How to do Blazor server side web app with azure ADB2C authentication and role based autherization

Question

I would like to setup an Blazor server side application (NET5) and I already use the **azure AD B2C authentication** and it works fine. Now I would like to add **role based autherization** and don't know how to do it in the best way.

As far as I know, azure ADB2C doesn't support roles out of the box. I would be fine with storing the users and roles data in seperate sql database in Azure with tables like AspNetUsers and aspNetUserRoles etc. I need a database for my app anyway. I'm wondering how I connect the autherization attribute to this database without damaging the connection to azure ADB2C connetion for authentication.

Is this the best way to do it or is there a better one? If possible, I would like to keep the ADB2C authentication part.

Thanks for your help and ideas.
Jörg

Answer 1

I have no idea with sql database, but there is a workaround using custom attribute. For example, create a custom attribute named AADRole. Assign a value（which means its role access to certain apps）to different users and then get the claim from id token after B2C users sign in. Refer to this answer for more details.

There is an issue: How to Use Role-Based Authorization with .NET Core [Authorize].