I'm designing a Single Page Application in React + .NET Core and now I'm facing with the concept of visibility related to the application profiles (for example Admin will see all data, Team Leader will see all the data related to his team and so on...). My solution involves Row Level Security in Azure SQL Server using Azure Active Directory authentication (a AD group containing all the application users), however in this way a smart user can directly connect to the database doing what he prefers (because using this type of connection I must provide Read/Write permissions to the group). I want to avoid this!
So, there is a way to avoid direct connection to the database and limit AAD authentication only through web app? Or I must choose a different approach (using SESSION_CONTEXT for example)?
