I have two web applications in two distinct servers. Both of them must have a login protected area. Thus,any user must authenticate ang get authorization before get access granted into the protected area.
I think that coding an authentication and authorization module for each of the web applications is not a productive way to achieve that goal.
Other web application is about to be built ant they will need authorization and authentication service too. So, for once and for all, building a authentication and authorization module for any coming web application is not the best practice.
I was wonder about build an authentication and authorization service. This service could be consumed by any web application that needs to authenticate their users.
However, I'm not sure if it is possible and how i could accomplish it.
This approach centralizes all required logic to authenticate users for all web applications. How this can be done? How the web application client can deal with the result of authentication service and protected those areas?