ASP.NET Core Authentication with Azure Active Directory and Save Custom Claims on Requests
I have a default ASP.NET Core website built in Visual Studio 2017. I chose to authenticate using Azure Active Directory. I started the site and can successfully log in using an account in Active Directory.
I can get the claim information provided by Active Directory for example. calling the next line, I get "name".
User.Claims.FirstOrDefault(c => c.Type == "name")?.Value;
I want to add a custom claim - CompanyId = 123456 for the registered user. I can add a custom claim, but it is only available on the page where the claim is set.
Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
((ClaimsIdentity)User.Identity).AddClaim(claim);
I understand that I somehow need to update a token that was issued by Active Directory or set a requirement before issuing a token. I'm not sure how to do this.
I suspect it needs to be done in AccountController in SignIn ()
// GET: /Account/SignIn
[HttpGet]
public IActionResult SignIn()
{
return Challenge(
new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectDefaults.AuthenticationScheme);
}
I have read many articles and examples about this scenario (including https://github.com/ahelland/AADGuide-CodeSamples/tree/master/ClaimsWebApp ) however I was unable to figure out how to save Claim Requests.
I was able to successfully save custom claims using ASP.NET Identity as the authentication provider, but this is because the custom request is being saved to the database.
source to share
OnTokenValidated
offers you the option to modify the ClaimsIdentity
received from the incoming token, the code below is for your reference:
private Task TokenValidated(TokenValidatedContext context)
{
Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
(context.Ticket.Principal.Identity as ClaimsIdentity).AddClaim(claim);
return Task.FromResult(0);
}
Installation OpenIdConnectEvents
:
Events = new OpenIdConnectEvents
{
OnRemoteFailure = OnAuthenticationFailed,
OnAuthorizationCodeReceived = OnAuthorizationCodeReceived,
OnTokenValidated = TokenValidated
}
Then in the controller using:
var companyId= User.Claims.FirstOrDefault(c => c.Type == "CompanyId")?.Value;
source to share
For those who want more details, the provided code is placed in Startup.cs
In Configure add / edit method:
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = Configuration["Authentication:AzureAd:ClientId"],
Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"],
CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],
Events = new OpenIdConnectEvents
{
OnTokenValidated = TokenValidated
}
});
The private method TokenValidated Task is in the body of Startup.cs
The following example is a good link. https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-aspnetcore-v2/blob/master/WebApp-OpenIDConnect-DotNet/Startup.cs
source to share