Azure AD authentication fails authorization

kraft · October 22, 2021, 4:22pm

Hi,

I'm able to link the Radzen web page to our Azure AD, the user is able to authenticate but only roles that the user has in the end are "Everybody" and "Authenticated".

I've done the following:

Assigned a custom role "Writers" to the page/object via the "properties" menu in Radzen
Created the app registration with https://localhost:5000/signin-oidc (https turned ON in settings and certificate installed)
Created the app role "Writers" and made sure the role is also assigned on the enterprise role side to me
Confirmed that the role is assigned to me

For some reason, still, the role is not there and doesn't work in the GUI?

// JS

korchev · October 22, 2021, 5:32pm

What does that mean?

kraft · October 22, 2021, 7:50pm

I mean, the only roles I'm able to debug from the logged in user are the "Authenticated" and "Everybody".

If I, for an example, create a button that is only visible for "Writers", it is not visible at all. If I make it visible for "Authenticated", I can see it just fine.

Any way of debugging the given role a bit closer?

EDIT: I now re-did everything from scratch. Deleted web app, registration, enterprise app settings, user roles, the whole radzen website etc.
Again, I'm able to login just fine and it reports my user correctly but there's no role.
I now assigned the app role to both my user and a group I'm in, but still no role in the web app.

EDIT2: And yes, this is a .NET 5 Blazor, server-side app.

korchev · October 23, 2021, 6:27am

You can try creating a blazor app with Azure AD security enabled from the dotnet CLI and see if the roles are available there. If they are not then you probably have an Azure AD configuration problem.