All geek questions in one place

ASP.NET ID + Carrier Token + Multi-Tenant

I created a multi-user application using Entity Framework, WebAPI, ASP.NET Identity. It basically reads the tenant's subdomain and uses it to read the connection string from the database and sets it at run time.

Everything is fine, a database is created, etc., but the only problem now is the ASP.NET identifier bearer.

When I created the access token for http: //tenant1.#####.com/token , it seems that the token is signed in one application (without the key machine), which allows you to access the controllers http: //tenant2.## ###. com , which should not be, as these are different subdomains / tenants.

Are there any ways around this? Or maybe I should look for a different security structure, not an ASP.NET identifier?

+5
source share
1 answer

MVC5 makes it easy to add a tenant name application to a user ID. In the Models directory, edit the ApplicationUser class in IdentityModels.cs :

 public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) { // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie); // Add claim for tenant name userIdentity.AddClaim(new Claim("tenantName", "abcCompany"); // Add custom user claims here return userIdentity; }

Then, when the processed request is processed, make sure that the User contains the correct request and value.

+3
source

Source: https://habr.com/ru/post/1202543/

More articles:


All Articles