We have an older web application which uses the Identity framework for authentication. With this setup, you have aspnet db tables that contain all your user information, roles, etc.. So registering an new user was easy.
Now we have a new app that uses OIDC, Microsoft Identity Web App, and Microsoft Graph. Based on what I have found on the web, if I want to add a new user, I need to go up to Azure AD and add them there. This application is going to be used by a client in another company, so they will have a different org to sign in with. The app registration is set up to accept any org. Previously this was easy, all I had to do was create the account with their email address, and then they would authenticate using their email address and password. However, I have no idea how to do this with the new setup. The articles I have read say I have to manage roles and claims in the app registration. It seems ridiculous that I would need to log into Azure to manage everything. I mean, our Azure covers our entire company, and I doubt I will have access to the Azure AD. When I created the new app in VS, I chose the web application template, which puts everything into the Program.cs file. Below is the authentication bit, so you know what I am talking about:
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(builder.Configuration.GetSection("MicrosoftGraph"))
.AddInMemoryTokenCaches();
Is there any equivalent to the code below (the old way), or am I forced to use the app reg to manage it all?
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<UnitRateContractSystemContext>()
.AddDefaultTokenProviders()
.AddUserStore<UserStore<ApplicationUser, ApplicationRole, UnitRateContractSystemContext, Guid, ApplicationUserClaim<Guid>, ApplicationUserRole, IdentityUserLogin<Guid>, IdentityUserToken<Guid>, IdentityRoleClaim<Guid>>>()
.AddRoleStore<RoleStore<ApplicationRole, UnitRateContractSystemContext, Guid, ApplicationUserRole, IdentityRoleClaim<Guid>>>();
It appears that the only way to do this is to use Azure AD. It'a apparently the new way to do accounts and security on .Net Core Apps. You can create accounts through the Portal, or you can use Microsoft Graph to create roles, assign roles to users, etc.. There are still confusing parts of this to me, but this article basically describes the different Azure AD types you have.