In Blazor Web App Server authentication Azure missing iss claims

Stefania Robuschi 0 Reputation points
2024-05-14T08:32:37.7933333+00:00

Hello,

I followed this guide to create a Blazor Web App (server) with azure athentication
https://learn.microsoft.com/it-it/entra/identity-platform/tutorial-blazor-server

and it works.

here the authentication part:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
            .AddMicrosoftGraph(builder.Configuration.GetSection("DownstreamApi"))
            .AddInMemoryTokenCaches();

My problem is that in my claims there is no "iss" (see attachment)

How can I add it?

Screenshot 2024-05-14 101503.png

Thank you

Stefania

Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,410 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 57,641 Reputation points
    2024-05-14T18:41:13.43+00:00

    iss: is part of the token verification and not typically considered a claim. you can map to user principal claims as a custom claim:

    https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-8.0#mapping-claims-using-openid-connect-authentication

    using transformation:

    public class IssuerClaimsTransformation : IClaimsTransformation
    {
        public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
        {
            var claimType = "issuer";
            if (!principal.HasClaim(claim => claim.Type == claimType))
            {
                var issuer = principal.Claims.First().Issuer;
                var claimsIdentity = new ClaimsIdentity();
                claimsIdentity.AddClaim(new Claim(claimType, issuer));
                principal.AddIdentity(claimsIdentity);
            }
            return Task.FromResult(principal);
        }
    }
    

    and register:

    builder.Services.AddTransient<IClaimsTransformation, IssuerClaimsTransformation>();
    
    0 comments No comments