Information:
What is your product version? 10.3 What is your product type (Angular or MVC)? Angular What is product framework type (.net framework or .net core)? ASP.Net Code Which theme are you using? Default
Question - How to integrate Siteminder authentication with ASP.NET ZERO for authentication whereas authorization should continue to be used from ASP.NET ZERO?
Currently, our application will be protected by siteminder for user authentication and all login and password related pages will be served from siteminder itself. Once user gets authenticated in the siteminder it will be redirected to our application. We will get the logged in user id from the siteminder in the header. With this context, how do we bypass the user authentication process implemented in ASP.NET Zero.
Login and related pages should not be served from ASP.NET Zero. If we get the user id from siteminder header should assume that user is authenticated.
There shouldn't be any user authentication takes place which as there will be no password stored in ASP.NET ZERO database. We will not have a password to pass in following method as we don’t want to authenticate. public async Task<AuthenticateResultModel> Authenticate([FromBody] AuthenticateModel model) { var loginResult = await GetLoginResultAsync( model.UserNameOrEmailAddress, model.Password, GetTenancyNameOrNull() ); }
Once we get siteminder header with user id, rest of the process for authorizations and permissions should continue to work as it is with ASP.NET ZERO.
ABP Login manager code is not available in code download.
1 Answer(s)
-
0
Hi,
If siteminder supports OpenID Connect, you can get OIDC settings from siteminder and configure it in the appsettings.json file. In that way, on the login page, user can click the OIDC login button and login via siteminder.
