Hello there,
We want to implement another .netcore project using an aspnetzero project's existing user, role and claims.
In other terms, we will have some side projects that represent some external modules of our zero project. And all of these projects users, role and claim mapping must be managed within the zero project. Is there any capability of aspnetzero framework which we should be using to satisfy this need?
we are thinking about identity server4 as the last option by delegating all user info to that server.
3 Answer(s)
-
0
Hello @enerjisauretim,
This is related with distributed systems and varies on use cases. It is kinda framework independent. If I understand correctly, you want to create other projects (in zero or not) and use the user store of your main application; passing claims to side projects. Roles are list of permissions, set on the main project. So passing roles won't make sense to other projects since resources you want to authorize are different. You will have to tweak your main app identity with roles having appname, permissions having appname; saving permissions of side projects to main app and cache them etc.
For authentication, using main app authentication scheme to authenticate your side app; use authorization as you like. Or using microsoft identity; you can use external login to your main application as default and register your users automatically if they're logging first time with a small tweak to your side app.
Keep on mind that aspnetzero is developed as monolithic. To adapt a distributed environment; you will need to manually tweak. Also, your use case can lead to many different paths which would require different solutions to overcome.
I hope it was helpful.
-
0
Thanks for the reply. When we switch to identity server and connected both main app and side projects to them, does roles and permissions are automatically stored to that identity server? i am unsure about it and had no time to make a demo project to test it.
-
0
@enerjisauretim, Every aspnetzero project has a built in identityserver host. It doesn't mean they are identityserver client. You will need to modify one of the projects as an identityserver client. And no, permissions or roles doesn't store in the project you set as identityserver host. Roles and permissions are project based; they keep their own roles and permissions.
