Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Asp.net Core 2 enable multi tenancy using Identity Server 4

Tags:

c#

asp.net-core

multi-tenant

identityserver4

I have an IDP (Identity Server 4) hosted with multiple bindings: auth.company1.com and auth.company2.com I also have an API protected from that IDP. So in order to access the API I need to get the access token from the IDP. This is configured at startup class at the API level like this: 

     services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "https://auth.company1.com/";
                options.RequireHttpsMetadata = true;
                options.ApiName = "atb_api";
            });

How can I configure options.Authority dynamically so it allows authority from multiple domains https://auth.company1.com/ and https://auth.company2.com/ ?

like image 676
Gzim Helshani Avatar asked Jul 08 '18 11:07

Gzim Helshani

1 Answers

I solved this.

At the protecting API level at the startup class I have this configuration:

services.AddAuthentication("Bearer")
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://shared-domain-for-every-tenant/";
            options.RequireHttpsMetadata = true;
            options.ApiName = "atb_api";
        });

The magic happens at the IDP level (IdentityServer4), while configuring the IdentityServer I add the option IssuerUri like this:

services.AddIdentityServer(options => {
            options.IssuerUri = "https://shared-domain-for-every-tenant/";
        })..AddDeveloperSigningCredential() ...other configurations ...

When I navigate to https://auth.company1.com/.well-known/openid-configuration the returned document is like this:

  {
    "issuer": "https://shared-domain-for-every-tenant/",
    "jwks_uri": "https://auth.company1.com/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "https://auth.company1.com/connect/authorize",
    "token_endpoint": "https://auth.company1.com/connect/token",
    "userinfo_endpoint": "https://auth.company1.com/connect/userinfo",
    ...
  }

Notice the issure is a static url while all the other endpoints are specific to the tenant that made the request. This allows the API to validate the access token and also have different endpoints for each tenant (I need this to show a different login screen for each of them).

Hope it helps someone out there :)

like image 180
Gzim Helshani Avatar answered Sep 28 '22 04:09

Gzim Helshani
Sign in to Comment

Related questions

IWebHost.Build() is not calling Startup.Configure() after upgrading to .Net Core 2.1
asp .net core app doesn't set response cookie in IE and EDGE but works well in firefox and chrome
UWP + .appinstaller: How to detect new version and prompt user and start the upgrade of the app?
How to Create such a Task Panel?
Polly Retry policy with Function is not waiting for result
How to create CreatedOn and UpdatedOn using EF Core 2.1 and Pomelo
dialogflow simple fulfillment webhook in c# not working
Changing B2C Reply URL from "signin-oidc" to something else does not work
Unexpected behaviour with Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ForEachAsync<T>()
Xml - '=' is an unexpected token, the expected token is ';'
TDD: Does EF Core In Memory Provider validates referential constraints?
Get a list of all UNC shared folders on a local network server
HTML Agility Pack get all anchors' href attributes on page
How to create a csv file from List<String[]>
Exception codes, or detecting a "file already exists" type exception
How do I return XML from a Stored Procedure?
Is it safe to access asp.net session variables through static properties of a static object?
How do you put { and } in a format string [duplicate]
How to Refresh DbContext
Entity Framework duplicate object and all child properties

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!