Hello, team š I hope you're doing well. Iām reaching out to request your guidance on setting up a solution architecture using the ABP Framework, where I need to centralize authentication and identity management in a SaaS Admin App, while keeping a second custom modular app completely decoupled and hosted in a separate repository.
š§© Context Iām designing a multi-application architecture using ABP Framework and Blazor Server, where authentication is centralized but each application has its own independent domain and purpose.
š§ Solution Overview ā App 1: SaaS Admin App (Tiered Architecture)
Based on ABP Framework with a tiered setup: Auth Server, API Host, Blazor UI. Includes all ABP modules, including Pro features, except the Chat module. Manages: Tenant administration User and role management IdentityServer (client and resource management) Intended to be the central authentication provider for other applications. ā App 2: Custom Modular App (Decoupled)
Also ABP-based, but: Hosted in a separate repository. Does not use Pro modules (e.g., SaaS, Identity Pro, Feature Management, maybe AuditLoggin). Has its own API Host and Blazor UI. Must authenticate against the Auth Server in App 1 using OpenID Connect (OIDC). Does not replicate identity or tenant logic, only consumes the auth services.
š Requirements Centralized authentication via OpenIddict/IdentityServer hosted in the Admin App. Secure and isolated communication between apps (CORS, scopes, audiences). Seamless authentication/authorization flow between the Custom App and the Auth Server. Clear separation of concerns and dependency boundaries between both applications.
š Request Please provide guidance, a recommended approach, or a project template to implement this architecture using ABP Framework, as described above. I would highly appreciate suggestions on how to properly configure both solutions, ensuring that the custom modular app can securely authenticate and operate without duplicating identity logic. Thank you in advance for your support!
1 Answer(s)
-
0
Hi,
When you create a new project, it it's not tiered, they're configured to host IdentityServer in the same application. So they use their own as IdentityServer. You'll need to remove OpenIdDict packages from the application and add configure it to use your existing authentication server.
You can create a new
Tieredproject and check how it's differently configured to consume a separate AuthServer, you can remove.AuthServer, configure the appsettings.json to use your existing AuthServer and sztart using.Here how you can process manually:
- Make sure
Volo.Abp.Http.Client.IdentityModel.Webpackage is installed, - And configured in the
appsettings.json:
"AuthServer": { "Authority": "https://localhost:44385", "RequireHttpsMetadata": true, "ClientId": "AbpSolution2741_Web", "ClientSecret": "1q2w3e*" }, - Make sure
