I am trying to create a full stack app (with React.js on frontend and ASP .NET Core Web API on the backend). The login process needs to be done using Active directory, as users are employees within a single organization. Frontend must get a token (using a MSAL library) and then send it to backend, where it has to decode it and, basing on it recognize user and register every session in the database, and let users perform actions set with their roles. Those roles, need to be assigned in database.
Does anyone know how to do that? Even an example project like that would help me immensely, because everything I have found so far is very basic.
For implementing the authentication in Asp.net core follow this doc here.
Authorization in Azure AD can also be done with Application Roles. Application Roles in Azure AD are by no means mutually exclusive. They can be used in tandem to provide even finer grained access control.
In your react-app (client) you can get the token, then access webAPI with the token. You can then take a look to this source code.The only different will be that you will call your own webAPI instead of Microsoft graph.
For controlling the authentication session read more here link.