Last post Nov 06, 2013 12:19 PM by BrockAllen
Nov 06, 2013 09:48 AM|PatrickSchaller|LINK
I am in process of setting up my 1st MVC Web App. I know I need to provide a Forms Based Authentication model as well as I know I will be reusing it for multiple other internal web apps as well.
All the documentation for MVC 5 Authentication, which I believe is all based on OWIN stuff, have it "baked" into a single web app using EF Code First no less.
What I am trying is to have an another Web App that I strip everything out of except for the Account stuff and then try to "point" my web apps Authentication to that and have it return a "token", I'm guessing, of my Authenticated User and his/her "Roles".
Am I on the right track? Am I WAY over complicating this? I'm new to Web Development but this seems like a fairly reasonable and straightforward request. Dumbfounded that I can't find it anywhere.
Nov 06, 2013 10:13 AM|BrockAllen|LINK
Not sure if this will help, but the OWIN cookue authentication middleware is a different moving part from the ASP.NET Identity framework tha manages the database of identity info. These posts might help (but i'm sure they're more info that what you're looking
Nov 06, 2013 10:36 AM|PatrickSchaller|LINK
That's kind of funny, I read your first link right before I posted....
They are both quite informative and maybe I'm being a little dense but where I'm really stuck is setting it up in a way that allows multiple MVC 5 Web Apps to utilize the same DB's and code.
Nov 06, 2013 10:47 AM|BrockAllen|LINK
Well, it all depends what your real requirements are. If you have an external application that issues token to your main app, then this is typically clled federation and there are security protocols to issue the token and accept/trust the token. WS-Federation
is the main protocol for this, but there are others (OpenID Connect, for example). So it's not a trivial exercise.
Nov 06, 2013 10:52 AM|PatrickSchaller|LINK
I read, and considered, setting up an internal OpenID Provider to accomplish this but it seems overkill. My apps are all Internal only and the Identity Framework stuff meets our needs. I just need to know how to have App1 and App2 both use the same DB's
and preferably the same Logic without me having to copy/paste from App1 to App2.
Nov 06, 2013 12:19 PM|BrockAllen|LINK
So either code to each to have a login screen and they just point to the same DB. Or, code one to have the login screen and configure the cookie to be shared across each app. This configuration depends upon where each app is deployed (same host/machine,
etc). I'd google for sharing forms auth cookie to get an idea on how to do this, and it involved sync'ing the <machineKey> elements across the two apps.