Coexist React / MVC in the same project.

[emilianobonilla]

I'm very impressed with this project! Thanks for making our life easier.

In my project, we have some requirements. We need to have a part (or area) in MVC but share the same auth method. In the path /client/, we want to have the react client with Dotnetify, and in the path /admin/, we want to have MVC pages.

Is it possible to have only cookie authentication? Do you have an example? I only see examples with token authentication, but nothing with MVC or Cookie authentication.

Now, I could add Controllers and View, and I have the routing, but they cannot share the authentication because the MVC can access the token.

[dsuryd]

I have never experimented with cookie auth to give you a definitive answer, but I suppose it's possible as SignalR documentation says it supports it.

Another way I can think of off the top of my head is to keep JWT auth for dotNetify, and on successful login, call your backend API (with the token in the header to authenticate request) to do a HttpContext.SignInAsync to create an authentication cookie for your MVC pages.

[emilianobonilla]

Thanks for your response! I do the "another way," but the problem is that the token's expiration time and the cookie are not synchronized. So, I am working on the MVC area, and in the middle, I lose the token authentication in the React area.

Using the first recommendation, do you think it could be possible? For example, don't use the DotNetify.Security.Authorize attribute, do all authentications on MVC pages (login, register, password recovery, etc.) and then include React app in an MVC page (and don't use index.html file).

[dsuryd]

Yes, I think it's possible, as long as you don't need fine-grained authorization at the view model level. Well, scratch that, if you do need it, probably can use dotNetify middleware/filter to inspect the user claims on the hub connection context object.

[dsuryd]

Closing this as the question has been answered.