Monday, March 28, 2016

Managing identity when migrating from legacy to MVC

Recently I've been working on migrating a set of sites from classic ASP and Webforms sites to Asp.Net MVC, and part of that has been to "integrate" the logins.  I'm going to document how I did this and the places you'll need to plug into MVC Identity to get it to work with existing systems you don't want to change yet.

This legacy application had its own pre-existing login system, not any standard forms auth table structure or anything else, so I'll show you how to plug into that with Identity.

Issue 1 - cookies

The pre existing site was already using custom cookies to manage login info, so I had to co-ordinate between the pre-existing cookies and cookies from Webforms forms authentication.  Most important, make sure the authentication forms element is using the same name attribute between any sites where you want to share, and that the machineKey is also the same across web sites/applications where you want to share login (otherwise one site won't be able to decrypt the other's cookie).

Issue 2 - domains

This can really cause a headache.  If you're trying to share between to b-level domains (i.e. abc.com and xyz.com) you're going to probably need some other way of doing SSO, as the cookies aren't going to be shared between these domains by the browser.  My sites were all c level (i.e. site1.abc.com, site2.abc.com, etc) so I could set the cookies at the b-level domain and thus share across all the sub sites.  I'll go into details on how to up the setting of the cookies to be a the b level domain instead of their normal setting at the c level one.  There is actually an easier way to do this than the way I had to, and I'll describe that as well.

Those were the biggest issues, the rest is just the process of hooking into ASP.Net Identity in the (I hope, as I couldn't find any authoritative documentation out there on the "right" way to do some of this) correct places.

No comments:

Post a Comment