Azure AD authentication for ASP.NET Core Web Application

Question

I am developing an ASP.Net core web application with Azure AD authentication , When the user is logged in, I need to get all the groups he is a member of and his basic details, Any Leads would be appreciated,

Thanks In Advance.

Answer 1

Group Ids are available as claims that come as part of the auth token that you get from Azure AD. The specific claim name is "groups".

In your .NET code it will be available as part of the ClaimsIdentity for user.

Here is sample code which shows how to perform or restrict different actions in your application based on the groups for logged in user - https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims#authorization-in-a-web-app-using-azure-ad-groups--group-claims

Specifically for finding groups that logged in user is a member of, look at this code in the shared sample -

public class ClaimHelper
    {
        public static async Task<List<string>> GetGroups(ClaimsIdentity claimsId)
        {
            if (claimsId.FindFirst("_claim_names") != null
                && (Json.Decode(claimsId.FindFirst("_claim_names").Value)).groups != null)
                return await GetGroupsFromGraphAPI(claimsId);

            return claimsId.FindAll("groups").Select(c => c.Value).ToList();
        }

Here is a link that explains all the different claims that will be available to you. - https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens

First Name, Last Name, Object Id, Groups and User Principal Name might provide you what you're looking for.