Home > Blockchain >  How to use Azure AD only for authentication like an API call without using a middleware in .NET Core
How to use Azure AD only for authentication like an API call without using a middleware in .NET Core

Time:12-30

I have an existing application which has an auth service generating a JWT token validating username and password in the application database. While building the claims we are generating permissions based on user role mapping within the database.

As of now, we don't want to depend on IT to create roles for the user that are specific to our application, so we intend to use Azure AD only for authentication but not for authorization.

We are planning to use existing JWT token builder to build the token once AD authentication is successful. Please suggest how to use AD authentication as an API call to validate the user by username and password and on success we can generate our own JWT token.

Everywhere I am finding solution to basically on behalf of flow which I feel is not according to my expectation.

CodePudding user response:

You can use Azure AD to finish your authentication flow, and once you get back success result and JWT from AD, then you can retrieve the user details via claims in the token, then perform authorize logic as per your application database roles, then prepare a new JWT token using JwtSecurityToken class of System.IdentityModel.Tokens.Jwt. You can fill in the role name(s) into claims section in this new token. This token can henceforth be used by rest of your app to perform RBAC logic.

  • Related