I initially setup my web app to use asp.net identity so my database had the necessary AspnetUsers, AspnetRoles, AspnetUserClaims tables, etc, etc.
After changing the model to use single sign on (Azure active directory) data migrations removed all the above tables and created just one UserTokenCaches table.
Is this correct behaviour ? I will obviously need to be able to restrict access to parts of my app depending on the role of the authenticated user (RBAC), so will I have to provide my own mechanisms for this (tables & code) ? I was hoping i could have used parts of standard identiy to track what users could do without having to write too much of this stuff myself
