We have a server with support for 5-10 internal ASP.NET applications (MVC), operating in separate application pools, as separate websites (on different ports and / or subdomains). I don't know anything about the built-in ASP.NET authentication platform, so I was wondering if anyone could add me a quick pointer in the right direction ...
I want to protect all internal applications through one login mechanism (supporting 3-5 different roles, nothing complicated). This login system will be another application / website running on the server, and to access any other application, it is necessary to authenticate through one login system, and the target application should be able to see the user role. Internal applications will be changed at the code level to connect to this new login system (in other words, we will change the current applications to support authentication).
The thing is that I do not want each application to have its own login / authentication mechanism, but rather use a more "global" authentication system (all on one server). I'm not looking for anything complicated (just a company of 15-25 employees, 3-5 departments - each user should be associated with a department (role) based on his login - and each application will be configured to show the user the corresponding data based on his roles).
Question: how to make the user authentication status visible in all different applications (in different assemblies and works separately)?
Do I need to use forms authentication? Or something in Spring.NET?
Ruslan
source share