The company that works to develop internal applications, but due to policy issues, we will have a subdomain to handle authentication such as: login.domain.com where you will have an app responsible for administering customer data in a separate bank of the other apps.
In this way I am studying Oauth deeper, to better understand how it works. I did some local testing and from what I understood in simple mode the code snippet below that is located in the Startup.cs class configures the authorization server:
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/services/authentication/oauth2/token"),
AuthorizeEndpointPath = new PathString("/services/authentication/oauth2/token/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AuthorizationServerProvider(service)
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
The AuthorizationServerProvider.cs class is responsible for accessing the database and doing the validations.
The first question is: Do I need to use ASP.NET Identity to administer my bank? or can I use the Oauth implementation documentation together with the AuthorizationServerProvider.cs to store manually in the database?
The other question is if I can find a template or a complete post on how to do all this implementation to meet those requirements? Well all I find on the internet is just setting up for other providers like Facebook or Google.
The question is just "Create my own authentication provider," consuming would be another step.