0

I have two web applications. One is developed in MVC 5 and the second is developed in ASP.NET Core 3. Both websites hosted on different domains.

  1. mycmswebsite.com
  2. myshopwebsite.com

My user authentication module is on the shop website and I also store some values in session from the shop website that I need to access in the cms website.

I am planning to use a Distributed cache with SQL Server or Redis and also planning to use single sign-on using Oauth2.

What is the best practice to check if the user is authenticated on the shop website from the cms website and also access the data which are stored in the shop website?

I don't have much knowledge in Distributed cache techniques that can be shared across multiple applications.

Imrankhan
  • 157
  • 1
  • 8
  • Because your two services are deployed to different domains. After the user signed in, the only thing which remains his sign-in status is his cookies. But different domains means that the cookies can't pass through. So you need to deploy another OAuth service like `mygateway.com` which authenticates all users. But if you do so, it is very hard for `mycmswebsite.com` to check if the current user is already signed in in `mygateway.com`. I don't think that your expectation has a perfect solution. – Anduin Xue Dec 12 '19 at 07:39
  • I know this is a tricky thing but there should be some solutions. If I ignore the authentication but what about sharing the data using Distributed cache or session state management. I have an experienced session sharing between Asp.Net Web Forms and MVC 5 but Asp.Net core has a different mechanisms on session state. – Imrankhan Dec 12 '19 at 08:04

0 Answers0