ASP.NET Core 2.2 Web API. Add claims to Azure AD Token

Question

User-1116616100 posted

Hello,

We are using Azure AD for authentication in our application that consists of a Angular 7 client consuming an ASP.NET Core 2.2 Web API.

We are able to authenticate the user successfully from Angular using Azure AD, and the obtained JWT token is being used and validated on the Web API. However, we want to control authorization from our Web API. Is there a way to append claims to the token on the API side once it's generated by Azure AD?

Thank you,

Answer 1

User-1038772411 posted

Hello JFercan,

Kindly refer this below links, I hope these will help you

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping#claims-mapping-policy-assignment

https://aadguide.azurewebsites.net/claims/

Thank you.

Answer 2

User1724605321 posted

Hi JFercan ,

JFercan

Is there a way to append claims to the token on the API side once it's generated by Azure AD?

The token is issued by AAD to access your web api , why do you mean by  "on the API side" , do you want to modify the token after sending token to web api ?

Best Regards,

Nan Yu

Answer 3

User-1116616100 posted

Hello Nan,

Yes, once the token is issued by Azure AD, I would like to be able to Add extra claims that come from the applications database.  I'm starting to realize that this might not be possible.

Thank you

Answer 4

User1724605321 posted

HI JFercan ,

Yes , you should not do that  .

Best Regards,

Nan Yu