I'm wondering and trying to achieve the following scenario with Asp Net Zero 12.0.0 - ASP.NET CORE & Angular:
- A project that keeps all the users, permissions, roles, user groups, charts and pretty much everything related to users.
- Another project that has it's own business scenario, but everything related to users has to be fetched from aforementioned project, including user permissions to access Apis in this project. It's completely valid to write this projects internal permissions in the first project and get user permissions from it.
It's pretty much a microservice scenario that just separates user authentication and authorization and therefore other subsystems can join and delegate this part to the first project.
Any thoughts on this would be appreciated.
It seems you need an Identity Service that handles the above requirements (however I can't understand the charts here). Identity Server is recommended. it provides facilities to authenticate and authorize users and client applications to consume API services based on 0AUTH. please read this rfc
This Project seems nothing but another service that serves business requirements and it could be N number of them as separate services/projects. this service/project has to include authorization policies (eg: user claims policies) according to identity service configuration to identify legit and authorized requests to serve.
the angular project is your client service and has to be authorized by the identity server as a legit client to request your APIs. Client apps uses OIDC libraries to work with Identity server.
NOTE: Please be aware that the old articles use implicit authorization flow for JS-based applications which are not recommended at the current time and you have to use code authorization flow with PKCE. read this and check this rfc.
However, as you mentioned you use Asp.net zero with angular which I am not familiar with, and better to check these docs from asp.net zero for identity server configuration.
Scenario: