Blazor server authorization

Question

I have a blazor server application with active directory authentication. (Windows accounts) Now I need to add roles to logged users. These roles are custom, and are stored in a database so I can get all roles for a particular user.

I've been investigating and for blazor webassembly I can implement the AccountClaimsPrincipalFactory which contains a method called CreateUserAsync. This method is invoked when the user is logged in the app. I was thinking maybe I can create the ClaimsPrincipal here, invoke services to get the custom roles for the user. Then add all this information to the user claims. That will work but I'm in blazor server not webassembly.

My question is, which is the equivalent to this procedure in blazor server? I need some guidance to get started.

Inside your B2C tenant in Azure, create a custom policy that will call either an API or an Azure Function. Inside that API or function, create and return your claims to the policy and they will get added prior to the creation of the jwt token. — GH DevOps, Aug 30 '23 at 16:23

ASPDev · Answer 1 · 2023-08-30T22:06:19.760

Check this article to retrieve AD User info. Blazor Server Auth

----------

Hope this additional code helps too.

private readonly **AuthenticationStateProvider** authStateProvider;

 public async Task<string> GetADUserRoleAsync()
{
    var authState = await authStateProvider.GetAuthenticationStateAsync();

    var userRole = string.Empty;

    if (authState != null)
    {
        var user = authState.User;

        if (user.Identity.IsAuthenticated && user.Identity != null && user != null)
        {
            try
            {
                var adUserRoleClaim = user.Claims.Where(x => x.Type == "roles").First();
                if (adUserRoleClaim != null)
                {
                    userRole = adUserRoleClaim.Value;
                }
            }
            catch { }
        }
    }

    return userRole;
}

Blazor server authorization

1 Answers1