locked
How to redesign .NET application that contains other applications as modules? RRS feed

  • Question

  • User-1440339829 posted

    I have got a task to redesign the main portal, written in ASP .NET Web Forms, which works as a facade for other applications, that are rendered in Iframe inside this main app.

    These modules are written in different technologies (WebForms, ASP .NET MVC) and has been built by years.

    After logging to the main portal, user will be redirected to the home page, where is navigation to other modules (separate applications hosted on a server). After choosing one of them, it will be rendered in an Iframe, which is the main part of the portal. The session will be passed to these external applications, so user will not have to log in again in every sub-application (module).

    Due to the fact, that the portal is not responsive, and doesn't look well on mobile devices, company decided to rewrite the main application and then every old module, which is outdated.

    Assumptions for the new portal:

    • must cooperate with old modules written in WebForms and ASP .NET MVC,

    • user will not have to login every time, while changing modules (navigate),

    • must be responsive for use in desktops, tablets and mobiles,

    • url should change while using sub modules.

    I would like to build this new facade application in ASP .NET Core.

    Do you know, if there is any other possibility beyond using IFrame? And if not, what about new modules, that will be implemented in the future - should they also be built as separate applications?

    Did anyone have similar architectural problem and may share his solution or maybe give me some advices how to design such application?

    Thanks in advance.

    Thursday, June 6, 2019 11:22 AM

All replies

  • User475983607 posted

    I'm not sure exactly sure what problem you are trying to solve.  I think security?

    Single Sign On in modern applications commonly uses token based authentication and a central token server.  When the user jumps to another application redirects to the token server.  If the user already has a token then the user is redirected to the originally requested application.

    Thursday, June 6, 2019 11:50 AM
  • User-1440339829 posted

    Hi, thanks for your reply.
    My main concern is to render these modules inside a new portal and I don't know, if the Iframe is the best way to do it. And also the assumptions, that I've written have to be realized too.

    Thursday, June 6, 2019 11:57 AM
  • User753101303 posted

    Hi,

    You are using an iframe because you do have some common UI ? The two big direction I see is to have distinct apps with a common menu bar (likely like Office 365, you have a common menu on all apps that allows to switch to another app or to go back to the portal). Another option would be to have a single app and use MVC areas.

    IMO it depends on how it is managed ie does each app have its own specific audience and could be used entirely on its own or does it sounds more like distinct modules on a single intranet app that are all available to most if not all users.

    Thursday, June 6, 2019 12:11 PM
  • User-1440339829 posted

    Yes, now IFrame is used to have some common UI for navigation (to render applications inside the main portal with navigation). These apps are treated like a single intranet application and they are not used separately. 
    Do you have any idea how to create this main portal (navigation), which should render modules (other apps) inside it? Will Iframes still be the best option? I think, that using MVC areas is impossible due to fact, that some applications already are written in WebForms and they will be rewritten with time, but now we will have to render them too. 

    EDIT: And what about URLs, will it be possible to change them from other apps from Iframe?

    Thursday, June 6, 2019 12:29 PM
  • User475983607 posted

    Yes, now IFrame is used to have some common UI for navigation (to render applications inside the main portal with navigation). These apps are treated like a single intranet application and they are not used separately. 
    Do you have any idea how to create this main portal (navigation), which should render modules (other apps) inside it? Will Iframes still be the best option? I think, that using MVC areas is impossible due to fact, that some applications already are written in WebForms and they will be rewritten with time, but now we will have to render them too. 

    Still in clear what problem you are trying to solve but it seems there might be several? 

    Responsive sites are client applications.   The server technology has little influence except the server hosts CSS, JS, and HTML.  

    MVC Areas group controllers.  I'm not sure how Areas will help with separate applications.  My go to would be a data driven menu based on user roles.  How does your current menu work?

    EDIT: And what about URLs, will it be possible to change them from other apps from Iframe?

    An iFrame is an HTML element and the src attribute can be updated on the server or the client.  I imagine no different than how the current application works.

    Thursday, June 6, 2019 1:17 PM
  • User753101303 posted

    Can you even update those apps or you are just rewriting the main portal ? If not I see no other option than to just keep using your current approach (ie iframe).

    If updating those applications is allowed I would give a closer look at how the Office app launcher works : https://support.office.com/en-us/article/Meet-the-Office-365-app-launcher-79f12104-6fed-442f-96a0-eb089a3f476a

    I assume it is basically a place holder which loaded the makrup from some service. You would have then a standard way to show a UI that allows to go back to your portal etc... and that you could use both from standalone applications or from a single application with multiple areas...

    Thursday, June 6, 2019 2:19 PM
  • User-1440339829 posted

    Hi, thanks for your replies.

    These modules should be also updated, but with time - at the beginning I will use the old modules that are now in use. 
    So I think that I will still use the IFrame, but maybe new modules will be written inside the main portal (with usage of MVC areas) rather than separate projects. I will discus it with other team members. 

    I have one more question regarding authentication and authorization - because I will also have an WebApi I would like to create JWT authentication inside it and use it in other modules as well as in the main portal (Core MVC). 
    How such authentication and authorization system should work?

    Token should be generated from API after request from Portal (MVC), then MVC should keep it in a cookie for authorization inside MVC and when it will request the WebApi in some cases from JavaScript, it should take it from the session and add to the header?

    Friday, June 7, 2019 7:08 AM
  • User475983607 posted

    I have one more question regarding authentication and authorization - because I will also have an WebApi I would like to create JWT authentication inside it and use it in other modules as well as in the main portal (Core MVC). 
    How such authentication and authorization system should work?

    Token should be generated from API after request from Portal (MVC), then MVC should keep it in a cookie for authorization inside MVC and when it will request the WebApi in some cases from JavaScript, it should take it from the session and add to the header?

    At a high level, a token service exchanges a signed token for user credentials.  Secured resources like Web API trust the token service and know how to validate the signed token.  Any client that has a token can use the token to access secured Web API endpoints.

    The actual security flow is dependent on your security requirements.

    http://docs.identityserver.io/en/latest/

    https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

    Friday, June 7, 2019 10:05 AM
  • User-1440339829 posted

    Yes, I know, but I will also have an MVC application, and it also should authorize the token inside its controllers.

    Friday, June 7, 2019 10:31 AM
  • User475983607 posted

    blitzerpl

    Yes, I know, but I will also have an MVC application, and it also should authorize the token inside its controllers.

    Given the follow up question, it is very clear that you do not understand.  Please set aside time to read the two links in my previous post as the illustrate the different flows required to secure resources.

    MVC indicates a browser based application.  The security flow for a browser involves redirecting to a central login.  After login the browser is redirected back to the original site along with a token.  The token is parse and placed in an auth cookie.

    There is different flow if you are building a JavaScript application or using .NET code to invoke secured resources.  The links in my previous post cover the details.

    Friday, June 7, 2019 10:41 AM
  • User-1440339829 posted

    Hi,

    I decided to use:
    - Razor Pages for building Main Portal,
    - ASP .NET Core Web API for developing Web API,
    - IdentityServer4 (ResourceOwnerPassword grant) to implement Authorization Server for my applications.

    The flow of authentication and authorization should be done this way:
    1. User enters main Web Portal, where the Login Page will be implemented 
    2. After submit request goes to Authorization Server, and I will get an JWT access_token in a response
    3. Redirection to Dashboard which has a Navigation panel and IFrame for displaying other modules

    JWT should be used in Web Portal to secure the Dashboard as well as requests to the Web Api and should also be passed somehow to Modules which will be rendered inside the IFrame located in the Dashboard.
    I have two questions regarding this solution:
    1) How should I store the token (configure middleware) inside the Main Portal, so that will be possible to use it for securing Dashboard page and sending it with AJAX requests to Web API?
    2) How can I reach it from modules inside an IFrame?

    I am a little bit confused, because I can't find any tutorials how to implement ResourceOwnerPassword in MVC, there are solutions written only in Angular. Maybe I mixed something and there is some better and easier solution. 

    Friday, June 21, 2019 11:40 AM
  • User475983607 posted

    The main issue you are facing is understanding the definition of a user and a client.  Sometimes the user and the client are the same.  Sometimes not.

    I recommend that you use one of the interactive grants not resource owner grant.  The interactive grants will allow the browser to jump between web applications without an iframe; SSO.  The resource own grant is used by code; JavaScript, C#, PHP, etc.  The code is responsible for managing the token scope.  This is not a good solution for a browser application that  jump between web applications.  As soon as you jump form one app to another the token gets wiped out.

    I am a little bit confused, because I can't find any tutorials how to implement ResourceOwnerPassword in MVC, there are solutions written only in Angular. Maybe I mixed something and there is some better and easier solution. 

    That's because an Angular application is running in many computers (client) one for each application user.  Each application has a token variable.   MVC is running on a single computer serving many users.  In order to manage the state of many users, browser based applications use a cookie that contains a token.

    In order to accomplish this task you need write code to login the user, store the resulting token in a cookie, write middleware to fetch the cookie and read the token, and finally populate the principal.  The previous steps are basically handled in the Identity Server inactive grants.  Plus you can switch applications without writing any code.  All you need to do is configure the apps.

    Friday, June 21, 2019 12:26 PM
  • User-1440339829 posted

    Thanks for your reply.

    I have chosen resource own grant, because I don't want to redirect to other page (provided by authorization server) for a login and also I don't want to redirect to modules as to separate websites, just to use them inside a layout (Main Portal) with use of an IFrame.

    Friday, June 21, 2019 6:29 PM
  • User-1026043948 posted

    Thank you, this info is so useful to me. <br>
    In my org, we have one solution in that we are more than 3 modules. <br>
    Portal is main page in that notification is applicable so, how to redirect other modules and access those pages for notifaction item click.
    <br>
    For exam: notification I got employee leave approvals for RM. But the leave approval page is in leave module. How to access? Can I use iframes? Is there any options?
    Pleasee help me out of this problem. Waiting for your reply my mail is prudhvisoft92@gmail.com
    Sunday, May 3, 2020 4:25 AM