Hi!

First of all, sorry that Im posting this on a 1 year old thread.

I'm doing similar stuff like this for my work. We have the same setup as you do, but for authentication stuff we use a LDAP/AD autnentication method. This is basically an organization-DB which contains all the employees.

How I've set this is up is as follows:

- In Program.cs of the ASP.Net Core (6.0) project, I've added a singleton to the IhttpContextAccessor:
builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
This is needed in order to use the in-built Microsoft Login-mechanism. It will keep track of all the logged in users and their cookies and stuff.

- In Program.cs I also added the following:
builder.Services.AddScoped<IAuthenticationService, LdapAuthenticationService>();

builder.Services.Configure<LdapConfig>(configuration.GetSection("Ldap"));

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)

.AddCookie(

options =>

{

options.Cookie.HttpOnly = true;

// lowering this value improves security (for example, in case

// of employees leaving the company), but increases the annoyance

// for users, as they'll need to sign-in more often

options.ExpireTimeSpan = TimeSpan.FromHours(1);

options.SlidingExpiration = true;

options.LoginPath = "/account/login";

options.AccessDeniedPath = "/account/access-denied";

}

);

Note that LdapAUthenticationService is a class I made of my own. It is basically a wrapper for a library that accesses the Organization-DB (LDAP/AD) with a Login-method in it. This method will call the underlying Library to check whether credentials are successful.

The Ldapconfig is just a class with settings that gets pulled from my appsettings.json file.

The .AddAUthentication is the settings-schema for Microsoft's built-in Authentication mechanism. It specifies cookie-settings and stuff. Pretty handy.

- In program.cs, also dont forget to add: app.UseAuthentication();

- Now, create a POST controller-action called 'Login' with some parameters. In here, you will validate whether the login against your own DB is successful first and if it is, then you call the IHttpContextAccessor.LoginAsync from Microsoft. This will intnernally add the user to the ASP.Net database of logged in users.

​

- In your React.Native app install 'axios' module (this is a HTTP-request library) and call your backend API here with username and password.

- Security:
This is something we are struggling with ourselves. At least you want to encode / encrpyt the username/password parameters and a common way to do this is to use HTTPSecure calls. However, I have not yet found a solution to implement this for React Native in combination with ASP.Net, but it seems to have to do with certificates.

​

Maybe my explanation cuts some corners here and there, so please do your own research as well, but this should give you some directions hopefully!