What is the best practice for supporting user account registration and sign-in for website (customer) users and also supporting a cms user accounts / admin logins using separate user identity service for both site and cms in the same project?

In order to evaluate how this scenario might work i have have built a test mvc .net core 3.1 website project that utilizes Piranha CMS which in turn uses the user identity service to manage authentication for access to the cms admin panel, couple this with the mvc site also supporting user identity for individual accounts for website customer/users to register/ sign-in.

The following is an example of the startup class ConfigureServices method to illustrate setup of both a cms and website using the user identity service, this currently errors on startup with a message – System.InvalidOperationException: ‘Scheme already exists: Identity.Application’

    // CMS Setup
        services.AddPiranha(options =>
        {
            options.UseFileStorage();
            options.UseImageSharp();
            options.UseManager();
            options.UseTinyMCE();
            options.UseMemoryCache();
            options.UseEF<SQLServerDb>(db => db.UseSqlServer(Configuration.GetConnectionString("db-cms-users")));
            options.UseIdentityWithSeed<IdentitySQLServerDb>(db => db.UseSqlServer(Configuration.GetConnectionString("db-cms-users")));
        });

    // Site Setup
        services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("db-site-users")));
        services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true).AddEntityFrameworkStores<ApplicationDbContext>(); 

The problem with the above code the fact that user identity is used by both the cms and the site, and this conflicts due to the ‘default’ identity being used for both, is there a way around this issue and still support both the cms and the website for user/accounts.

So my question is both of these together in the same project appear not play nice, and i would like to know in this scenario what the best practice would be to support a web project utilizing both a cms and site both supported with user identity and/or if this is even at all possible in this context?

The user management is totally abstracted in Piranha, so you could actually authenticate the CMS users any way you want. The Identity package that is included in the templates are included as a boilerplate as most users what a single security setup based on ASP.NET Identity. The only thing the manager cares about when signing in is:

  1. That it finds a registered service implementing Piranha.ISecurity (https://github.com/PiranhaCMS/piranha.core/blob/master/core/Piranha/ISecurity.cs)
  2. That the users gets the adequate claims needed after signing in (https://piranhacms.org/docs/architecture/authentication)

Configuring Identity

The code provided in the templates just sets up the standard Identity settings, but you can override everything to do what you’re like. The method UseIdentityWithSeed<T> can actually take two more parameters for configuring both IdentityOptions and CookieOptions to work in any way. Take a look at this page for reference:

https://piranhacms.org/docs/architecture/authentication/identity

User accounts in Piranha

If you’re only looking to adding end-user accounts somewhere this can be done in Piranha CMS by setting up new roles in the admin and adding the application policies you want. You can read about this here:

https://piranhacms.org/docs/tutorials/securing-pages

More guidance on multiple authentication schemes

I have never actually deployed a site with this setup, but as always I know someone has 🙂 This issue on GitHub talks about just this, and the setup was successful. As I can’t give specific guidance on this scenario, maybe reaching out to the user in this thread can give you what you need!

https://github.com/PiranhaCMS/piranha.core/issues/627

While not being an answer, I hope this will give your what you need to find the answers.

Best regards

1