0

I have an Owin-based MVC application which uses my web api to provide many functionalities. At the moment the user should login to both of them separately (using ajax calls, at the login page I do the login for web api and receive the token as well), but both use the same table, so there is only one place to store the user information.

Unfortunately other MVC applications are using separate username and passwords and are not using the mentioned api. As now I should create a new MVC app which is again the same domain I am looking for a way to use a single username and password (managed by one main MVC app) for whatever reason it's needed, i.e., all the MVC apps and the web APIs use the same username and password, and therefore for example I can use the [Authorize] attribute or roles, ... in all of them.

Is there any known solution for this? Does Creating an OAuth authorization server suit this problem?

Mohsen Kamrani
  • 7,177
  • 5
  • 42
  • 66
  • sorry but why cant every application call you web api for authentication/authorization purposes and then do their own thing? – CodingYoshi Nov 28 '16 at 03:02
  • @CodingYoshi They obviously can, but the question is how should all of them be authorized with the same credentials? – Mohsen Kamrani Nov 28 '16 at 03:11
  • Check this out https://github.com/WinLwinOoNet/AspNetMvcActiveDirectoryOwin. You can tweak it I am sure so it calls your backend database instead of AD. – CodingYoshi Nov 28 '16 at 03:16

1 Answers1

0

Implementing Single-Sign on using OpenID Connect on top of OAuth2 fits your requirement. checkout identityServer3 or identityServer4 if you are using .net core.

basically, you will need to setup a shared STS authority, and all your applications will use this authority to validate a requests using a OWIN middleware to check for token validity.

On first login, The STS authority will issue a token for the user, and you will need to manage through your front-end/back-end code, re-using the token when navigating across multiple applications/domains.

C# ASP.NET Single Sign-On Implementation

Community
  • 1
  • 1
sm_
  • 2,572
  • 2
  • 17
  • 34