I have an ASP.NET 6.0 C# application which is registered in Entra ID, let us say it is called MyApp. In the Azure portal for MyApp, under App registrations, I have used Manage - App roles to define custom roles, Editor and Viewer. Then in Manage - Users and groups I have assigned users and groups to these roles.
In the application code I have a GraphServiceClient. With the following code I can get a collection of AppRoleAssignments, where gs is a GraphServiceClient object:
var approles = await gs.Me.AppRoleAssignments.Request().GetAsync();
However these AppRoleAssignments are not the custom roles. If the user has a role assigned, there is one AppRoleAssignment that has a ResourceDisplayName of MyApp in the approles collection above, but how can I get the custom roles, Editor or Viewer, assigned to the currently logged in user?
I have looked at this sample https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/5-WebApp-AuthZ/5-1-Roles which shows how to set an Authorize attribute using a custom role but I don't want to do that, I want code to list the custom roles in MyApp that are assigned to the current user.
Update: this is one solution
private bool IsCurrentUserInRole(string role)
{
foreach (System.Security.Claims.Claim claim in User.Claims)
{
if (claim.Type == System.Security.Claims.ClaimTypes.Role)
{
if (claim.Value == role)
{
return true;
}
}
}
return false;
}
I am still not sure how to do it with GraphServiceClient