ADAL JS Angular - WebAPI adds new role requirement to token

Question

ADAL JS Angular - WebAPI adds new role requirement to token

I created an angular SPA with a WEBAPI backend using ADAL JS authentication. Since there are no roles in AD, I need to manually add role claims to give users access to various API controllers.

Roles are stored in the database. I expect you to add an additional requirement via the webapi call after authenticating with AD. The webapi code might look like this.

identity.AddClaim(new Claim("role", "user")); 
var ticket = new AuthenticationTicket(identity, props); 
var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);

Can ADAL IDtoken be replaced with this new token?

Is this a viable solution or is there some other better way to handle this?

How is the seed token generated by AzureAD, can I change the token to add a new requirement? Any help is appreciated.

+3

angularjs asp.net-web-api adal

winter May 31 '15 at 22:50

source to share

1 answer

Omer Cansizoglu · Answer 1 · 2015-06-03T17:24:37+0000

The api chart supports group claims. See here: http://justazure.com/azure-active-directory-part-4-group-claims/

If you look at the examples on this page, groups are assigned to users and your application can check the group in the formula. In the current version of the portal, you need to get the application manifest and modify it.

ADAL JS Angular - WebAPI adds new role requirement to token

More articles: