How to setup Windows AD authentication in Blazor Server on .NET 9?

I have a Blazor Server (using .NET 9 Blazor web app template with render mode set to server). I want to set Windows AD authentication, but it always outputs a null username on the user page, and no roles as well. I am part of domain though.

If I use

var user = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

then I was able to get the user name. But I also need to be able to get the roles of the user.

What am I missing in my code shown below?

Program.cs:

var builder = WebApplication.CreateBuilder(args);builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)    .AddNegotiate();builder.Services.AddAuthorization(options =>{    options.AddPolicy("AdminsOnly", policy =>        policy.RequireRole("DOMAIN\\AdminGroup"));});// Add services to the container.builder.Services.AddRazorComponents().AddInteractiveServerComponents();builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();var app = builder.Build();// Configure the HTTP request pipeline.if (!app.Environment.IsDevelopment()){    app.UseExceptionHandler("/Error");    app.UseHsts();}app.UseHttpsRedirection();app.UseStaticFiles();app.UseAntiforgery();app.UseAuthentication();app.UseAuthorization();app.MapRazorComponents<App>()    .AddInteractiveServerRenderMode();app.Run();

User page

@page "/user"@using Microsoft.AspNetCore.Authorization@using Microsoft.AspNetCore.Components.Authorization@using System.Security.Claims@inject AuthenticationStateProvider AuthenticationStateProvider<h3>User Information</h3>@if (user != null){<p>Username: @user.Identity.Name</p><ul>        @foreach (var claim in user.Claims)        {<li>@claim.Type: @claim.Value</li>        }</ul>}else{<p>Loading...</p>}@code {    private ClaimsPrincipal? user;    protected override async Task OnInitializedAsync()    {        var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();        user = authState.User;        var username = user.Identity?.Name;        var roles = user.Claims.Where(c => c.Type == ClaimTypes.Role);        Console.WriteLine("Roles: " + string.Join(", ", roles.Select(r => r.Value)));    }}

LaunchSettings.json:

{"$schema": "http://json.schemastore.org/launchsettings.json","iisSettings": {"windowsAuthentication": true,"anonymousAuthentication": false,"iisExpress": {"applicationUrl": "http://localhost:28505","sslPort": 44325    }  },"profiles": {"http": {"commandName": "Project","dotnetRunMessages": true,"launchBrowser": true,"applicationUrl": "http://localhost:5050","environmentVariables": {"ASPNETCORE_ENVIRONMENT": "Development"      },"windowsAuthentication": true,"anonymousAuthentication": false    },"https": {"commandName": "Project","dotnetRunMessages": true,"launchBrowser": true,"applicationUrl": "https://localhost:7150;http://localhost:5050","environmentVariables": {"ASPNETCORE_ENVIRONMENT": "Development"      },"windowsAuthentication": true,"anonymousAuthentication": false    },"IIS Express": {"commandName": "IISExpress","launchBrowser": true,"environmentVariables": {"ASPNETCORE_ENVIRONMENT": "Development"      },"windowsAuthentication": true,"anonymousAuthentication": false    }  }}