I'm trying to inject a custom claim to the AzureB2C claim to get role based authorisation working.
The dev stack is:
VS2019 Preview 16.3 - .net Core 3.0 Preview 9 - Blazor Server-side. Azure App Service. B2C Email+LinkedIn.
https://blog.denious.net/azure-b2c-role-based-authorization-part-1/
It seems this should work, but at least in .net core 3 it doesn't.
I have also modified the suggested solution to rather use OpenIDConnect scheme and event:
services.PostConfigure<OpenIdConnectEvents>(AzureADB2CDefaults.OpenIdScheme,
options =>
{
options.OnTokenValidated = context =>
{
// since we're using AADB2C only, the first identity is the only identity
var identity = context.Principal.Identities.First();
Trace.WriteLine("Inside OnTokenResponseReceived");
// add our test role to the identity's claims collection with the right type
var extraClaim = new Claim(identity.RoleClaimType, "Extra");
identity.AddClaim(extraClaim);
return Task.CompletedTask;
};
});
It seems that OnTokenValidated never fires for either JwtBearerEvents or OpenIdConnectEvents - despite me clearly being logged in and authn having worked.
I managed to finally get this working using the IClaimTransformation approach from https://davidwalschots.com/how-to-add-additional-claims-to-the-httpcontext-user/
I'd be happy to hear from anybody if there are any gotchas, warnings etc from this approach.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.