How access info from Azure AD after user is authenticated prior to any action in ASP.Net MVC when using MS Identity platform (Azure AD Authentication)

Question

I have created an app which is using Azure AD authentication. After user is authenticated, I want to get the user's unique Id and get the group information which I want to save in a session so then that group information can be fetched in any controller action.

One good place to do that would be right SignIn() method method but this code does not execute because of the cache and user can get to the default page.

So what would be the best possible solution to create the session prior to user start any activity on the application after user is authenticated?

In this page i should be able to check if user is authenticated, username and also get users unique id as follow:

var userName = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("name").Value;
var IsAuthenticated = HttpContext.User.Identity.IsAuthenticated;
var uniqueId = system.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

        

Answer 1

Please Include below in application manifest in azure portal "groupMembershipClaims": "All",

Change this to "SecurityGroup" to get security groups and Azure AD roles Or change to "ApplicationGroup". This includes only groups that are assigned to the application. See groupmembershipclaims-attribute.

Access the group info from controller before routing it to any other controller/ redirect uri in the startup before app authorization.

[Route("api/[controller]")]
[ApiController]
public class CurrentUserController : ControllerBase
{
    [HttpGet("groups")]
    [ProducesResponseType(typeof(IEnumerable<ClaimsViewModel>), (int)HttpStatusCode.OK)]
    public IActionResult Groups()
    {
        return Ok(User.Claims.Where(claim => claim.Type == "groups").Select(c => new ClaimsViewModel() { Type = c.Type, Value = c.Value }));
    }
}

In case where users have more than 5 AD groups, you may have to query the groups manually using MS Graph or save those separately with other alternatives.

References:

1. net - Get a list of groups that Azure AD user belongs to in claims- Stack Overflow
2. asp.net - Claim data missing for authenticated users - Stack Overflow /Azure Web App Authentication using Azure AD – how to get user’s groups - Stack Overflow