I am working on a app for variety of users(like Student,Teacher,Institute Admin etc),but now I brake the whole app into user specific web application and think to have to have one centralized login system .
My project contains a Web API project and other MVC web applications.For use management I use Asp.net core Identity.
Previously I generate JWT for authenticated users from API and store in cookie .and pass the token in request header for each request,and
[
^]Use cookie authentication without ASP.NET Core Identity for web application for authentication purpose .
To add SSO functionality among application,I read
[
^]Share authentication cookies among ASP.NET apps and understand the mechanism.But I not able to figure how to share the JWT among other applications.
Please share valuable thoughts,or advice me a better approach .
What I have tried:
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
//AllowRefresh = true,
//ExpiresUtc = DateTimeOffset.Now.AddDays(1),
//IsPersistent = true,
};
Response.Cookies.Delete("access_token");
Response.Cookies.Delete("refreshToken");
Response.Cookies.Append("access_token", access_token);
Response.Cookies.Append("refreshToken", refreshToken);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);
Currently I use above code to store access_token in cookies,and HttpContext.SignInAsync to cookie authentication .