Reputation: 43
MVC Forms Authentication for multiple systems
I don't have a lot of experience with MVC and am looking at a lot of authentication examples, which don't fit my needs.
I need to offer access to multiple systems from one MVC application. Each system manages it's own authentication and provides similar data (i.e. System X and System Y both provide a list of widgets). Further, a user can be logged into both System X and System Y and be able to view widgets from one or the other without being re-prompted for credentials.
My plan is to use a simple route {controller}/{action}/{systemName} (i.e. Widgets/Index/SystemX). The details are fuzzy but I think I need a custom AuthorizeAttribute and a SessionProvider. The SessionProvider would handle logging into a System, which returns a sessionID. This sessionID is used when I query data from each system. One of the most fuzzy details is the best way to store user info (SystemName, user, sessionId) for each System within the session. SessionState? Cookies? FormsAuthenticationTicket? Something else?
I'd love to leverage what's already in ASP.NET & MVC, but I don't need a database for users.
Any critiques or suggestions are welcome.
Upvotes: 0
Views: 1053
Answers (1)
Reputation: 7457
If SystemX and SystemY are different areas of the same application, you could potentially be better off using the Areas functionality of ASP.NET MVC. This allows you to partition an application into areas, which logically-related groups of controllers, views, models, etc.
- Walkthrough: Organizing an ASP.NET MVC Application using Areas
For example, a single large e-commerce application might be divided into areas that represent the storefront, product reviews, user account administration, and the purchasing system. Each area represents a separate function of the overall application.
Each area can have it's own web.config and authentication method (e.g. ASP.Net MVC 3 Areas and Mixed Mode Authentication) so this might help.
If SystemX and SystemY are essentially the same widget list functionality, but just for different clients, you might want to look at multi-tenancy in ASP.NET MVC.
Upvotes: 1
Related Questions
- ASP.NET MVC - Same authentication between two applications
- How to do Forms Authentication Across Applications in asp.net mvc
- Is there a good approach to combine Windows authentication and Forms authentication in ASP.NET MVC?
- Forms Authentication Shared Across Websites
- ASP.NET Forms Authentication between Applications with different form credentials
- Form authentication across multiple applications
- Shared authentication between two servers
- Mixing Windows and Forms Authentication in ASP.NET MVC
- .Net Forms Authentication
- Forms authentication on different hostings