Closed vaaridra closed 3 years ago
CSam1989
commented
3 years ago I'm trying to implement this as well. So any insights on this will be a huge help. I'm thinking about the following. Implement a mvc part on the asp.net web app where all the auth/account stuff will be handled. So when you press login in react or try to access a protected resource, you willl be redirected to the mvc part.
It should be possible?
AndersAbel
commented
3 years ago @CSam1989 you're approach is the recommended setup. The Saml2 spec is from back in the ages before client side applications in Javascript was a thing. So let the auth be a server side implementation. Then set a cookie (secure, http and with proper same-site level) to handle the session.
The advice used to be to use OpenID Connect between the JS client and the backend, but with browsers having more limitations on cookies in cross domain scenarios that really no longer works well. And SameSite provides XSRF protection. For more details on that architectural discussion, please see https://github.com/DuendeSoftware/BFF
Hi, I would like to know if I can use your package with ASP.Net Core with Client App built on ReactJS instead of asp.net pages. Your current sample ASP.Net Core solution required the page to be submitted in order to invoke the login using signinManager. Which is not an option in reactjs. If I am wrong can you please direct me how to get this working?
If this requires a different implementation approach can you please give me suggestions on how to implement the same.
Regards, Gururaj PS: I have attached the visual studio template I have used to create my solution.