Adding Custom Claims to AspNetCore Azure Authenticated Application

Question

I am using the AspNetCore template authorization with this line of code:

       services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

How can I add my custom Claims after the user is authorized by Azure?

score 3 · Accepted Answer · answered Feb 21 '20 at 03:59

You can add custom cliams in OnTokenValidated of OIDC event :

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));


services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
    options.Events = new OpenIdConnectEvents
    {
        OnTokenValidated = ctx =>
        {


            // add claims
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Role, "Admin")
            };
            var appIdentity = new ClaimsIdentity(claims);

            ctx.Principal.AddIdentity(appIdentity);

            return Task.CompletedTask;
        },
    };
});

Then in controller , you can get the claim like :

var role = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;

Nan Yu. Do you know how i can pass my DbContext to the claims here? — Tom Crosman, Feb 21 '20 at 18:34
I figured it out. Had to add this: var db = ctx.HttpContext.RequestServices.GetRequiredService(); — Tom Crosman, Feb 21 '20 at 19:06

Adding Custom Claims to AspNetCore Azure Authenticated Application

1 Answers1

Linked