问题
I would like to add Authorization to a web API written in Asp.Net Core using Azure AD B2C. I already have the Authentication part working, and now I would like to add "Roles" to my application, like "Administrators", and probably in the future more specific roles.
I've seen samples with Azure AD adding "Application roles", but can't find anything for AD B2C. There doesn't seem to be anything in the Azure Portal, neither anything in the documentation.
Is it possible to add custom application roles to Azure AD B2C?
回答1:
Application roles are not currently supported in Azure AD B2C. You may want to use Azure feedback portal to add this request or vote for an existing one.
回答2:
Create AD groups that you want to function as roles (for instance AppAdministrator) and then override the RolePrinicpal.IsInRole method to check to see whether the user is in that AD group. It provides the same functionality you're looking for. Here's a good rundown explaining how this works: Authorize By Group in Azure Active Directory B2C
来源:https://stackoverflow.com/questions/46890027/define-application-specific-user-roles-in-azure-ad-b2c