3

I'm new to MVC and currently working with MVC6 (EF7, Identity3, VS2015)...

I would like create two different/independent WebApps in one company domain (in different sub domains).

I would like use common/shared identity/login system for both Apps - in different words I would allow user to have one account across both Apps.

I do not have option for domain authentication (the company doesn't use the domain - I know it's weird), so I must? use Individual User Accounts...

What is the best way/practice to create and use common user account across multiple apps ?

In first place I thought about creating two different DBContext in both App: one for Identity (Users DB) and second for App-Related Db...

Such an approach would give me three different databases:

  • IdentityDb - common for both WebApps,
  • App1Db
  • App2Db

However I have doubts if it's good practice and the best way ?

Probably will be enough one DBContext with proper configuration, but I don't have idea where I should start.

I have read about SSO (Single Sign On) - but as far I understand it's about Authentication process, so it's little bit later - so I'm not sure about this direction.

Anyway can't find example how to create common user account/profile across multiple apps.


UPDATE:

My original question is probably too open... I would like ask not only 'what to do' but also 'how to do in MVC6'...

So my additional question is: how can I achieve this in MVC6? What I have to do? Perhaps some example?

If I decide for a separate User DB - then from the point of view of the application I will have two DB? What to do with this in code? Should I create two separate DBContexts - or just one?

Also I have read few opinion here on SO, that using only one DbContext is better and simpler option...

Anyway I have try yesterday works with 2x DBContext - everything works when I create new controller for IdentityDbContext, but I have error when trying create any controller for second DBContext (not associated with Identity)...

(I've put description of this error to new question: MVC6 Working with two DBContexts and error when create new controller)


Thanks in advance for any advice :)

Community
  • 1
  • 1
Lukasz Mk
  • 7,000
  • 2
  • 27
  • 41

2 Answers2

1

In previous version of ASP.NET Identity (2) sharing identity cookie across subdomains was the sloution. I'm not sure about ver 3 but you can test it:

change Identity config in Configure method of Startup class:

services.AddIdentity<ApplicationUser, IdentityRole>(config =>
    {
        config.Cookies.ApplicationCookie.CookieDomain = ".domain.com";
    })
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();
Mohsen Esmailpour
  • 11,224
  • 3
  • 45
  • 66
  • Thank you for your answer. However it's not solution in my case (?). Sharing cookie will be part of the solution but little later, – Lukasz Mk Apr 03 '16 at 10:30
  • Sharing cookie allow me to exchange authentication data and it's used in (and after) authentication process. My question is little bit earlier - how (where) to create common (only one) user database using identity... In other words I would like store all information about user in one place (only once and avoid duplication) across all apps. – Lukasz Mk Apr 03 '16 at 10:39
  • 2
    The simplest solution is sharing `identity db`. – Mohsen Esmailpour Apr 03 '16 at 10:54
  • Yes, and it's my question originally - how to do this in MVC? I've try created two DBContext one for IdentityDB and second for AppDB, but after that Identity works fine, however I have errors during creation new controller (using built-in creator). I'm out of my pc, so can't copy exactly error, but it's related to identity users - it's strange for me because this second DbContext is not related to identity (maybe should be)? Anyway I have read few opinion here on SO, that using only one DbContext is better and simpler option. So I wondering how to share IdentityDb? – Lukasz Mk Apr 03 '16 at 11:08
1

The answer to your question if having three databases is the best way, is: It depends.

The answer to wether or not this is a good practice is irrelevant.

Let me elaborate.

The notion of every app having its dedicated database stems from old fashioned thinking. Big enterprise architectures are made up of all kinds of persistence storages, each chosen to do what it can do best. So it has nothing to do with good practices. You should store the data where it is suited best. Have a look at Domain Driven Design and Bounded Contexts in particular to get a better understanding of what I am talking about.

So the question if you need three databases, if in your particular situation this is the best option, then that is what you should do. To make this answer complete I' ll describe our situation. We have an old user database with users in it. We can't get rid of it untill all web apps have been phased out. To minimize the effect it has on our customers. So for our new web apps we only use this old database for the users and use azure storage for everything else we need to store. In other words, conceptually our situation is like what you describe. A seperate storage for the users that all other web apps use.

sounds like a good solution to the problem to you?

Update As to MVC6, Identity Server 3 specific. ID server 3 has the ability to use custom User Service which allowes you to couple any user storage you want. Here are the details: https://identityserver.github.io/Documentation/docs/advanced/userService.html. This is exactly what we have done.

As for your other question; we will put the users in Azure Table Storage probably and retrieve it from there via IdentityServer4 when all old apps are gone. Right now there is nothing left in the legacy MySQL DB but users for us. But there are some old apps still using it, so...

Does this answer your questions?

Danny van der Kraan
  • 5,344
  • 6
  • 31
  • 41
  • Thank you for your answer :) Let me ask... So what then ? What you plan when you will have all web apps phased out ? You will still have users in separate DB or you intend to change this ? – Lukasz Mk Apr 04 '16 at 13:26
  • Your opinion is helpful (it gives me a some point of view), but still does not answer my question as to exactly do in MVC? (But it's my fault - I asked the wrong question.) – Lukasz Mk Apr 04 '16 at 13:35
  • You are genius! Thank you. IdentityServer is the missing part of my puzzle. – Lukasz Mk Apr 04 '16 at 14:44