", "key": true, "searchable": false },
{"name": "file_name", "type": "Edm.String", "searchable": true },
{"name": "file_description", "type": "Edm.String", "searchable": true },
{"name": "group_ids", "type": "Collection(Edm.String)", "filterable": true, "retrievable": false }
]
} |
Azure AI Search is already connected to the Blob Storage via a connectionstring using an encrypted account key
Infra & Security : Combining the milestones 2 & 3
...