- Azure AD (aka Microsoft identity platform) is an OpenID Connect Provider
- We can create Security Groups as the normal Windows AD
- The application manifest can be configured the send the user Security Group OIDs as a claim, but is limited to sending a sub-set of the whole groups. A better way is to use the Azure Graph API somehow.
- https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp
- https://odetocode.com/blogs/scott/archive/2018/02/20/role-based-authorization-in-asp-net-core-with-azure-ad.aspx
- https://odetocode.com/blogs/scott/archive/2018/02/21/managing-azure-ad-group-claims-in-asp-net-core.aspx
<table class="table">
<caption>User Claims</caption>
@foreach (var claim in User.Claims.OrderBy(c => c.Type))
{
<tr>
<td>@claim.Type</td>
<td>@claim.Value</td>
</tr>
}
</table>