We have an ASP.NET Core MVC application and want to migrate from on-premise Active Directory to Microsoft Entra ID. Authentication works without any issues, but Authorization does not.
Currently, we use [Authorize(Roles = "GroupX")] or HttpContext.User.IsInRole("GroupX") to check if a user is in a certain group. These groups are security groups in Entra ID.
I replaced
builder.Services
.AddAuthentication(IISDefaults.AuthenticationScheme)
with
builder.Services
.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration)
But the user gets redirected to /Account/AccessDenied even when they are assigned to the group.
I also noticed that HttpContext.User.Claims is missing all the roles/groups.