asp.net-core azure-active-directory azure-sql-database claims

Adding Custom Claims To Azure Active Directory Web App Login

I have managed to change my .NET Core 6 Razor Pages app to login using Azure Active Directory by following this https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-sign-user-sign-in?tabs=aspnetcore

The trouble is that I need to add some custom claims to the login, the details of which are in the database (SQL Server), and I do not know how to go about that other than to store the claims in memory.

Previously, I used the following code in my login page.

public ActionResult OnPostLogin(string returnUrl = null)
        {
            returnUrl = returnUrl ?? Url.Content("~/");

            if (ModelState.IsValid)
            {
                if (_userRepository.GetUserValid(Input.Username, Input.Password))
                {
                    var claimsIdentity = new ClaimsIdentity(_loginClaimRepository.ClaimList(Input.Username), CookieAuthenticationDefaults.AuthenticationScheme);
                    var result = HttpContext.SignInAsync(
                        CookieAuthenticationDefaults.AuthenticationScheme,
                        new ClaimsPrincipal(claimsIdentity),
                        new AuthenticationProperties
                        {
                            IsPersistent = true,
                            ExpiresUtc = new DateTimeOffset(DateTime.UtcNow.AddHours(8)),
                            AllowRefresh = true
                        });

                    if (result.IsCompletedSuccessfully)
                    {
                        return LocalRedirect(returnUrl);
                    }
                    else
                    {
                        ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                    }
                }
                else
                {
                    ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                }
            }

            return Page();
        }

I wonder if there is a standard way to intercept the login process and add some custom claims?

Solution

I registered an app in azure active directory by clicking new registration:

enter image description here

Added the name and clicked on azure register. Image for reference:

enter image description here

After app registration I go to manifest and updated the app roles. Image for reference:

enter image description here

added app roles in Json format:

"appRoles": [

{

"allowedMemberTypes": [

  

"Application"

],

"description": "Consumer apps have access to delete consumer data.",

"displayName": "webapp Delete role",

"id": "5e491592-0270-40cb-b70d-2f67b3ce0910",

"isEnabled": true,

"value": "webapp.delete"

},

{

"allowedMemberTypes": [

"Application"

],

"description": "Consumer apps have access to update consumer data.",

"displayName": "webapp Update role",

"id": "d7395cab-0ae9-41c1-a5cd-e945afca8465",

"isEnabled": true,

"value": "webapp.update"

},

{

"allowedMemberTypes": [

"Application"

],

"description": "Consumer apps have access to write consumer data.",

"displayName": "webapp Writer role",

"id": "37605316-22ca-4587-8a98-56e31ba1a2b0",

"isEnabled": true,

"value": "webapp.write"

},

{

"allowedMemberTypes": [

"Application"

],

"description": "Consumer apps have access to read consumer data.",

"displayName": "webapp Reader role",

"id": "12eb6844-6ff4-4731-a349-d5f803cfd6c5",

"isEnabled": true,

"value": "webapp.read"

}

],

Image for reference:

enter image description here

Saved the update of manifest by clicking save button. Set the application Id URI. This value will be used as the Scope parameter when requesting an OAuth token for the Client App. Image for reference:

enter image description here

In this way we can add custom claims app which is registered in active directory.