Hello, I'm new around here.
I'm looking at making a NET CORE web app for my workplace. The idea is that the users have to be authorized by our organizational Azure Active Directory (AD) single sign-on.
I did a quick test by making an app that has "Work or School Account" authentication and it worked surprisingly well. When running the app it requires the login and all that. 
However, I also would like to have roles inside the app, and these roles are stored in the app, not in AD. I also want to be able to see when a specific user has logged in etc. The function of these roles is to different access among the users, such as Admin,
Manager etc. So there will be pages that are only accessed by certain roles. So I need to know how the current user is and then compare it to a table that holds their email and permission group. Perhaps fetching this when the user logs in and store it in a
variable for faster access.
I was thinking of making a system that takes the email from the currently logged in user and looks up the email in a table that holds the roles. But then I would also need to build a system to check if a user has this access on every page. So maybe there is
a simpler way of doing this, or maybe even a build-in framework that I can use to do these things. I'm trying to find an easy way to do this, it does not need too many features beyond this.
So in short AD is used to authenticate the users (only users from our org will be able to access), but the app will hold some additional information on this user, such as permission.
I also wonder how the best way to get the user email from a logged-in user is, I noticed that using @User.Identity.Name shows an email, but is it reliable?
As a test, I tried creating a static method to fetch this information, but it seems to be very slow and sometimes it shows up empty.
public static string getEmail()
{
return UserPrincipal.Current.EmailAddress;
}Does anyone have any ideas on how the best way to proceed?