abp icon indicating copy to clipboard operation
abp copied to clipboard
verified publisher icon abpframework

Q: Completely separated of administration and user part of application (MVC)

Open leonkosak opened this issue 4 months ago • 4 comments

abp framework version: 9.x+ Frontend: MVC Architecture: non-tiered and tiered DB Access provider: EF Core

How to properly separate administration and user part of application? I want to achieve the same functionality as separated hostnames (for Admin Console and login for users) in Keycloak: https://www.keycloak.org/server/hostname#_exposing_the_administration_console_on_a_separate_hostname Administration part of an application (even REST endpoints behind a frontend) would be hosted on a different subdomain as user part of application. I want to further secure access to Administration part of an application (frontend and backend) with Cloudflare Access ZTNA (https://www.cloudflare.com/zero-trust/products/access/). Otherwise, administration part of application should be connected to the same host database as user part of application.

How to properly generate and configure and re-make abp framework MVC (tiered and non-tiered) that this would be properly designed? Keep in mind, that deploymend has to be separated for administration and user part of an application (different IPs), because firewall rules for administration part have to be more strict (accessing only via Cloudflare IP address range: https://www.cloudflare.com/ips/, maybe some VPN IP addresses).

Additional info: application can be multitenant or wit tenancy disabled.

@maliming, you may be the most suitable person to clarify this topic. :)

Thank you.

leonkosak avatar Aug 18 '25 18:08 leonkosak

In short: Do you want to remove the Identity and account modules from the application?

Thanks.

maliming avatar Aug 19 '25 05:08 maliming

Well, I do not understand how these two modules (presence or absence) affects this?

leonkosak avatar Aug 19 '25 07:08 leonkosak

@maliming, let's say that I am interested in two options:

  • keep existing authentication system in abp (OpenIddict)
  • integration with self-hosted Keycloak (https://github.com/abpframework/abp-samples/tree/master/KeycloakDemo)

Bud definitely only MVC frontend.

leonkosak avatar Aug 20 '25 18:08 leonkosak

Using Keycloak will still create an external user in the Identity module.

I don't quite understand what you're trying to achieve.

Thanks.

maliming avatar Aug 21 '25 08:08 maliming