How to handle ASP.NET Core Identity for external login in microservice?

[Li7ye]

I have two projects:

1. MVC project as frontend (can't access database directly)
2. User Web API as user management by using ASP.NET Core Identity.

MVC project can use external login and need to add external login user into user web api.

The demo code uses _signInManager.GetExternalLoginInfoAsync() and _userManager.AddLoginAsync(user, info) as core code. But I can't use this code in MVC project.

How to handle this scenario? I must create endpoint in user web api?

[Mr-AbdullahFahim]

Yes, in your scenario you should handle external login linking inside the User Web API, not in the MVC project.

---

Why?

Methods like:

_signInManager.GetExternalLoginInfoAsync()
_userManager.AddLoginAsync(user, info)

are part of ASP.NET Core Identity and require access to:

• Identity database
• UserManager / SignInManager
• Authentication cookies / external login middleware

Since your MVC project cannot directly access the Identity layer or database, it should NOT perform these operations.

---

Correct Architecture

1. MVC Project (Frontend)

• Handles external login flow (Google, Microsoft, etc.)
• Receives external provider response (claims / tokens)
• Sends data to the User Web API

2. User Web API (Identity Layer)

• Owns ASP.NET Core Identity
• Contains UserManager and SignInManager
• Responsible for:
  • Creating users
  • Finding users
  • Linking external logins
  • Generating JWT tokens

---

Recommended Flow

Step 1: External Login (MVC)

User authenticates via external provider.

Step 2: MVC receives provider data

MVC extracts:

• Provider name (e.g., Google)
• Provider key (unique user ID from provider)
• Email / claims

Step 3: MVC calls User API

POST /api/auth/external-login

Payload example:

{
  "provider": "Google",
  "providerKey": "123456789",
  "email": "user@example.com",
  "name": "User Name"
}

---

Step 4: User API handles Identity logic

Inside the User Web API:

var user = await _userManager.FindByEmailAsync(email);

if (user == null)
{
    user = new ApplicationUser
    {
        UserName = email,
        Email = email
    };

    await _userManager.CreateAsync(user);
}

var loginInfo = new UserLoginInfo(provider, providerKey, provider);

var result = await _userManager.AddLoginAsync(user, loginInfo);

Then generate JWT token and return it to MVC.

---

Conclusion

Yes - you MUST create an endpoint in your User Web API for external authentication.

The MVC project should only:

• Handle external login UI flow
• Forward provider data to backend

All ASP.NET Core Identity operations like AddLoginAsync() must be handled in the User Web API.

[Li7ye]

Is make sense that create HttpClientUserManager and expose all endpoints for all public functions of UserManager?

[Mr-AbdullahFahim]

No. Creating an HttpClientUserManager and exposing all UserManager methods as API endpoints is usually an anti pattern. UserManager is an internal Identity service, not an API contract. Expose only the business operations you need (e.g., external login, register, login, change password), and let the User API use UserManager internally.