Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Web.Host & Web.Public share same users? #3549


User avatar
0
bilalhaidar created

Hello, I configured both Web.Host and Web.Public to run at the same time in VS 2017.

Each website runs on its own Port.

When I click Login on the Public website, I am redirected to the Login page of the Web.Host.

In VS 2017, they are two websites or apps, possible they will be hosted separately.

How does it work to authenticate the public website using the Web.Host app? Can those 2 websites share sessions/cookies? I am lost a bit here.

Thanks


8 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Both sites does not share cookies. We applied a bit tricky method to login user on public website from admin website.

    When a user wants to login on public website, we redirect user to admin, then user logs in on admin website. After that, we set a unique value on user entity and redirect to public website with this value. Public website finds the user with this unique value and automatically logs in that user on public website.

    Thanks.

  • User Avatar
    0
    bilalhaidar created

    Great. CN you show me source code where you add that unique key and how the public website retrieves them? *I appreciate it

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    I don't remember the places exactly at the moment but you can search for SignInToken (it is a field on User entity) keyword to see those fields. Let me know if you cannot find it.

    Thanks.

  • User Avatar
    0
    bilalhaidar created

    So based on the SignInToken, the public website generate a valid ASP.NET Authentication Ticket based on the value contained in SignInToken?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Actually, SignInToken on user entity is only used for comparison here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Public/Controllers/AccountController.cs#L48">https://github.com/aspnetzero/aspnet-ze ... ler.cs#L48</a>

    If the token sent from admin website matches the one on user entity, we log the user in.

    Thanks.

  • User Avatar
    0
    bilalhaidar created

    Great. Thanks.

    So in the public website you just wait for this token. You validate it against DB and then accordingly issue the authentication ticket manually.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Yes, exactly.

  • User Avatar
    0
    bilalhaidar created

    Thanks