Share auth between two service layers

We would like to convert our service layer to use .NET Core, but there is a third party reporting engine that doesn’t have .NET Standard libraries yet. I was wondering about the feasibility of creating a second SS project dedicated to reporting, keeping it .NET Framework, and moving all of my reporting services there.

For authentication, I was hoping we could take the sessionId from the (new) .NET core service and pass it into the reporting services with request header X-ss-pid, and “share” the authentication between the two.

The only potential problem I can see is the type of my custom AuthUserSession is stored in the cache, along with assembly name, so those would have to be the same in both projects. Would there be any other gotchas to consider?

I’d consider keeping Auth in 1 service and using a stateless Auth like JWT for your 2nd Service, you’ll only have access to a partial User Session (i.e. what ever’s stored in the JWT payload) but it will allow authentication without trying to duplicate Auth functionality across multiple Services.

Have a look at Stateless Auth Microservices for an example of having a single central Auth Service and using JWT Auth for all other Microservices.