I implemented ASP.NET in my ASP.NET project using a token, I create a token every time I log in and everything seems to work.
My problem is that the application will have a lot of tanancy me, so I will have many third-party clients (Client1.myapp.com, client2.myapp.com, client3.myapp.com)
On the server side, my application, which controls the bees, will accept a parameter that will be the name of the tenant. Some examples:
apimyapp.com/client1/api/generateToken
apimyapp.com/client2/api/generateToken
apimyapp.com/client3/api/generateToken
Now, if I create a token from client1 and put the call apimyapp.com/client2/api/users (insert the header into the token generated by client 1, but the call is made for client2)
I am checking the token.
Instead, I want the token to be valid only for the tenant from whom it was generated.
in my startup.cs:
app.UseJwtBearerAuthentication(new JwtBearerOptions()
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = _config["Tokens:Issuer"],
ValidAudience = _config["Tokens:Audience"],
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"])),
ValidateLifetime = true
}
});
and in my controller for the generation token:
var userClaims = _userManagerRepository.GetClaims(user);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.GivenName, user.UserName),
new Claim(JwtRegisteredClaimNames.FamilyName, user.UserName),
new Claim(JwtRegisteredClaimNames.Email, user.Email)
}.Union(userClaims);
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: _config["Tokens:Issuer"],
audience: _config["Tokens:Audience"],
claims: claims,
expires: DateTime.UtcNow.AddMinutes(90),
signingCredentials: creds
);