I have a complete working application that is Web based on AspNetCore. I used the Identity.EntityFramworkCore to provide all the login and user registration on a central SQL database. Everything is fine and working great.

But now the quandary starts. I am progressing onto the development of supporting apps for android, ios etc. I am developing these apps using Microsofts Maui.

My thoughts are to write all the http CRUD API’s in the main ASPCore web application. Then the Maui apps will call these API CRUD operations. But my quandary arises with user management. What the best way forward to have for a common User Authorisation access across all solutions. Bearing in mind the current web based Asp EF solution is there and working?

I’ve researched but can’t decide the best solution going forward: -

1. Using the existing SQL database & provide Authorisation through API’s on web asp application.
2. Using Active Directory of Azure.
3. Transferring everything to 3rd party provider such as “okta, OneLogin, etc”

What’s your thoughts for best practice going forward?

CodePudding user response：

I am currently on the same path. Take a look at

TokenServerAuthenticationStateProvider in MAUI app

Basically I added an API controller (UserController) to my Server app that checks for username and password in SQL database and generates JWT token that I use for MAUI app login and also for authentication on Server APIs.

I use claims in token to pass User variables that I use in MAUI to display or hide some forms or controls. Like Roles but much more flexible.

For me it was the best path as I didn't have to change anything in my working web project.