ASP.NET Identity with multiple applications

asp.net-mvc asp.net-web-api single-sign-on asp.net-identity
12,250

Solution 1

Take a look at this tutorial. It shows how to implement ASP.NET Identity using Web API:

http://bitoftech.net/2015/01/21/asp-net-identity-2-with-asp-net-web-api-2-accounts-management/

As for dealing with multiple applications. Two approaches that come to mind are:

  1. Append an AppId to all usernames
  2. Add an AppId column to AspNetUsers table, derive from UserStore and re-implement the Find based methods so the queries take into account the AppId

For #1 when the application wants to create a new user it would send a request to the WebApi containing the new user information and an AppId. The WebApi would then concatenate the UserName and AppId to create the complete username that will be written to the database. So, if application 1234 wants to create a user with the username myuser, then the WebApi will create a new user with the username myuser_1234. From that point on when querying the database you would first take the UserName and AppId from the request, concatenate them and then query the database.

If another application 9900 wants to create a myuser, then the final username written to the database would be myuser_9900.

You may want to store the application details in the database and for every request validate the AppId to ensure that you recognise the application before processing its request.

I've not thought much of step #2, so its just a suggestion.

If you wanted to share the user credentials across multiple applications, then you could probably ignore the above, go with standard functionality and just have all applications point to the same database therefore allowing all applications to access all users regardless of which application created which user.

UPDATE #1: In this instance bearer tokens could be used and I think (going from memory) the tutorial series mentioned above touches on this and how a single WebApi can provide tokens for multiple applications.

Solution 2

Your users and their credentials are stored in AspNetUser table and Roles are in ASPNetRole while AspNetUserRole serves as junction table between the two to map users and roles. You can implement SSO (Single Sign On) by sharing these tables in your applications. Like each application will need to read these tables and roles and login users. But a better approach would be to create a central WebApi to handle user authentication and authorization.

Also if you Roles can be changed at run time then you have idea of Permissions, You can create a custom Table for storing permissions and then map Roles to Permissions. And when user logs-in just load all his permissions and store as claims. You can either serialize whole Role (with its permission list) and Store it as one claim. Or store each permission as individual claim whichever suits you best.

Share:
12,250
Marco
Author by

Marco

Updated on July 26, 2022

Comments

  • Marco
    Marco almost 2 years

    so our organization is developing some new web apps using asp.net mvc and web api. we decided to not use active directory for authentication/authorization purposes so it looks like asp.net identity with entity framework might work.

    looking at the database schema i don't see an applications table so we can have one central repository for user credentials and application access. is this where claims come in? how would that look; user -> app -> role -> permissions

    also, one of our goals is to also provide users with single sign on. is this possible with the new bearer tokens?

    thanks for any help you can provide

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to extend IdentityUser with custom property
ASP.NET (OWIN) Identity: How to get UserID from a Web API controller?
How can I get a users role inside a WebAPI method without a lookup to the AspNetUserRoles table?
.net core 2.1 VS 2017 basic web api throwing "this site can't be reached"
Can I pass an interface based object to an MVC 4 WebApi POST?
Web Api Custom Authorize Attribute Properties
How to Get User IP in ASP.NET MVC API Controller
How to implement two factor auth in Web API 2 using ASP.NET identity?
web api model binding to an interface
How can customize Asp.net Identity 2 username already taken validation message?