Clever Geek Handbook

ASP.NET Core Authentication with Azure Active Directory and Save Custom Claims on Requests

I have a default ASP.NET Core website built in Visual Studio 2017. I chose to authenticate using Azure Active Directory. I started the site and can successfully log in using an account in Active Directory.

I can get the claim information provided by Active Directory for example. calling the next line, I get "name".

User.Claims.FirstOrDefault(c => c.Type == "name")?.Value;

I want to add a custom claim - CompanyId = 123456 for the registered user. I can add a custom claim, but it is only available on the page where the claim is set.

Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
((ClaimsIdentity)User.Identity).AddClaim(claim);

I understand that I somehow need to update a token that was issued by Active Directory or set a requirement before issuing a token. I'm not sure how to do this.

I suspect it needs to be done in AccountController in SignIn ()

// GET: /Account/SignIn
[HttpGet]
public IActionResult SignIn()
{
    return Challenge(
            new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectDefaults.AuthenticationScheme);
}

I have read many articles and examples about this scenario (including https://github.com/ahelland/AADGuide-CodeSamples/tree/master/ClaimsWebApp ) however I was unable to figure out how to save Claim Requests.

I was able to successfully save custom claims using ASP.NET Identity as the authentication provider, but this is because the custom request is being saved to the database.

+3


source to share


2 answers


OnTokenValidated

offers you the option to modify the ClaimsIdentity

received from the incoming token, the code below is for your reference:

private Task TokenValidated(TokenValidatedContext context)
{
    Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
    (context.Ticket.Principal.Identity as ClaimsIdentity).AddClaim(claim);

    return Task.FromResult(0);
}

Installation OpenIdConnectEvents

:



Events = new OpenIdConnectEvents
{
    OnRemoteFailure = OnAuthenticationFailed,
    OnAuthorizationCodeReceived = OnAuthorizationCodeReceived,

    OnTokenValidated = TokenValidated
}

Then in the controller using:

var companyId=  User.Claims.FirstOrDefault(c => c.Type == "CompanyId")?.Value;
+5


source


For those who want more details, the provided code is placed in Startup.cs

In Configure add / edit method:

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    ClientId = Configuration["Authentication:AzureAd:ClientId"],
    Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"],
    CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],
    Events = new OpenIdConnectEvents
    {
        OnTokenValidated = TokenValidated
    }
});


The private method TokenValidated Task is in the body of Startup.cs

The following example is a good link. https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-aspnetcore-v2/blob/master/WebApp-OpenIDConnect-DotNet/Startup.cs

+2


source






More articles:


All Articles