1

We have two separate ASP.NET MVC 5 apps, App A and App B, that have their own respective database which uses ASP.NET Identity for authentication.

We would like to have a separate app that acts as a central login for both apps. In other words, users would navigate to login.xyz.com to login with their username and password. Once they submit their login information, the app would check both databases for App A and App B to see which one they belong to. (Users will only ever be active in one db at a time). Depending on the db that they are found active in, we would then redirect them to the respective app app-a.xyz.com or app-b.xyz.com.

I'm not very familiar with ASP.NET Identity and honestly don't have much of a clue where to start. Any guidance or tips in the right direction would be much appreciated. I'm not looking for a full solution, just a good starting point. If I need to provide further information or clarification, please let me know.

Improve this question

4 Answers 4

Reset to default
3
+50
  1. Use login.xyz.com as your Identity Provider. BUT, what is Identity Provider? Identity Provider is a solution that contains rules and functionalities that will ensure that login/password is someone that have permissions to consume A or B;
  2. Into this Identity Provider, research something like JWT or JWT with refresh Token, the community have several solutions to resolve this with Asp.NET MVC;
  3. In the login.xyz.com create a logic to check what database user belongs and makes the correctly redirect;
  4. At A and B apps, use CORS to accept only request from login.xyz.com, and use Cookies or Token to transfer the authorization, research too about Authorization functionalities for Asp.NET MVC;

I think it's the basically guidance to start your development with your requirements.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

What I did was make a third database instance called "Authentication" Then you can change the "Default" connectionstring to that database, and set it up as the "Default for both apps. No middleware required.

Improve this answer

2 Comments

I thought about this approach but the problem with this is all of the foreign key relationships there are to the users. Splitting the users/identities out to a separate db seems like it would complicate this even more. I do appreciate the insight though.
A couple of approaches here. 1. this: mssqltips.com/sqlservertip/5919/… 2. Create a UserDetails Table in the Application databases that stores any "extra" data about the user, like cell phone number, time zone, etc. as long as you insure that all records in the "Authorization" database exist in the UserDetails in both applications, you should be golden.
1

I created some time ago a .Net authentication api where we needed to authenticate the same users across multiple MVC websites. The api had its own database with all the user identity tables in it (I would suggest migrating users from both db´s into a single db). Whenever a user logged in from a website, the website would first validate the client(the website) with grant type Client credentials and return a token that would allow the website to call the identification api with the user credentials aka token based authentication. For the token based authentication, we used Duende Identityserver. The authentication api is only responsible for authenticating the user. When the user is authenticated and return httpcode 200, the website signed the user in with "AspNetCore.Authentication" and "Security.Claims" and created a authentication cookie.

Maintaining users in two databases seems like overkill, but that is easy for me to say when I dont know your system. With an api like this, you can use it to authenticate anything.

Regarding the redirecting I would give each user a flag in the database to what website they belong to. If one user tries to login to A when it only belongs to B, then return a error code "Not found" and login was unsuccessful.

Improve this answer

Comments

0

You can use JWT authentication. Two project must have one token generator service. With one private key, will generate valid JWT data for both apps. In your authentication service you must to extract data from token and accept/decline request actions.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.