Layered Solution: Authentication

Some of the features mentioned in this document may not be available in the free version. We're using the * symbol to indicate that a feature is available in the Team and Higher licenses.

The Layered solution template is fully configured for authentication. All the services and applications are configured to use the OpenIddict library for authentication. They are configured in a common way for authentication. This document explains that common authentication structure.

If you choose the Tiered option while creating the solution, the solution will have the *.AuthServer project.

OpenIddict

OpenIddict is an open-source library that provides a simple and easy way to implement an OpenID Connect server in your application. ABP has built-in modules (OpenIddict, OpenIddict UI *) to integrate OpenIddict into the solution.

Domain Layer

The layered solution template Domain layer is the responsible for the OpenIddict definitions (Applications, Scopes, etc.). Also, it provides the OpenIddictDataSeedContributor class to seed the initial data. It creates the default clients (applications) and scopes for the solution.

The OpenIddict UI * module is added only if you choose the OpenIddict UI module while creating the solution.

new-solution-openiddict-module

The OpenIddict UI * module provides a user interface to manage the OpenIddict entities such as applications, scopes, etc. You can manage these entities from the application UI.

openiddict-ui

The Authentication Application

The solution may include an external authentication server (auth-server) application if you select the Tiered option during solution creation. Otherwise, the authentication server is integrated into one of the Web Applications.

The authentication server handles token generation, validation, and user account management (e.g., login, registration). It uses the Account or Account Pro * module. The Account Pro * module additionally supports social logins (e.g., Google, Facebook). Social logins can be enabled, disabled, and configured directly from the application's user interface.

account-external-provider

Authentication Flows

Applications in the solution use different authentication flows depending on the application type:

  • MVC UI Web Application:
    Uses the Hybrid Flow (OpenID Connect Authentication) for user authentication.
  • SPA and Swagger Applications:
    Use the Authorization Code Flow to authenticate users.

Once a user logs into the system and obtains a token from the authentication server, the *.HttpApi.Host application use JWT Bearer Authentication to authorize the user's actions.

Previous
Built-In Features
Next
Database configurations in the Layered solution

Contributors

Avatar ahmetfarukulu
Last updated: December 06, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

What’s New with .NET 9 & ABP 9?

21 Nov, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More