Can you Build ASP MVC Site that Supports Internal and External Users?

0
votes

We’re looking at an approach to build a ASP MVC site that would allow internal and external users to authenticate. Internal users would authenticate against via ADFS (or other mechanism tied to their AD domain accounts) and external users would also authenticate but via “individual accounts” (i.e. membership provider style accounts that are not in AD custom managed)? Is this possible? Is this straightforward with OWIN?

1
asp.net-mvcauthenticationforms-authenticationadfs
Yes, it's possible, but no it's not straight forward and requires a great deal of hoop jumping, and it has various problems and issues. In reality, you would be better off having two separate website instances, one configured for external and one for internal.Erik Funkenbusch

1 Answers

1
votes

Putting the OWIN question aside, the easiest way to do this is to use ADFS for internal users and federate ADFS with IdentityServer which is open-source and currently uses a SQL DB.

You could adapt the code as required to allow IdentityServer to handle the external users.

Or look around for another STS that handles your repository type.

In terms of OWIN, ADFS 3.0 doesn't support OWIN but IdentityServer 3 does.