How to Use Role-Based Authorization with .NET Core [Authorize]?

Question

I would like to enhance active-directory-b2c-dotnet-webapp-and-webapi or (better yet) enhance 4-2-B2C to demonstrate old fashioned role based authorization.

Apparently this is done by editing the manifest and adding roles there?

And then I would enhance the controllers with "[Authorize(role="Admin")] as discussed in roles.

Where is the Microsoft documentation on editing the manifest in AADB2C to add authorization?

Is it compatible with Azure OpenIDConnect and B2C WebApps?

Is there an example somewhere?

Thanks
Siegfried

Answer 1

@Siegfried Heintze sorry, it is not possible in Azure AD B2C to use role based authorization by modifying the manifest and using the authorize attribute in your code as it can be done in Azure AD. I am not sure of your scenario why you need to pass the roles claim for a consumer account by defining app roles in the app manifest as B2C is used for consumer identities and it would not be a feasible solution for administrators to modify the app manifest to assign the roles to their identities. Have you tried to check custom claims in Azure AD B2C where the consumer can select required roles during the signup process which is later returned in the token. Please refer to documentation for more details.

Another alternative to achieve the same is using claims through ClaimsIdentity.RoleClaimType in your .net code that is used when evaluating the identity for the ClaimsPrincipal.IsInRole. Please refer to the blog which talks about this approach of implementing authorization in Azure Ad B2C.

(Please don't forget to accept helpful replies as answer)

Answer 2

You may find this helpful

https://learn.microsoft.com/en-us/answers/questions/652436/blazor-server-ad-b2c-don39t-require-authentication.html