How to get Role of current login user in azure active directory after authentication

Question

i have developed mvc web application. for the authentication part i used azure active directory(single tenant) i used this source https://www.c-sharpcorner.com/article/azure-ad-authentication-for-mvc-web-application/

in case i created the users,roles(Admin, user) in azuer ad and assigned users in the particular roles. my question is that once user is authenticated how can i get that user's assign role? is it available in response token or we need to have external api call for that?

can you pleas anyone suggest me the sollution... Thanks for anvance!!

Answer 1

Tried to repro your scenario but unable to find the exact solution but there is workaround you may try with also.

Step 1: Get the id’s of assigned roles with Microsoft Graph API. In below picture user is assigned with 3 Assigned Role.

Graph API: https://graph.microsoft.com/beta/rolemanagement/directory/roleAssignments?$filter=principalId eq ‘Object ID’

Step 2 : Now take each roleDefinationID separately to get the AssignedRole's Name. Using this MS Graph API.

https://graph.microsoft.com/beta//roleManagement/directory/roleDefinitions/{id}

Refernce : https://learn.microsoft.com/en-us/graph/api/unifiedroledefinition-get?view=graph-rest-beta&tabs=http