From c24931f098e5f471b56ddf6fc145606bc1fb6a94 Mon Sep 17 00:00:00 2001
From: mikemao <mike.mao@nzfunds.co.nz>
Date: Wed, 11 Mar 2026 16:20:28 +1300
Subject: [PATCH 1/3] Refactor role claim retrieval to use identity-specific
 role claim type

---
 .../DefaultHttpTargetingContextAccessor.cs                    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs b/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
index f2fe6201..fa9aadc7 100644
--- a/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
+++ b/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
@@ -53,8 +53,8 @@ public ValueTask<TargetingContext> GetContextAsync()
 
             //
             // Treat claims of type Role as groups
-            IEnumerable<string> groups = httpContext.User.Claims
-                .Where(c => c.Type == ClaimTypes.Role)
+            IEnumerable<string> groups = httpContext.User.Identities
+                .SelectMany(identity => identity.Claims.Where(c => c.Type == identity.RoleClaimType))
                 .Select(c => c.Value)
                 .ToList();
 

From 6dd513050fe195da15b3a86598ba5b63b788874c Mon Sep 17 00:00:00 2001
From: Mike Mao <zyofeng@msn.com>
Date: Fri, 13 Mar 2026 08:38:43 +1300
Subject: [PATCH 2/3] Apply suggestion from @rossgrambo

Co-authored-by: Ross Grambo <rossgrambo@microsoft.com>
---
 .../DefaultHttpTargetingContextAccessor.cs                       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs b/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
index fa9aadc7..338da601 100644
--- a/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
+++ b/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
@@ -56,6 +56,7 @@ public ValueTask<TargetingContext> GetContextAsync()
             IEnumerable<string> groups = httpContext.User.Identities
                 .SelectMany(identity => identity.Claims.Where(c => c.Type == identity.RoleClaimType))
                 .Select(c => c.Value)
+                .Distinct()
                 .ToList();
 
             TargetingContext targetingContext = new TargetingContext

From a99f6e0b9952c61c511738f084a94a2b6b062edb Mon Sep 17 00:00:00 2001
From: Ross Grambo <rossgrambo@microsoft.com>
Date: Mon, 16 Mar 2026 15:09:13 -0700
Subject: [PATCH 3/3] Apply suggestion from @zyofeng

Co-authored-by: Mike Mao <zyofeng@msn.com>
---
 .../DefaultHttpTargetingContextAccessor.cs                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs b/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
index 338da601..11da253b 100644
--- a/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
+++ b/src/Microsoft.FeatureManagement.AspNetCore/DefaultHttpTargetingContextAccessor.cs
@@ -54,7 +54,7 @@ public ValueTask<TargetingContext> GetContextAsync()
             //
             // Treat claims of type Role as groups
             IEnumerable<string> groups = httpContext.User.Identities
-                .SelectMany(identity => identity.Claims.Where(c => c.Type == identity.RoleClaimType))
+                .SelectMany(identity => identity.Claims.Where(c => c.Type == identity.RoleClaimType || c.Type == ClaimTypes.Role))
                 .Select(c => c.Value)
                 .Distinct()
                 .ToList();