Returning a list of Azure Active Directory groups that a user is part of.
To enable this you need to modify the application manifest.
- Goto the Azure portal
- Click on Azure Active Directory
- Click on App registrations
- Choose the application that you are working with
- Click on Manifest
The application manifest has all the configuration details for your application.
By default the property groupMembershipClaims is null, by changing it to “SecurityGroup” you will have the list of groups returned as a claim.
"groupMembershipClaims": "SecurityGroup",Accessing the groups
The groups returned will only be the guids of the group ids, so you will either need to look up the object ids in code, or store the object ids, depending how you
internal static bool IsAuthorised(ClaimsPrincipal currentPrincipal)
{
var authorisedGroupIDs = "GUID1,GUID2";
var principalsGroupMembershipIds = currentPrincipal.Claims.Where(c => c.Type == "groups").Select(c => c.Value).ToList();
var isAuthorised = principalsGroupMembershipIds
.Any(x => authorisedGroupIDs.Contains(x));
return isAuthorised;
}
