locked
Unable to get all the claims when azure AD is used as external login with Asp.net identity RRS feed

  • Question

  • User759745699 posted

    When i am using single Azure login (meant without using asp.net identity together) Everything works fine i was able to get all the claims from Azure AD

    enter image description here

    and even i get the info what is the role of user in azure AD

    enter image description here

    • My code goes as below

    appsettings.json

      **{
          "AzureAd": {
            "Instance": "https://login.microsoftonline.com/",
            "Domain": "domain name",
            "TenantId": "aaaaaa-assss-assas--assa-ssss",
            "ClientId": "aaaaaa-ssssss-ddddd-dddddd",
            "CallbackPath": "/signin-oidc",
            "SignedOutCallbackPath": "/signout-callback-oidc",
            "ClientSecret": "clientsecret of the application",
            "CookieSchemeName": "Identity.External"
    
    
          },
          "Logging": {
            "LogLevel": {
              "Default": "Warning"
            }
          },
          "AllowedHosts": "*",
    "GraphApiUrl": "https://graph.microsoft.com/beta"
        }**

    startup.cs

    public void ConfigureServices(IServiceCollection services)
            {
    
                services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
                  .AddMsal(Configuration, new string[] { "User.Read", "Directory.Read.All" })
                  .AddInMemoryTokenCaches();
                services.AddMSGraphService(Configuration);
    
                services.Configure<CookiePolicyOptions>(options =>
                {
                    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                    options.CheckConsentNeeded = context => true;
                    options.MinimumSameSitePolicy = SameSiteMode.None;
                });
    
                services.AddDbContext<ApplicationDbContext>(options =>
                    options.UseSqlServer(
                        Configuration.GetConnectionString("DefaultConnection")));
    
                services.AddDefaultIdentity<IdentityUser>()
                    .AddRoles<IdentityRole>()
                    .AddEntityFrameworkStores<ApplicationDbContext>();            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
            }

    But the problem is when i use Azure AD as external login schema i am unable to get the required claims to find to user belonged group name and id

    enter image description here

    when i try to use same azure Ad application as external login i was able to get only 4 claims it was not sufficient to get the user belonged group name and Id

    enter image description here

    For the above project i am using AzureAd samples which is present in github - https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/5-WebApp-AuthZ/5-2-Groups

    Tuesday, October 15, 2019 3:52 PM

All replies