How do I convert multiple ASP.NET web forms apps using forms authentication (Membership) to point to a new .NET Core Identity site for their login

Question

First, I want to apologize as this is my first post and I don't even know how to properly phrase my question.

Here's what's going on:

I have several legacy ASP.NET web forms applications (.NET Framework 4.6.1) built in VB.NET that currently use ASP.NET Membership provider and forms authentication. Basically, apps A, B and C redirect to a login screen on app D where the user logs in and then gets redirected back. I believe this is possible through forms authentication where all applications share the same machineKey in Web.config.

I created a new ASP.NET Core MVC application (.NET Core 3.1) using ASP.NET Identity to replace app D which in the future will also use IdentityServer4 to allow single-sign-in support for third-party clients. This new SSO app has new user screens to manage users/roles, etc. and is working great as a stand-alone site.

How do I get apps A, B and C to properly redirect to SSO so users can get authenticated and get redirected back? What is the correct approach here? What steps are required?

I spent weeks going through tutorials online, learning about IdentityServer4, creating new modern MVC sites that use OWIN to exchange tokens, etc. and that all works fine. I also see tutorials on converting ASP.NET Membership to OWIN or to Identity but is that really what I need? I have a new site that's already using Identity so I shouldn't right?

Ideas?

Answer 1

I managed to figure it out. Using a new ASP.NET Web Application (.NET Framework) - Visual Basic with .NET Framework 4.6.1 named VBWebApp, I did the following to get it connecting to my IdentityServer4 instance:

1. Install packages

   install-package Microsoft.Owin.Host.SystemWeb install-package Microsoft.Owin.Security.Cookies install-package Microsoft.Owin.Security.OpenIdConnect

2. Add Startup.vb

   Imports Microsoft.Owin.Extensions Imports Microsoft.Owin.Security.Cookies Imports Microsoft.Owin.Security.OpenIdConnect Imports Owin

   Public Class Startup Public Sub Configuration(ByVal app As IAppBuilder) Dim settings As NameValueCollection = ConfigurationManager.AppSettings

        app.UseCookieAuthentication(New CookieAuthenticationOptions With {
            .AuthenticationType = "cookie"
        })
   
        app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
            .SignInAsAuthenticationType = "cookie",
            .Authority = settings("Authority").ToString(),
            .ClientId = settings("ClientId").ToString(),
            .ClientSecret = settings("ClientSecret").ToString(),
            .RedirectUri = settings("RedirectUri").ToString(),
            .ResponseType = "code",
            .Scope = "openid profile",
            .RedeemCode = True
        })
   
        app.UseStageMarker(PipelineStage.Authenticate)
    End Sub
   

   End Class

3. Add the following under Configuration tag in web.config

4. Add the following in system.web tag

5. Add the following in Config.cs in IdentityServer4 instance

   new Client { ClientId = "VBWebApp", ClientSecrets = { new Secret("secret".Sha256()) }, AllowedGrantTypes = GrantTypes.Code, RedirectUris = { "https://localhost:44375" }, PostLogoutRedirectUris = { "https://localhost:44375" }, AllowedScopes = new List { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, } }

Still more work ahead but at least now I have the steps required to get the authentication piece working for apps A, B, and C.