We are migrating an application which consists of an Angular Frontend and a ASP.NET Core 2.1 Web Api Backend running on .NET Framework 4.6.2 from on premises to Azure.
The application uses Active Directory Groups for authorization purposes.
To facilitate the migration process we would like to use the same groups which are synchronized to Azure Active Directory.
Authentication works fine but when i inspect the claims in the User Object within a Web Api Controller i can't find any group claims in it.
The only group-related claim i see in the User Object is one named "hasGroups" with the value true, but i need to know which groups the user is part of.
I know i can query AD via Graph API but i would prefer a seamless way if the service can provide this info directly.
Update: I use MSAL 1.0 and implicit flow in my Angular Frontend to authenticate the user and gain an access token to authenticate the calls to the Web Api.
Update 2: This is the configuration of the backend api:
- I applied the following configuration in the "Token configuration" page
I created a client secret in the "Certificates & secrets" page
i created a scope in the "Expose an API" tab and added the client application to it
i added API permissions
In the frontend app i activated the options for "access tokens" and "ID tokens" in the Authentication page:
and i configured the redirect url on the same page
Update 3: I upgraded the backend to .net 5 and can still reproduce the problem (no roles in claims collection).
