For the past week I've been trying to implement Azure Active Directory into an application using the Identity model without any luck. I keep running into different issues and now I'm down to one that I am not even sure where to go from here.
Basically we are developing a new enterprise level application and want to utilize Azure Active Directory for signing into the application so that we do not have to create another set of user credentials. However, our permissions model for this application is more complex than what can be handled via groups inside of AAD. The thought was that we could use Azure Active Directory OAuth 2.0 in addition to the ASP.NET Core Identity framework to force users to authenticate through Azure Active Directory and then use the identity framework to handle authorization/permissions.
I had to implement my own OAuthHandler and OAuthOptions as I could not find anything out of the box to handle it this way. (Can use AAD with OpenID or Microsoft Accounts with OAuth easily) I'm receiving tokens back but my Identity is not being generated
and claims are not being populated.
I've posted more details about it on Stack Overflow: https://stackoverflow.com/questions/47188066/using-azure-active-directory-oauth-with-identity-model-in-asp-net-core-2-0