Azure AD B2C – Role management [duplicate]

by

Azure AD B2C does not yet include Group claims in the token it sends to the application thus you can’t follow the same approach as you outlined with Azure AD (which does include group claims in the token).

You can support this feature ask by voting for it in the Azure AD B2C feedback forum: Get user membership groups in the claims with Azure AD B2C

That being said, you can do some extra work in this application to have it manually retrieve these claims the group claims and inject them into the token.

First, register a separate application that’ll call the Microsoft Graph to retrieve the group claims.

  1. Go to https://apps.dev.microsoft.com
  2. Create an app with Application Permissions : Directory.Read.All.
  3. Add an application secret by clicking on Generate new password
  4. Add a Platform and select Web and give it any redirect URI, (e.g. https://yourtenant.onmicrosoft.com/groups)
  5. Consent to this application by navigating to: https://login.microsoftonline.com/YOUR_TENANT.onmicrosoft.com/adminconsent?client_id=YOUR_CLIENT_ID&state=12345&redirect_uri=YOUR_REDIRECT_URI

Then, you’ll need to add code the following code inside of the OnAuthorizationCodeReceived handler, right after redeeming the code:

var authority = $"https://login.microsoftonline.com/{Tenant}";
var graphCca = new ConfidentialClientApplication(GraphClientId, authority, GraphRedirectUri, new ClientCredential(GraphClientSecret), userTokenCache, null);
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

try
{
    AuthenticationResult authenticationResult = await graphCca.AcquireTokenForClientAsync(scopes);
    string token = authenticationResult.AccessToken;

    using (var client = new HttpClient())
    {
        string requestUrl = $"https://graph.microsoft.com/v1.0/users/{signedInUserID}/memberOf?$select=displayName";

        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

        HttpResponseMessage response = await client.SendAsync(request);
        var responseString = await response.Content.ReadAsStringAsync();

        var json = JObject.Parse(responseString);

        foreach (var group in json["value"])
            notification.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, group["displayName"].ToString(), System.Security.Claims.ClaimValueTypes.String, "Graph"));

        //TODO: Handle paging. 
        // https://developer.microsoft.com/en-us/graph/docs/concepts/paging
        // If the user is a member of more than 100 groups, 
        // you'll need to retrieve the next page of results.
    }
} catch (Exception ex)
{
    //TODO: Handle
    throw;
}

More Related Contents:

  1. Authorize By Group in Azure Active Directory B2C
  2. Post an HTML Table to ADO.NET DataTable
  3. Pass List of Checkboxes into View and Pull out IEnumerable [duplicate]
  4. ASP.NET MVC 5 culture in route and url
  5. Weird Error Upgrading ASP.NET MVC from 4 to 5
  6. How do I export to Excel?
  7. How to get current user, and how to use User class in MVC5?
  8. Azure ASP .net WebApp The request timed out
  9. Do I need a Global.asax.cs file at all if I’m using an OWIN Startup.cs class and move all configuration there?
  10. ASP.Net MVC route to catch all *.aspx requests
  11. MVC model validation for date
  12. CustomAttribute reflects html attribute MVC5
  13. MVC 5 Dynamic Rows with BeginCollectionItem
  14. ASP.NET MVC 5 error handling
  15. How to download a file to browser from Azure Blob Storage
  16. How to I apply filter while paginating in Asp.net MVC and entity Framework?
  17. Method ‘RouteCollection.get_AppendTrailingSlash’ not found when using Razor Url helpers in ASP.NET MVC 5 Mono
  18. How to add Web API to an existing ASP.NET MVC (5) Web Application project?
  19. Async PartialView causes “HttpServerUtility.Execute blocked…” exception
  20. Get UserID of logged-in user in Asp.Net MVC 5
  21. Correct way to use HttpContext.Current.User with async await
  22. How to represent a month of checkboxes in an MVC model
  23. Login page on different domain
  24. Complex object and model binder ASP.NET MVC
  25. Getting controller name from razor
  26. Get controller and action name from within controller?
  27. ASP.NET MVC Authorization
  28. ASP.NET MVC 4 + Ninject MVC 3 = No parameterless constructor defined for this object
  29. How to allow an anonymous user access to some given page in MVC?
  30. How to create Select List for Country and States/province in MVC

Leave a Comment