How to implement authorization with Azure AD B2C using C#.NET

Question

I have done authentication using Azure Active Directory B2C means user can signed in. After Signing in, User saw 5 tab buttons on navbar (i.e. Home, Privacy, Products, HR, Finance).We want to configure these as (for signed-in user):-
(1) every user can see 2 tab buttons (Home & Privacy).
(2) some specific user (i.e. HR teams) can see HR and Finance tab (means I want to give authorization)
and
(3)some other specific user can see Products tab .

Using C#.NET for this.

And I shared some picture for example purpose.

thanks!

Answer 1

Hello @Devendra Pratap

In your application, you can handle the OpenIdConnectEvents.OnTokenValidated event https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectevents.ontokenvalidated which will fire after authentication completes and returns to your application with an AuthenticationTicket. From there, you could add additional claims to your ClaimsPrincipal. You could interrogate the Microsoft Graph API for additional information for the additional properties needed or other external systems that might contain the additional identifying properties to determine the appropriate departments or specific access.

Here's one approach for adding additional claims.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-6.0#extend-or-add-custom-claims-using-iclaimstransformation