I'm writing a WebAPI 2 application using the Azure B2C to provide OAuth 2 authentication, but I need to add some custom claims from the database so that the controllers have sufficient context to decide whether to allow access.
However, I'm having trouble finding an appropriate place to put this logic, I've tried
1. Adding an OWIN middleware component - issue is that the when this executes the context is not yet authenticated, so no use, can't see how I can control where in the pipeline I sit
2. Assigning a delegate to OpenIdConnectAuthenticationNotifications.SecurityTokenValidated - issue here is that although the ClaimsIdentity has been created and shows as authenticated, none of the claims have been assigned; also this seems to run once per authentication rather than request
There seems to be very little up to date documentation on this stuff
Paul
