How to Use Role-Based Authorization with .NET Core [Authorize]?

Siegfried Heintze 1,506 Reputation points

I would like to enhance active-directory-b2c-dotnet-webapp-and-webapi or (better yet) enhance 4-2-B2C to demonstrate old fashioned role based authorization.

Apparently this is done by editing the manifest and adding roles there?

And then I would enhance the controllers with "[Authorize(role="Admin")] as discussed in roles.

Where is the Microsoft documentation on editing the manifest in AADB2C to add authorization?

Is it compatible with Azure OpenIDConnect and B2C WebApps?

Is there an example somewhere?


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,674 questions
Azure Active Directory External Identities
0 comments No comments
{count} votes

Accepted answer
  1. Saurabh Sharma 17,366 Reputation points Microsoft Employee

    @Siegfried Heintze sorry, it is not possible in Azure AD B2C to use role based authorization by modifying the manifest and using the authorize attribute in your code as it can be done in Azure AD. I am not sure of your scenario why you need to pass the roles claim for a consumer account by defining app roles in the app manifest as B2C is used for consumer identities and it would not be a feasible solution for administrators to modify the app manifest to assign the roles to their identities. Have you tried to check custom claims in Azure AD B2C where the consumer can select required roles during the signup process which is later returned in the token. Please refer to documentation for more details.

    Another alternative to achieve the same is using claims through ClaimsIdentity.RoleClaimType in your .net code that is used when evaluating the identity for the ClaimsPrincipal.IsInRole. Please refer to the blog which talks about this approach of implementing authorization in Azure Ad B2C.

    (Please don't forget to accept helpful replies as answer)

1 additional answer

Sort by: Most helpful