DEVHIDE
Login Or Sign up

Identity user .net 4.6 and .net core 2.2

181 Views Asked by At

I have the following scenario: A .net 4.6 web forms application is running in the f.e. domain.com and users register and login using identity 2.2. There are some admin users that have the Role of Administrator. There is also a subdomain f.e. admin.domain.com, made in .net core 2.2 and now I want the Administrator users only to have access in the subdomain.

What I did:

  • First try was to generate a link like admin.domain.com?email=<hashed email>&datetime=<hashed datetime> and displaying this link to Admin users in domain in order to jump in the subdomain. Then in the subdomain I tried to read the querystring and determine if the user is authorized to have access to subdomain. In this approach I had many problems and I don't think this is the right solution.
  • My second approach was to use the Identity user to the subdomain as well, but I realized that the 2 Identities (.NET Framework 4.6 and Core 2.2) are different and I didn't managed to make it work, for example I need the already logged in user in the domain to be authorized in the subdomain automatically. Additionally the subdomain doesn't have any registration procedure, this only exists in the domain.com

I wonder if there is a robust solution to my problem with the 2 identities, at the moment I need to keep at least the identity 2.2 in the domain.com.

Thanks in advance!

asp.net-identity asp.net-core-2.2 asp.net-4.6
Original Q&A
1

There are 1 best solutions below

2
On

If you want to give the second approach a shot, try using the asp.net ticket bridge from this github repository. I used it to facilitate sharing a single identity between asp.net core and web forms authentication - just remember to sync the encryption keys... Hope this helps!

You will need to create your own 'ISecureDataFormat' implementation: 

public class OWINAuthenticationDataFormat<TData> : ISecureDataFormat<TData>
    where TData : AuthenticationTicket
{
    public OWINAuthenticationOptions Options { get; set; }

   ...
    public string Protect(TData data)
    {
        return Protect(data, null);
    }
    ..
    public string Protect(TData data, string purpose)
    {
        string decryptionKey = Options.DecryptionKey;
        string validation = Options.ValidationMethod;
        string validationKey = Options.ValidationKey;
        string decryption = Options.EncryptionMethod;

        var claimsIdentity = data.Principal.Identity as ClaimsIdentity;
        var authTicket = new OwinAuthenticationTicket(claimsIdentity, data.Properties);

        // Encrypt the token
         return MachineKeyTicketProtector.ProtectCookie(authTicket, decryptionKey, validationKey, decryption, validation);
    }
    ...
    public TData Unprotect(string protectedText)
    {
        return Unprotect(protectedText, null);

    }
  ...
    public TData Unprotect(string protectedText, string purpose)
    {
        string decryptionKey = Options.DecryptionKey;
        string validation = Options.ValidationMethod;
        string validationKey = Options.ValidationKey;
        string decryption = Options.EncryptionMethod;
        // Decrypt the token
        var ticket = MachineKeyTicketUnprotector.UnprotectCookie(protectedText, decryptionKey, validationKey, decryption, validation);

        return new AuthenticationTicket(new System.Security.Claims.ClaimsPrincipal(ticket.Identity), ticket.Properties, "") as TData;
    }
}

After that, use that when adding cookie authentication (still in asp.net core app): 

.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, opts =>
        {
            opts.Cookie = new CookieBuilder()
            {
                Domain = CookieDomain,
                Name = CookieName,
                Path = CookiePath,
                SecurePolicy = CookieSecurePolicy.Always
            };


            opts.TicketDataFormat = new OWINAuthenticationDataFormat<AuthenticationTicket>()
            {
                Options = new OWINAuthenticationOptions()
                {
                    DecryptionKey = DecryptionKey,
                    EncryptionMethod = DecryptionAlgorithm,
                    ValidationKey = ValidationKey,
                    ValidationMethod = ValidationAlgorithm
                }
            };
        });

Remember to use the same signing keys and algorithms in both applications!

Related Questions in ASP.NET-IDENTITY

Related Questions in ASP.NET-CORE-2.2

Related Questions in ASP.NET-4.6

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.