• Not Answered

External Authentication Architecture Question

I have an authentication architecture question.  I need to authenticate external website users to a custom API, but have Sitecore handle the actual Authentication/Authorization.  The API is really simple, just pass in username and password, and it will either send me user info or an error.  I feel like the best way is to just login to Sitecore if we get a successful response from the API as a Virtual user.  Anything wrong with this approach?  I tried the approach of creating an Owin Middleware and use it to authenticate to the API, but it seems overkill for what I'm trying to do.

1 Reply

  • If you want to put Sitecore as a middle ware to just call the external IAM API to authenticate user then it's not suggested because your user not wanted to perform any action on Sitecore. For your scenario, create a API gateway which will internally call external API to validate. With this way API can be utilised by other channels also.