Retrieve user roles within .net web application from Azure AD

aaronzw used Ask the Experts™
What is the process for retrieving custom roles created within Azure Active Directory for a registered web application?  

The application is already accessible to logged in users of our internal network, so that part is working fine, but I need to consume the roles added to the users to control access for the application's modules.  I successfully added the roles to the manifest of the application and assigned the role to a test user.

"appId": "xxx",
  "appRoles": [
      "allowedMemberTypes": [
      "displayName": "xxx",
      "id": "xxxx",
      "isEnabled": true,
      "description": "",
      "value": "xxx"

Open in new window

When I tried to access the claims for the logged in user within the application, the role was not included.  I used the following code to attempt to retrieve the value:

var identity = (ClaimsIdentity)Context.User.Identity;
var claims = identity.Claims;
var roles = claims.Where(a => a.Type == ClaimTypes.Role).Select(a => a.Value).FirstOrDefault();

Open in new window

There is no claim entry for roles, only for name, primarysid and groupsid. i.e.{ xxx} Type:System.Security.Claims.Claim

What else am I missing from the process of getting the role claim from Azure AD?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
After a long search I ran across this github code solution for exactly what I needed.  This came directly from the Microsoft Identity Developer group.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial