When creating ASP.NET Core web app, if you use Azure AD for authentication, is it possible to store user info in your app database? And if so, is there a best practice approach to doing this?

I'd like to store user role info in my app's database; I know you can use AD groups but

(a) I'd like to be able control this from within the app and

(b) I don't know if I have permissions to create new groups in my company's Azure AD.

CodePudding user response：

yes, you can. After authentication with Azure AD, you can get userinfo from ID token if you are using OIDC. Then you can store the userinfo in your app's local database.

CodePudding user response：

For (a), you wanna control user role in your app which used to edit in azure portal. Then you may take microsoft graph api user role into consideration. You may check the link if this api is what you need.

(b) create new groups, this can achieved by this api.

Calling microsoft graph api required an azure ad application which can be assigned api permission by admin, then it can be used to generate access token to call the api.