Unified Authentication and Authorization Service – Technical Overview and Quick‑Start Guide

Background

In 2018 the company decided to undergo a technical transformation, but independent teams and isolated systems created strong resistance to new technologies. Each system had its own login mechanism, causing inconvenience for employees and customers. A unified login and authentication service was identified as the optimal entry point with minimal refactoring cost, leading to the creation of the "Hulu‑Teng" project.

Technical Solution

Backend framework: .NET Core 3.1 (future .NET 5 version planned)

Frontend framework: React

Database: MySQL (configurable)

Middleware: Redis

Detailed Features

Authentication & Authorization Service

Implemented with IdentityServer4, supporting web sites, native apps, mobile clients, and web services.

Single Sign‑On / Sign‑Out

Provides SSO across various application types with built‑in user management (registration, login, SMS verification, password recovery) and Tencent graphic captcha for security.

Third‑Party Login (WeChat, DingTalk)

Supports third‑party logins with automatic binding of existing or newly registered users on first login.

Quick Start

1. Download the code

Clone the repository; the root directory contains backend (backend code) and frontend (frontend code).

2. Generate the database

Edit appsettings.Development.json to set the database connection string, then run the following commands in the Package Manager Console:

Add-Migration Init

After the migration completes, execute:

update-database

This creates the database and inserts a test record into the Client table.

3. Start the backend service

Press F5 in Visual Studio; ensure the Redis configuration in appsettings.Development.json points to your own Redis instance.

4. Start the frontend

Navigate to the frontend directory and run:

npm install

Then launch the demo:

npm run demo

Access the UI at http://localhost:8080 .

5. Integrate a new client

Insert client information into the database (see sample SQL) and add the following configuration in Startup.ConfigureServices :

services.AddServiceAuthorize(o =>
{
    o.AllowClientToken = true;
    o.AllowUserToken = true;
    o.OnClientValidate = false;
    o.Authority = "http://localhost:5000";
    o.ValidateAudience = false;
    o.ClientId = Configuration["AppSettings:ClientId"];
    o.ClientSecret = Configuration["AppSettings:ClientSecret"];
});

Also add the custom middleware in Configure :

app.UseRouting();
app.UseJwtAuthorize();
app.UseAuthorization();

After these steps the new application can authenticate via the unified service, automatically redirecting unauthenticated users to the login page and returning them after successful login.

Next Version Plan

1. Add more third‑party platforms (QQ, Weibo, etc.)

2. API authorization service

3. Enhanced two‑factor authentication with Google Authenticator

4. Application management features

Experience

Demo site: https://account.suuyuu.cn/

Source code: https://github.com/fuluteam/fulusso

If you find the project helpful, please star the repository – your support drives continuous updates.