Exposing ASP.NET Identity Services in DDD

Question

We are developing a DDD based application developed using ASP.NET MVC, C# and EF6. It has been decided to implement the Authentication and Authorization using ASP.NET Identity Service... I have a few doubts regarding that;

• Under which category does Authentication / Authorization service comes. Is it Application, Domain or Infrastructure service?

• My understanding is we should create a separate DBContext for Authentication / Authorization. Is my understanding correct?

Can any one guide me to a good sample implementation?

Answer 1

I would guess that user management is a different bounded context and that using Authentication & authorization mechanism by some framework in all other bounded context would be an infrastructure responsibility.

Of course you should have an application service interface to authenticate users before driving out some domain logic. That interface implementation would be in the infrastructure (the ASP.NET identity Service)

Answer 2

1. I'd say it is Application layer, though this is arguable and what difference does it make? Don't go into Architecture Austronancy and just do it. Auth can be part of domain ("Only Users with Update permissions can change product details", etc.), but it can be insignificant.

2. Yes you can do a separate DbContext, but you don't have to do it. We used to have all in one massive context, but this proven to be too much and difficult to work with and we are now splitting DbContexts into slices, including Identity DbContext.