question

SiegfriedHeintze-9929 avatar image
0 Votes"
SiegfriedHeintze-9929 asked SiegfriedHeintze-9929 commented

How to Use Role-Based Authorization with .NET Core [Authorize]?

I would like to enhance active-directory-b2c-dotnet-webapp-and-webapi or (better yet) enhance 4-2-B2C to demonstrate old fashioned role based authorization.

Apparently this is done by editing the manifest and adding roles there?

And then I would enhance the controllers with "[Authorize(role="Admin")] as discussed in roles.

Where is the Microsoft documentation on editing the manifest in AADB2C to add authorization?

Is it compatible with Azure OpenIDConnect and B2C WebApps?

Is there an example somewhere?

Thanks
Siegfried


azure-active-directoryazure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered SiegfriedHeintze-9929 commented

@SiegfriedHeintze-9929 sorry, it is not possible in Azure AD B2C to use role based authorization by modifying the manifest and using the authorize attribute in your code as it can be done in Azure AD. I am not sure of your scenario why you to pass the roles claim for a consumer account by defining app roles in the app manifest as B2C is used for consumer identities and it would not be a feasible solution for administrators to modify the app manifest to assign the roles to their identities. Have you tried to check custom claims in Azure AD B2C where the consumer can select required roles during the signup process which is later returned in the token. Please refer to documentation for more details.

Another alternative to achieve the same is using claims through ClaimsIdentity.RoleClaimType in your .net code that is used when evaluating the identity for the ClaimsPrincipal.IsInRole. Please refer to the blog which talks about this approach of implementing authorization in Azure Ad B2C.

(Please don't forget to accept helpful replies as answer)


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SiegfriedHeintze-9929 Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

0 Votes 0 ·

Thanks!

I was hoping to try out your recommendations. However, since I have not been able to resolve wanted-help-with-scopes-in-sample-appapi.html, I don't have a working example with which to try it. As soon as I get that working, I will try out your suggestion of ClaimsIdentity.RoleClaim.


0 Votes 0 ·