Custom User data in ASP.NET MVC Core 3.1 with Azure AD Authentication?

Question

We're migrating a legacy web app but want to retain our app-specific user info stored in the database. We've successfully set up authentication against our new Azure AD -- we're using OIDC with Multiple Tenants. Once the user is logged in, we'll look up the associated user record from the database via their email address. The problem lies in mapping our existing user data to the ClaimPrincipal . The docs claim we can extend IdentityUser and register the change via:

services.AddIdentity<AppUser, IdentityRole>(); //AppUser is our custom IdentityUser

Right now, our Startup.cs file contains:

services.AddIdentity<AppUser, IdentityRole>();    
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));

However, the service resolver isn't happy with that.

Some services are not able to be constructed (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[GcfConnect.Application.Web.Security.Models.AppUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[GcfConnect.Application.Web.Security.Models.AppUser]' while attempting to activate...(SNIPPED)

How do I use a custom IdentityUser with Azure AD authentication? Do I need to provide custom replacements for the entire Identity system ( UserStore , UserManager , etc.)?

Answer 1

If you are using EF, try to change it to operate.

You need to add AddEntityFrameworkStores()：

services.AddIdentity<IdentityUser, IdentityRole>()
    .AddEntityFrameworkStores<WorldContext>();