C
C#2w ago
Antonio

Authentication without a dedicated separate database in .NET 8.0?

Hello! So, I am working on a future application for a small company as a freelance back-end web developer, and I am using .NET for it, and loving it so far! So, what I want to ask is the following, and I am sorry if it sounds a little dumb or something: is it possible to use ASP.NET Core's tools for authentication (registering and login of users of the application) without a dedicated database specifically for it? Basically, this is what I want my application's database to look like, even though I know that the recommended path is for all the tables that are prefixed with AspNet to be in a separate database (see image below, where I crossed out in red the stuff that I created for the application for security reasons, and only left the tables that ASP.NET Core creates by default for authentication): MyDatabase on Microsoft SQL Server Now, the reason why I was recommended by the senior dev of the Project (there are only two devs in the project: him and me, and I'm a junior), who is on the front-end, to follow this path of just one database is for economic reasons, as the Project is really small, and he told me that more than one database means spending more Money, and there are budget constraints. The Problem So, on to the technical issues I've been having. When I have a dedicated database specifically for authentication (which means I will have two DbContexts in my app - something like "MyApplicationDbContext" and "MyApplicationAuthorizationDbContext"), registering and login cause no problem at all: new users are saved on the database, and if you don't log in and try to access certain routes without authorization, you won't be able to do so; but if you do log in, you can access those routes with no problem at all. However, if I try to put everything in a single database (and therefore, use just one DbContext - which is what I want to do, due to financial reasons, as I said), registering is not a problem, but logging in is. Basically, I can log in, but the routes that require authorization can't "recognize" that I am now an authorized user, and therefore I can't access them (whereas I can if I have two databases). That is the problem I've been having, in a nutshell. And what puzzles me is that in both situations (both when I am working with two databases and when I am working with just one database) the users are saved on the database, logging in seems to be successful, and valid JwtTokens are returned by Swagger as a response. Example For example, let's say that I have this user here (and I will attach some screenshots from Swagger and Microsoft SQL Server to walk you all through it): Example user When I register this user, everything goes well. Here is Swagger's message after registering this user: Screenshot from Swagger right after registering And to prove that this user was indeed saved into the database, here is a screenshot of Microsoft SQL Server: User saved in the database Now, I haven't logged in via Swagger yet, so let's try to access a route that can only be accessed if you are authorized: Access denial before login Ok, now let's log in. Having clicked the "Authorize" button on Swagger on the top right, and having inserted the JwtToken following the format "Bearer myJwtTokenIsInsertedHereAndItIsALongString" this is what I get: After authorization Right, so on to trying to access the route that can only be accessed by authorized users. As you can see, it's like I hadn't even logged in at all (or maybe the application doesn't recognize the JwtToken? I don't know): Access denial even after login (Discord apparently created a separate file with the rest of my post. Check it out! And I thank you for any help 🙏 )

message.txt

4 Replies
Angius
Angius2w ago
I mean, yeah, that is the default One database for everything One database, one context
Antonio
Antonio2w ago
Ok, but the problem is that if I try to use just one database, I am not able to log in to the application. But if I use a separate database for authentication (as seems to be the good practice with .NET), everything works. And apart from that, the code is the same, nothing changes.
Angius
Angius2w ago
I never heard of using a separate database being a good practice I'd say try it with a fresh project Both login and registration should just work with a single database No idea why they don't, but that's something you would have to debug and figure out
Antonio
Antonio2w ago
Ok, that's fair! Thanks a lot, buddy!
Want results from more Discord servers?
Add your server
More Posts
Add assemblies on Visual StudioHey it's my first time using Visual Studio for a named pipeline between Python and C# but I can't sehelpso when I press some buttons, these together with what I write on them appear in the flowpanel in thLaunching WPF Windows via code when wpf is not startup projectMy solution consists of two project. One is a console application and is the startup project, the otDo we really need microservices in order to scale out an application horizontally?Hey there, Last several years I've been thinking about microservice architecture and all costs we hUI modificationSo I have an XAML code like this which create the UI as the first image, can someone help me to modWPF Styling of a buttonI have this button Style in WPF that I am trying to make <https://pastebin.com/xCTrerLg> The problemConverting from DTO to DomainModelHello, I'm developing the CRM for repairing the office equipment There are 7 stages of each ticket, cancellation token to stop Console.ReadLine is only working on the first tryI have the following method I got from stackoverflow ```cs async Task<string?> ReadLineAsync(Cancelllearning moq frameworkI'm trying to get my head around the moq framework but i can't seem to understand. Anyone got some g✅ .net best practices & useful patternsHi all, Looking for relevant material on the subject. Would appreciate your help. - main subjects