public async Task <ClaimsIdentity> GenerateUserIdentityAsync(UserManager <ApplicationUser> manager) { // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie); if (Organization != null) { userIdentity.AddTenantIdClaim(Organization.TenantId); } if (O365UserId != null) { userIdentity.AddObjectIdentifierClaim(O365UserId); } if (FirstName.IsNotNullAndEmpty()) { userIdentity.AddClaim(ClaimTypes.GivenName, FirstName); } if (LastName.IsNotNullAndEmpty()) { userIdentity.AddClaim(ClaimTypes.Surname, LastName); } var roles = await manager.GetRolesAsync(Id); foreach (var role in roles) { userIdentity.AddClaim(ClaimTypes.Role, role); } return(userIdentity); }