Hacking Active Directory User Group Authorization with Azure AD B2C

Tuesday, July 16, 2019

Hacking Active Directory User Group Authorization with Azure AD B2C

For everyone that's been frustrated by Microsoft's progress in getting user membership groups in the claims with AD B2C, we're happy to announce that we've got a simple demo solution for using Azure AD group memberships for authentication in ASP.NET Core using the Azure AD Graph Client API to get this done.

To make this happen, we implement the Microsoft.AspNetCore.Authorization.IAuthorizationService interface, and simply use the service to access the Graph API back end. Because we're running on Linux, we weren't able to use the Microsoft.Azure.ActiveDirectory.GraphClient.ActiveDirectoryClient object like we'd hoped, which would make the code a little cleaner - instead, we rely on the Graph API sample code that we've all been pointed to for getting our code to work.

Take a look and let us know what you think: https://github.com/endpointsystems/Azure.B2C.Demos.GroupAuthorization