SSO OAuth with Username And Password

Siddhant Singh 5 Reputation points
2024-07-18T11:09:23.7433333+00:00

I have a Web Application whose Admin portal developed in Asp.net Webforms with some domain and the Public portal of the same is in Asp.NET 8 (.NET CORE) with some other domain. The database is same for both and currently I do login with Username and password and validate the same with the SQL Server database. Now I have to achieve an SSO with OAuth here. But by SSO I does not mean Login with Google or Facebook only. I need to continue the same phase. Login with username and password. If success then login both the domains Admin side and public side so no need to login them separately. Is it possible with SSO OAuth. If yes, then please help me with the code reference. If not then what's another approach I can have to complete this. At the end, I have to login both the domains with one time login using my USERNAME and password and username and password is in Sql server db.

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,921 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,612 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,507 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,166 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AgaveJoe 28,536 Reputation points
    2024-07-18T12:03:44.2233333+00:00

    OAuth has several flows, one for browser based application uses a standalone authentication application referred to as an identity provider. The web applications redirect unauthenticated requests to the identity provider to login. Once logged in the identity provider returns an authentication cookie to the browser, then redirects the browser back to the original web site passing a token. The original web site receives the token, validates the token, and uses the token to create an authentication cookie of its own.

    At this point the browser has two authentication cookies, one from the identity provider site and one from the original web site. If the user goes to a second SSO web site, the same process happens. The browser is redirected to identity provider. But this time the browser already contains a valid authentication cookie form the identity provider. The browser passed the cookie to the The identity provider which reads the cookie redirects back to the second SSO web site passing a token. Logic in the second site reads the token and creates an authentication cookie for the second SSO site.

    Another way to do SSO in IIS is sharing an authentication cookie. Keep in mind, this approach has nothing to do with OAuth.

    https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-8.0

    OAuth has several flows which are well documented.

    https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

    The OAuth flows are determined by the client type that require authentication. The link above covers the flows.

    0 comments No comments

  2. Bruce (SqlWork.com) 66,706 Reputation points
    2024-07-18T15:56:13.1466667+00:00

    you don't specify your current authentication method, but oauth is a commonly used for SSO.

    • to implement oauth you need an oauth server. the Microsoft option is azure ad, but you can use identity server. though its no longer free: https://duendesoftware.com/products/identityserver
    • in webforms you add owin and oauth middleware support
    • in asp.net core you use the oauth middleware
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.