Assigned Azure AD Roles missing in User Claims in Blazor Client App

Question

. 。 Answers to this question are eligible for a +50 reputation bounty. techno is looking for a . 。

I have created a role for within an Azure App registration and assigned to me.

This is the role

This is the assignment in the enterprise application

Now in the Blazor Client App,when i try to read the User roles assigned it is empty

var authstate = await AuthenticationStateProvider.GetAuthenticationStateAsync();
        var user = authstate.User;
        userName = user.Identity.Name;
        var x = user.Claims.Where(t => t.Type == System.Security.Claims.ClaimTypes.Role).ToList();

The dependencyInjection is Program.cs looks like this

builder.Services.AddMsalAuthentication(options =>
{
    builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
    options.ProviderOptions.DefaultAccessTokenScopes.Add("User.Read");


});

Update:

Answer 1

Program.cs

builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration)
        .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "user.read" })
        .AddInMemoryTokenCaches();
// Add services to the container.
//builder.Services.AddControllersWithViews();
builder.Services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
})
// Add the Microsoft Identity UI pages for signin/out
.AddMicrosoftIdentityUI();

=====================================================

I can get the roles, as you can see, I have a role, and I assigned it to a user

Answer 2

To access the Azure AD API, you have to grant your app with right permissions. On your API Application go to API Permissions page, select Grant admin consent.