8

I'm about to implement a web application (back office for an existing app.) using the ASP.NET Core framework. At the moment I'm thinking about on how will I authenticate the user. The main database is using MySQL (not supported on this framework), so I will access the database troughout an existing PHP SOAP API.

Is there any way to implement a token based (OAuth) authentication knowing that the data access will be done trough a SOAP API ?

Leonardo Herrera
  • 8,388
  • 5
  • 36
  • 66
Ricardo Mota
  • 1,194
  • 2
  • 12
  • 25
  • 1
    MySQL is supported in .NET framework. In this case your question is duplicate http://stackoverflow.com/questions/12620922/using-simple-membership-provider-with-mysql A google search yields a lot of tutorials about that http://www.asp.net/identity/overview/extensibility/implementing-a-custom-mysql-aspnet-identity-storage-provider and http://www.asp.net/identity/overview/getting-started/aspnet-identity-using-mysql-storage-with-an-entityframework-mysql-provider –  Mar 07 '16 at 13:44
  • 3
    With all due respect I do not understand why give this post a downvote. Anyway. MySQL is supported in .NET but at the moment it is not suported in the .NET 5 Core version. The link you have posted is not about this version of the framework. – Ricardo Mota Mar 07 '16 at 13:46
  • 2
    Are you trying to implement the new `Identity` framework? I went through something similar (implementing `Identity` on top of an existing database with existing user tables and stored procedures) myself not too long ago. As long as you implement the main `Identity` interfaces, how the methods persist data doesn't matter. – mituw16 Mar 07 '16 at 13:47
  • So lets say I implement all the IUserStore Interfaces (http://media-www-asp.azureedge.net/media/4915836/iuserstore.png) will I be able to provide token authentication? Thank you for your reply. – Ricardo Mota Mar 07 '16 at 13:56
  • @RicardoRacciore ASP.NET Identity 3/Core doesn't natively support token authentication because ASP.NET 5/Core doesn't offer an authorization server middleware like Katana did. You can read http://stackoverflow.com/q/30768015/542757 and http://stackoverflow.com/a/34909274/542757 for more information about the alternatives you can use. – Kévin Chalet Mar 07 '16 at 14:28
  • 2
    Very intriguing question! This is more about creating an authorization middleware more than anything else, but still (MySQL is very tangencial to the question.) – Leonardo Herrera Mar 08 '16 at 12:58

1 Answers1

1

You can take a look IdentityServer3 in combination with the default OpenID middleware. You can completely separate the authentication logic from your application. Your application will trust the tokens generated by the identity server. The same as signin in with facebook/google/linkedin accounts etc.. using your own secure ticket provider. Identity Server supports customization so you can use the datastore of your choice. It is also possible to use your identity server for a various set of applications as long as they are "known" by your identity server. Definitely worth the investigation if you ask me.

https://github.com/IdentityServer/IdentityServer3

Sander Driesen
  • 41
  • 7