Need to create a "Required Claim" (I think)

Jonathan Holmes 21 Reputation points
2021-10-25T05:52:37.093+00:00

Hello. I am new to Azure AD and SSO.

I am trying to copy an existing app and modify it for another purpose. Meanwhile the new app is working using UPN for authentication with SSO.

The problem is, not all email aliases are the same in our ORG and it appears when authenticating with Azure AD, even though we have an additional claim called username set to userPrincipalName, the request fails unless the default SMTP matches the UPN.

In our working app, the claim is "Required", but in the problematic app, the claim is not required, but "Additional". Am I only the right track? Is there a way to make this claim required rather than additional?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,467 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2021-10-25T08:28:50.433+00:00

    Hi @Jonathan Holmes • Thank you for reaching out.

    Please refer to below asp.net core code snippet to make a claim required. In below example, the attribute name is EmployeeNumber. 

    public void ConfigureServices(IServiceCollection services)  
{  
    services.AddControllersWithViews();  
    services.AddRazorPages();  
  
    services.AddAuthorization(options =>  
    {  
        options.AddPolicy("EmployeeOnly", policy => policy.RequireClaim("EmployeeNumber"));  
    });  
}

    Read more: https://learn.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-5.0

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest