Open Closed

User Login Issue between Multiple Applications using same Auth Server #6426


User avatar
0
kbalashanmugam created
  • ABP Framework version: v7.2.2
  • UI Type: Custom (React)
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): Yes (Separate Auth Server)

Issue: We are using Microservice Template from ABP Commercial and we have 2 front-end applications setup to use same Auth Server in back-end. One front-end application is a client-facing portal and the other application is a portal used by internal staff for a client.

We noticed that if a user is logged in to the client portal (Application A), the same user can access the internal portal (Application B) without having to login. This is a security issue as we need to ensure users for each application are separate and a user can login to only the application they have logged in with and not be automatically logged in to the other application.

Expected: Users logged in with client portal (Application A) should not be able to access the internal portal (Application B) and automatically logged in.

Please provide solution for this.


1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    use same Auth Server in back-end.

    This is what AuthServer( Single Sign-On) is designed for. You can't disable this behavior.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09