SSO between a .NET Core 2.0 MVC and Angular application

We have been using Auth0 for Authentication purpose. We need support from Auth0 on our implementation with SSO.

Currently we have two applications using Auth0

1. SPA (Angular)

2. Regular Application (.NET Core 2.0 MVC)

3. SPA is storing in local storage

4. Regular application is cookie based

both are using Auth0 for authentication. They are all sharing the users.

As a new requirement, we want the user to be logged in both the applications, even if he signs on in any one of the app.

1. SCENARIO 1: sign in to .NET app, angular app gets signed in automatically
2. SCENARIO 2: sign in to angular app, .NET app gets signed in automatically
   We went with the SSO approach to achieve the above mentioned scenario.

Configurations on Auth0 side was configured:-

1. Use Auth0 instead of the IdP to do Single Sign On – By default turned on
2. Token Endpoint Authentication Method: POST
3. Allowed Callback URLs, Allowed Web Origins, Allowed Logout URLs – configured based on application needs.
4. Custom login page is used.

SCENARIO 1: sign in to .NET app, angular app gets signed in automatically

It works fine for this scenario, once we are logged into the regular Web application (.NET Core 2.0 MVC), try to login to the angular web application.
The angular application logs in automatically.
This is achieved by checkSession from the auth0 library for angular application. Following is the code in Angular side. By referring to Single Sign-On

Angular770×358 17.4 KB

the following code is from the .NET Core 2.0 startup class

NET945×835 40 KB

By referring to the following links

Regular Web Applications with Single Sign-On - this article has the code snippet, but this is in .NET core 2.0. Using this Migrate from ASP.NET Core 1.x to 2.0 | Microsoft Learn the code was migrated to .net core 2.0

SCENARIO 2: sign in to angular app, .NET app gets signed in automatically

The other way, using the same code, (.NET application to Angular application is not achievable).
Would like to know if the approach is correct. Precisely, how can we achieve this ? Need some help to achieve it.

Your help will be appreciated.

Thanks,
Ishwarya

Hello Auth0 community, I see that there were no responses to this good question. Any response regarding whether this (“SCENARIO 2” - above) can be achieved? We are trying to do the exact same thing.

Not sure if this will help you but I found this repo: https://github.com/auth0-samples/auth0-sso-sample...it has multiple apps included in the example.

I’m new to Auth0 and this part of developing (security has always been implemented or I used the built-in Identity service) or I’d help you more.