Azure AD身份验证和授权

我正在开发Asp.net MVC项目，该应用程序从Azure AD进行身份验证，但存在基于角色的授权问题，操作未在角色组中授权。我把我的代码放在这里，请检查并帮助我。联系操作未授权，我创建了安全类型的Operator1组并分配给用户公共分部类启动{私有静态字符串clientId＝ConfigurationManager.AppSettings["ida:clientId"]；private静态字符串appKey＝ConfigurationManager.AppSettings["ida:ClientSecret"]；私有静态字符串aadInstance=EnsureTrailingFlash(ConfigurationManager.AppSettings["ida:aadInstance["](；私有静态字符串tenantId=ConfigurationManager.AppSettings["ida:tenantId"]；private静态字符串postLogoutRedirectUri=ConfigurationManager.AppSettings["ida:PostLogoutRediirectUri"]；

公共静态只读字符串Authority=aadInstance+tenantId；

//这是AAD Graph API的资源ID。我们需要它来请求一个令牌来调用Graph API。字符串graphResourceId＝"；https://graph.windows.net"；

public void ConfigureAuth(IAppBuilder应用程序({ApplicationDbContext db=新建ApplicationDbContext((；

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions {
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications() {
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) => {
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId).Result;
return Task.FromResult(0);
}
}
});

}}