So the users authenticate using AAD, but I need to get the role they have been allocated in the Database.
I have tried adding this to my openIdConnectAuthenticationOptions in my Startup.Auth as suggested in some posts:
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false, // Simplification (see note below)
//RoleClaimType = System.Security.Claims.ClaimTypes.Role
RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
But no role is displayed when I check the claims while debugging. I assume this is because there is no login happening as it would when using SignInManager, so I tried doing an actual sign in after AAD authenticated successfully, as I have the user Id from the DB:
var user = db.Users.Where(x => x.Id == loggedInUserId).FirstOrDefault();
var userForIdentity = UserManager.FindById(user.Id);
if (user != null)
{
await SignInManager.SignInAsync(user, true, true);
}
I thought that if I do the above after the AAD signin, that the role would be added to allow me to make use of User.IsInRole("Administrator") for example, but it doesnt seem to add it.
I have seen some posts that say that we can edit the manifest in Azure AD on the app that was registered, but I dont have access to the clients AAD.
My question is, is there a way to make use of User.IsInRole("") based on what is in the DB after AAD sign in ?
Thanks for any help.
