Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Multiple application with shared Authentication #3879


User avatar
0
zokho created

Hi All, I am proposing a migration plan for 20 different applications using ABP framework. One of the biggest deal is that we need to have one authentication/authorisation service for all the apps. Any idea if I can use existing templates provided by ABP Framework to achieve it?


6 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Authentication can be single if you use one of the application as IdentityServer and others as open id connect clients. But the authorization part (assigning permissions to users) will be in seperated db for every application. Is that what you want? If not, can you write a bit more details for the scenario you want.

  • User Avatar
    0
    zokho created

    Hey Ibrahim, Thanks for your response. Yes that is exactly what I am looking for. Just not quite sure how to break the existing Authentication and Authorisation functions and entities into 2 or more pieces? Besides that, I was thinking of having one unified admin area to manage users and roles and other bits related... So perhaps my first wonder is if I can use the template that ASP Zero provides or I need to do it all from the scratch?

  • User Avatar
    0
    zokho created

    Any further update on this ticket?

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    You want to manage all users, their roles and permissions in a central application. That's not something easy to implement. Every application has their unique permission types and different databases. There can be different scenarios to implement it, but that's not something I can describe it before spending significiant time & effort to analyse and design it. ABP is open source so you can check code and understand where you can hook your logic. A few good places to start:

    1. This is the central point where all permission checks goes: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.ZeroCore/Authorization/PermissionChecker.cs#L46">https://github.com/aspnetboilerplate/as ... ker.cs#L46</a> It currently simply queries it from UserManager (<a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.ZeroCore/Authorization/Users/AbpUserManager.cs#L147">https://github.com/aspnetboilerplate/as ... er.cs#L147</a>) which then queries from permission repository (local AbpPermissions table in db) with caching.

    2. AspNet Zero also uses UserManager to set permission of a user.

    So, you can (theorically) override needed methods here and do whatever you want (example: Call a remote service of application X to manage permissions of application X).

  • User Avatar
    0
    zokho created

    Thanks Ibrahim. Is it possible to use multi tenancy enabled for my case and treat each application as a separate tenant? If yes, then I would have one Admin area per tenant, right? Do you recommend having multiple applications combined into one solution? All of these applications kind of communicate to each other.

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    Is it possible to use multi tenancy enabled for my case and treat each application as a separate tenant?

    I never thought an application as a tenant. I don't know if you need multitenancy for your applications, but multitenancy is not for that.

    Do you recommend having multiple applications combined into one solution

    Depending on your requirements and skills, that can be an option for faster development and easier integration.