Delegating user related topics to another Asp Net Zero project

Question

I'm wondering and trying to achieve the following scenario with Asp Net Zero 12.0.0 - ASP.NET CORE & Angular:

• A project that keeps all the users, permissions, roles, user groups, charts and pretty much everything related to users.
• Another project that has it's own business scenario, but everything related to users has to be fetched from aforementioned project, including user permissions to access Apis in this project. It's completely valid to write this projects internal permissions in the first project and get user permissions from it.

It's pretty much a microservice scenario that just separates user authentication and authorization and therefore other subsystems can join and delegate this part to the first project.

Any thoughts on this would be appreciated.

Answer 1

A project that keeps all the users, permissions, roles, user groups, charts and pretty much everything related to users.

It seems you need an Identity Service that handles the above requirements (however I can't understand the charts here). Identity Server is recommended. it provides facilities to authenticate and authorize users and client applications to consume API services based on 0AUTH. please read this rfc

Another project that has its own business scenario, but everything related to users has to be fetched from aforementioned project, including user permissions to access Apis in this project

This Project seems nothing but another service that serves business requirements and it could be N number of them as separate services/projects. this service/project has to include authorization policies (eg: user claims policies) according to identity service configuration to identify legit and authorized requests to serve.

scenario with Asp Net Zero 12.0.0 - ASP.NET CORE & Angular

the angular project is your client service and has to be authorized by the identity server as a legit client to request your APIs. Client apps uses OIDC libraries to work with Identity server.

NOTE: Please be aware that the old articles use implicit authorization flow for JS-based applications which are not recommended at the current time and you have to use code authorization flow with PKCE. read this and check this rfc.
However, as you mentioned you use Asp.net zero with angular which I am not familiar with, and better to check these docs from asp.net zero for identity server configuration.

Scenario:

• user comes to the client app if a user is not authenticated and then redirect to the login page. (in most cases the login page lies in the identity server project, not the client app which makes it accessible by other client apps but you have to check it with asp.net zero docs)
• after authentication, the identity server provides tokens based on the user and client application he/she uses.
• for API requests, the access token must be included in the header so the API service could verify it with the identity server.
• profile info of users and client app is checked with API authorization policies and if they are authorized then API serves.
• in case you have to retrieve data based on the user himself you can check with the user profile info (id, group, etc.. claims) that existed in the token to get who(user?) requested.