I have a web application, where I authenticate user using Azure AD (Microsoft Entra ID) and retrieve the app role in my code.
The application is also configured to work offline by installing it on the computer - using Windows installer. My application works fine when used offline, except for retrieving the claims (app role) part.
I would like to know if Azure AD authentication work with desktop app (.msi installed on desktop)? Because when the application is installed and used offline, it does not return app role part of my code.
This is my code - Program.cs:
builder.Services.AddMsalAuthentication<RemoteAuthenticationState,
CustomUserAccount>(options =>
{
builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add(builder.Configuration.GetSection("ServerApi")["Scopes"]);
options.ProviderOptions.Cache.CacheLocation = "localStorage";
options.ProviderOptions.Cache.StoreAuthStateInCookie = true;
options.UserOptions.RoleClaim = "appRole";
}).AddAccountClaimsPrincipalFactory<RemoteAuthenticationState,
CustomUserAccount, CustomAccountFactory>();
CustomAccountFactory:
public class CustomAccountFactory : AccountClaimsPrincipalFactory<CustomUserAccount>
{
public CustomAccountFactory(IAccessTokenProviderAccessor accessor)
: base(accessor)
{
}
public async override ValueTask<ClaimsPrincipal> CreateUserAsync(CustomUserAccount account,
RemoteAuthenticationUserOptions options)
{
var initialUser = await base.CreateUserAsync(account, options);
if (initialUser.Identity.IsAuthenticated)
{
var userIdentity = (ClaimsIdentity)initialUser.Identity;
foreach (var role in account.Roles)
{
userIdentity.AddClaim(new Claim("appRole", role));
}
}
return initialUser;
}
}
I want the desktop app to return 'app role' claim. Thank you.