Geek Answers Handbook

ASP.NET Authentication with Multiple Applications

therefore, our organization is developing some new web applications using asp.net mvc and web api. we decided not to use the active directory for authentication / authorization purposes, so it looks like asp.net authentication with an entity map might work.

looking at the database schema, I don’t see the application table, so we can have one central repository for user and application credentials. this is where the claim? how will it look like; user -> app -> role -> permissions

also one of our goals is also to provide users with single sign-on. Is this possible with new carrier tokens?

Thanks for any help you can provide.

+8
asp.net-mvc asp.net-web-api asp.net-identity single-sign-on
source share
3 answers

Take a look at this tutorial. It shows how to implement the ASP.NET identifier using the web API:

http://bitoftech.net/2015/01/21/asp-net-identity-2-with-asp-net-web-api-2-accounts-management/

As for a few applications. Two approaches that come to mind are as follows:

  • Add AppId to All Usernames
  • Add the AppId column to the AppId table, retrieve from the UserStore and re-implement Find based methods so that the AppId taken into account in queries

For # 1, when an application wants to create a new user, it will send a request to WebApi containing the new user information and AppId . WebApi will then combine UserName and AppId to create the fully qualified username that will be written to the database. So, if application 1234 wants to create a user with the username myuser , then WebApi will create a new user with the username myuser_1234 . From now on, when querying the database, you first take the UserName and AppId from the query, combine them and then query the database.

If another 9900 application wants to create myuser , then the final username written to the database will be myuser_9900 .

You can save the application data in a database and for each request check the AppId to make sure that you recognize the application before processing it.

I did not think about step number 2, so its just a suggestion.

If you want to share user credentials in several applications, you may ignore the above, switch to standard functionality and simply include all applications in one database so that all applications can access all users, regardless of which application the user was created .

UPDATE # 1: In this case, the carrier tokens can be used, and I think (from memory) the series of tutorials mentioned above affects this and how one WebApi can provide tokens for several applications.

+7
source share

Your users and their credentials are stored in the AspNetUser table, and the roles are in ASPNetRole , and AspNetUserRole serves as a table of connections between them to map users and roles. You can implement SSO (Single Sign On) by splitting these tables in your applications. Like every application, you will need to read these tables and roles and log in. But it would be better to create a central WebApi to handle user authentication and authorization.

Also, if you can change roles at runtime, then you have the idea of ​​permissions, you can create a custom table to store permissions, and then map the roles to permissions. And when the user logs in, just download all his permissions and save as claims. You can either serialize the entire role (with its list of permissions) or save it as one requirement. Or save each permission as an individual requirement, whichever suits you best.

+2
source share

For a single character on it, it is possible to share cookies or use a different session state, such as <sessionState mode="SQLServer"> or <sessionState mode="StateServer"> https://msdn.microsoft.com/en-us/library /ms178586(v=vs.140).aspx

-2
source share

More articles:


All Articles