Roles in Azure Active Directory

If you're having trouble with Roles in Azure Active Directory (like I have had) the following resources may help you.

(writing this to remind myself for the next time I run into issues)

Start here - - Dushayant walks us through the process of adding custom roles to our Azure Active directory Application.

Then - (github doesn't let you link to the comment - so thank you apozgaj) Install Kentor Cookie Saver via Nuget and add following line in Startup.Auth:

app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieSecure = CookieSecureOption.Always });

In order to force application to require HTTPS you can add following in Global.asax::

GlobalFilters.Filters.Add(new RequireHttpsAttribute());

KentorCookiesaver is here -

Then finally - -Russell covers some of the same ground as Dushayant above, but adds this crucial piece:


TokenValidationParameters = new system.IdentityModel.Tokens.TokenValidationParameters()
      ValidateIssuer = false,
      RoleClaimType = "roles"

to the OpenIdConnectAuthenticationOptions in Startup.Auth.cs (or where ever you do your OpenId setup).

I was bashing my head against this for a long time and finally got it running after reading Russell's post.

Hope this helps someone.