ASP.NET Identity with multiple applications

Question

so our organization is developing some new web apps using asp.net mvc and web api. we decided to not use active directory for authentication/authorization purposes so it loo

Answer 1

Your users and their credentials are stored in AspNetUser table and Roles are in ASPNetRole while AspNetUserRole serves as junction table between the two to map users and roles. You can implement SSO (Single Sign On) by sharing these tables in your applications. Like each application will need to read these tables and roles and login users. But a better approach would be to create a central WebApi to handle user authentication and authorization.

Also if you Roles can be changed at run time then you have idea of Permissions, You can create a custom Table for storing permissions and then map Roles to Permissions. And when user logs-in just load all his permissions and store as claims. You can either serialize whole Role (with its permission list) and Store it as one claim. Or store each permission as individual claim whichever suits you best.