angularjs - ADAL JS Angular- WebAPI add a new role claim to the token -
i have created angular spa webapi backend using adal js authentication.as there no roles in ad, need manually add role claims in order give users access different api controllers.
the roles stored in database. expecting inject claim through call webapi after authentication ad. webapi code might this.
identity.addclaim(new claim("role", "user")); var ticket = new authenticationticket(identity, props); var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket);
is possible replace adal idtoken new token?
is viable solution or there other better way handle this?
as initial token generated azuread, possible edit token add new claim? appreciated.
graph api supporting group claims. see here: http://justazure.com/azure-active-directory-part-4-group-claims/
if @ examples on page, users assigned groups , app can check group in claims. in current version of portal, need app manifest , modify it.
Comments
Post a Comment