- ABP Framework version: v7.2.2
- UI Type: Custom (React)
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): Yes (Separate Auth Server)
Issue: We are using Microservice Template from ABP Commercial and we have 2 front-end applications setup to use same Auth Server in back-end. One front-end application is a client-facing portal and the other application is a portal used by internal staff for a client.
We noticed that if a user is logged in to the client portal (Application A), the same user can access the internal portal (Application B) without having to login. This is a security issue as we need to ensure users for each application are separate and a user can login to only the application they have logged in with and not be automatically logged in to the other application.
Expected: Users logged in with client portal (Application A) should not be able to access the internal portal (Application B) and automatically logged in.
Please provide solution for this.
1 Answer(s)
-
0
hi
use same Auth Server in back-end.
This is what AuthServer( Single Sign-On) is designed for. You can't disable this behavior.
