Open Closed

Tier deployment login via .web #2273


User avatar
0
Leaf created
  • ABP Framework version: v4.4.0
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi,

We going to deploy production on prem in 3 tier architecture, we have Web Server, App Server and DB Server.

Web Server (IIS) -- .Web App Server (IIS) -- .HttpsApi.Host & .IdentityServer DB Server (MSSQL)

Due to Identity Server will direct connect to database, so we have to host identity server in App Server.

In 3 tier architecture, user are not allow redirect to indentity server login page. In this case, anyway to configure only allow user login via .web instead of redirect to identity server login page ?

Thank you.


3 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    In 3 tier architecture, user are not allow redirect to indentity server login page. In this case, anyway to configure only allow user login via .web instead of redirect to identity server login page ?

    You can use Resource Owner Password flow which is not suggested for MVC applications and it may cause security issues. You can also use non-tiered template where identityserver, host and web applications are hosted in the same webserver.

  • User Avatar
    0
    Leaf created

    Hi gterdem,

    As mentioned, Web Server are not allow to access DB Tier, So non-tiered template cannot apply in this environment. For .IdentityServer are not allow to host in Web Server due to .IdenityServer can direct access to database.

    anyway to configure .IdentityServer to consume api from .HttpsApi.Host rather than direct access to database? If yes, then the ,IdentityServer should able to host in Web Server.

    Thanks .

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Well, IdentityServer is an openid provider, how will it happen than?

    You want identityserver to call an endpoint to check if the client exists and has the required scopes etc for the authentication? What will authorize that endpoint? It seems like a loop to try to authenticate the authenticator.

    I can't think any other solution then to keep in-memory configuration which is a very limited demo functionality.

    And this is not really related with abp. Maybe someone else had a same issue and found a solution in identityserver4 github repo or stackoverflow?

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19