Retrieve user roles within .net web application from Azure AD

aaronzw
aaronzw used Ask the Experts™
on
What is the process for retrieving custom roles created within Azure Active Directory for a registered web application?  

The application is already accessible to logged in users of our internal network, so that part is working fine, but I need to consume the roles added to the users to control access for the application's modules.  I successfully added the roles to the manifest of the application and assigned the role to a test user.

"appId": "xxx",
  "appRoles": [
    {
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "xxx",
      "id": "xxxx",
      "isEnabled": true,
      "description": "",
      "value": "xxx"
    },

Open in new window


When I tried to access the claims for the logged in user within the application, the role was not included.  I used the following code to attempt to retrieve the value:

var identity = (ClaimsIdentity)Context.User.Identity;
var claims = identity.Claims;
var roles = claims.Where(a => a.Type == ClaimTypes.Role).Select(a => a.Value).FirstOrDefault();

Open in new window


There is no claim entry for roles, only for name, primarysid and groupsid. i.e.{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: xxx} Type:System.Security.Claims.Claim

What else am I missing from the process of getting the role claim from Azure AD?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Programmer
Commented:
After a long search I ran across this github code solution for exactly what I needed.  This came directly from the Microsoft Identity Developer group.  https://github.com/Azure-Samples/active-directory-dotnet-webapp-roleclaims

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial