microsoft-identity-platform

问题 My application signs in via AzureAD, but now I need to get information from the DB and then store the Role as a Claim. So my question is: How can I store the Role as Claim after authentication ? This is what I tried: var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; identity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); But when I go to another controller, the claim does not exist anymore ? Thanks 回答1: You can achieve that during the authentication , in OIDC

问题 I am trying to use identity platform to authenticate users into my custom app that is to be used from within MS Teams. I am aware that Teams uses iFrame to load the custom apps. So I followed the method mentioned in the FAQs - Q5. I used redirectUri property in the MSALConfig. I am using the index file provided by MS for testing purposes by calling it inside an iFrame tag. In both cases of acquireTokenSilent and acquireTokenPopup, it gets stuck at the popup window loading the redirect page.

问题 I am trying to use identity platform to authenticate users into my custom app that is to be used from within MS Teams. I am aware that Teams uses iFrame to load the custom apps. So I followed the method mentioned in the FAQs - Q5. I used redirectUri property in the MSALConfig. I am using the index file provided by MS for testing purposes by calling it inside an iFrame tag. In both cases of acquireTokenSilent and acquireTokenPopup, it gets stuck at the popup window loading the redirect page.

问题 I've set up a small ASP.NET Core v3 webapp using Microsoft.Identity.Web from https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC This works fine. But when I log in as userA and then delete this user from our Azure AD, the user stays logged in. How can I forge my app to regularly check if the user still exists or if his roles have changed? From Cookie not expiring for Azure AD auth I understand I can set OpenIdConnectOptions

问题 I could be completely off basis here on how this works, but this is what I'm looking to achieve. In AAD I have an App Registration called backend-api that represents an HTTP API an App Registration called frontend-app that represents some client (lets say a console app) an App Registration called another-app that represents nothing related to my solution I have a console application where I put my client ID and client secret in for frontend-app and I can request an access_token with the aud

问题 I'm building multitenant SaaS web based application. Application is registered in my tenant and each customer with their office 365 subscription will get Service principal object in Azure AD. I'm having problem with login from external account (Microsoft account) in customer tenant. I created example and tried to see what I can get from access token. Sample consists from one client application (.js) that uses MSAL library to handle authentication and two APIs that have protected endpoints. I