How to include user’s application roles in MVC frontend to Web-API backend calls using ADAL or other Katana mechanism

Nov 19, 2013 at 5:06 PM
I have two Azure projects: an ASP.NET MVC frontend app and a Web-API backend app. I would like to determine the frontend user’s roles only once during a session via Graph API calls to determine AD group membership, etc., Once the user’s application roles have been initially determined, I would like to pass them with the ADAL token in subsequent calls to Web-API methods. In particular I wish to avoid the expense of pre-computing application role membership (for filtering) each time a Web-API is invoked. Since role membership has already been computed in the MVC project, is there a way to simply include that membership info along with the ADAL-forwarded token? Or is there another better approach? THANKS!