Roles in Azure Active Directory

If you're having trouble with Roles in Azure Active Directory (like I have had) the following resources may help you.

(writing this to remind myself for the next time I run into issues)

Start here - http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/ - Dushayant walks us through the process of adding custom roles to our Azure Active directory Application.

Then - https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect/issues/12 (github doesn't let you link to the comment - so thank you apozgaj) Install Kentor Cookie Saver via Nuget and add following line in Startup.Auth:

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseKentorOwinCookieSaver();
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieSecure = CookieSecureOption.Always });

In order to force application to require HTTPS you can add following in Global.asax::

GlobalFilters.Filters.Add(new RequireHttpsAttribute());

KentorCookiesaver is here - https://github.com/KentorIT/owin-cookie-saver

Then finally - https://russellyoung.net/2015/09/05/mvc-role-based-authorization-with-azure-active-directory-aad/ -Russell covers some of the same ground as Dushayant above, but adds this crucial piece:

Add:

TokenValidationParameters = new system.IdentityModel.Tokens.TokenValidationParameters()
    {
      ValidateIssuer = false,
      RoleClaimType = "roles"
    },

to the OpenIdConnectAuthenticationOptions in Startup.Auth.cs (or where ever you do your OpenId setup).

I was bashing my head against this for a long time and finally got it running after reading Russell's post.

Hope this helps someone.