Using Azure AD and Getting App Role in C# Windows Application

Question

I have a requirement to authenticate user in client side and pass the token to server side application. server side application parse the token and based on the role it will return the result. so we have created C# windows application as client and Java application as server side.

i am trying to use following https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-windows-desktop sample to authenticate in client side and pass the get authorization token. but i am not getting app roles assigned to user.

i have registered the application in Azure Active Directory via app registration and added App roles in Manifest file.

when i receive the authorization token, i have all the details, but roles were not coming as part of the token. could you please guide me as i have very limited knowledge in Azure active directory

Answer 1

In order to get app roles follow this guide: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

Did you assign those app roles to the users? if the user isn't assigned any app roles, the roles claim will not be sent in the token.

after that it should be in the id_token. also take note when you are declaring the app roles in the manifest, of the

"allowedMemberTypes": [
    "User"]

It needs to contain at least User if you want the role to be assignable to users.

Answer 2

If you are facing issue in getting the app role information in the token check whether the roles are assigned to the user or not.

If your facing trouble in authorizing the webAPI with app role in the token information as per the document

If you have a backend web API which is separate from the web app, the app role assignments for the web app don't apply to the web API.