CODEWITHSUNDEEP
c#azureauthenticationasp.net-core-mvcazure-active-directory
jamesamuir
jamesamuir

Reputation: 1457

MVC Core + Azure Active Directory Get Groups from GraphAPI

I am trying to implement authentication in an MVC Core 2.2 application using Azure Active Directory by following this tutorial.

I have configured the manifest appropriately by setting the “groupMembershipClaims": "SecurityGroup" but am still not getting the groups as part of the user claims. It appears that I should be getting something like this

https://www.red-gate.com/simple-talk/cloud/security-and-compliance/azure-active-directory-part-4-group-claims/ enter image description here

when inspecting the claims however all I appear to be getting is "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid:"

enter image description here

It seems that if the user has more than 4 groups assigned that they

will not be sent as part of the token. and that one would need to use the GraphAPI to pull the groups for the user.

I cannot seem to find any resources that illustrate how to accomplish this and get it to work with 

    services.AddAuthorization(options =>
        {

            options.AddPolicy("Editor", policy => policy.RequireClaim("groups","XXXXXXXXXXXX"));

        });

Can someone possibly point me in the right direction?

Upvotes: 1

Views: 581

Answers (1)

sidecus
sidecus

Reputation: 752

There is a good answer on this @here.

It however suggests you to get all the group membership for a given user - which might not be efficient if user has large number of group memberships.

You can instead use the checkMemberGroups api. It can take up to 20 group ids for each call which should be good enough for most of the cases.

Upvotes: 1

Related Questions