Hi @Al Mus ,
The 'oid' (object id) is the only claim that should be used to uniquely identify a user in an Azure AD tenant, as it cannot get reassigned.
There is a B2C sample here that shows how to assign tasks to B2C users by object ID and create a "to-do" list that only allows users to see their own tasks.
You would identify the task owner by the user's object ID and ensure that the object ID is added as an application claim in all of your policies.
// Controllers\TasksController.cs
public IEnumerable<Models.Task> Get()
{
string owner = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
IEnumerable<Models.Task> userTasks = db.Tasks.Where(t => t.owner == owner);
return userTasks;
}
There is another sample here that you can use for reference: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/4-WebApp-your-API/4-2-B2C/TodoListService/Controllers/TodoListController.cs
See also:
Mapping oid
External users, user_id, and object ID
Let me know if this is what you are looking for.
-
If the information helped you, please Accept the answer. This will help us and other community members as well.