everyone!

Hi, guys! So, I have a small problem that I would like some help with. I am working on a future application for a small company as a freelance back-end web developer, and I am using .NET for it, and loving it so far! So, what I want to ask is the following, and I am sorry if it sounds a little dumb or something: is it possible to use ASP.NET Core’s tools for authentication (registering and login of users of the application) without a dedicated database specifically for it? Basically, this is what I want my application’s database to look like, even though I know that the recommended path is for all the tables that are prefixed with AspNet to be in a separate database (see image below, where I crossed out in red the stuff that I created for the application for security reasons, and only left the tables that ASP.NET Core creates by default for authentication):
MyDatabase on Microsoft SQL Server

Now, the reason why I was recommended by the senior dev of the Project (there are only two devs in the project: him and me, and I’m a junior), who is on the front-end, to follow this path of just one database is for economic reasons, as the Project is really small, and he told me that more than one database means spending more Money, and there are budget constraints.

The Problem

So, on to the technical issues I’ve been having. When I have a dedicated database specifically for authentication (which means I will have two DbContexts in my app – something like “MyApplicationDbContext” and “MyApplicationAuthorizationDbContext”), registering and login cause no problem at all: new users are saved on the database, and if you don’t log in and try to access certain routes without authorization, you won’t be able to do so; but if you do log in, you can access those routes with no problem at all. However, if I try to put everything in a single database (and therefore, use just one DbContext – which is what I want to do, due to financial reasons, as I said), registering is not a problem, but logging in is. Basically, I can log in, but the routes that require authorization can’t “recognize” that I am now an authorized user, and therefore I can’t access them (whereas I can if I have two databases). That is the problem I’ve been having, in a nutshell. And what puzzles me is that in both situations (both when I am working with two databases and when I am working with just one database) the users are saved on the database, logging in seems to be successful, and valid JwtTokens are returned by Swagger as a response.

Example

For example, let’s say that I have this user here (and I will attach some screenshots from Swagger and Microsoft SQL Server to walk you all through it):
Example user

When I register this user, everything goes well. Here is Swagger’s message after registering this user:
Screenshot from Swagger right after registering

And to prove that this user was indeed saved into the database, here is a screenshot of Microsoft SQL Server:
User saved in the database

Now, I haven’t logged in via Swagger yet, so let’s try to access a route that can only be accessed if you are authorized:
Access denial before login

Ok, now let’s log in. Having clicked the “Authorize” button on Swagger on the top right, and having inserted the JwtToken following the format “Bearer myJwtTokenIsInsertedHereAndItIsALongString” this is what I get:
After authorization

Right, so on to trying to access the route that can only be accessed by authorized users. As you can see, it’s like I hadn’t even logged in at all (or maybe the application doesn’t recognize the JwtToken? I don’t know):
Access denial even after login

So, what can be done in my situation? Is there a way to be able to use all the tools that Microsoft provides for authentication, while at the same time using just one database? Maybe I’m missing something? Or do I have to do everything from scratch if I want just one database for everything? (For example, manually create a HashPassword algorithm – and things of that nature – instead of relying on what is already built into the .NET framework, which does that for you automatically)

Observation: There is no email validation at the moment; that is, the application still doesn’t send an email confirmation or anything (it will be implemented in the future, of course), so at the moment one can insert whatever string she/he wants as an email.

Any help would be appreciated, and I am sorry for the long post!