Jwt token multiple rent

I implemented ASP.NET in my ASP.NET project using a token, I create a token every time I log in and everything seems to work.

My problem is that the application will have a lot of tanancy me, so I will have many third-party clients (Client1.myapp.com, client2.myapp.com, client3.myapp.com)

On the server side, my application, which controls the bees, will accept a parameter that will be the name of the tenant. Some examples:

apimyapp.com/client1/api/generateToken

apimyapp.com/client2/api/generateToken

apimyapp.com/client3/api/generateToken

Now, if I create a token from client1 and put the call apimyapp.com/client2/api/users (insert the header into the token generated by client 1, but the call is made for client2)

I am checking the token.

Instead, I want the token to be valid only for the tenant from whom it was generated.

in my startup.cs:

 app.UseJwtBearerAuthentication(new JwtBearerOptions()
        {
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidIssuer = _config["Tokens:Issuer"],
                ValidAudience = _config["Tokens:Audience"],
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"])),
                ValidateLifetime = true
            }
        });

and in my controller for the generation token:

    var userClaims =  _userManagerRepository.GetClaims(user);

    var claims = new[]
    {
        new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
        new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
        new Claim(JwtRegisteredClaimNames.GivenName, user.UserName),
        new Claim(JwtRegisteredClaimNames.FamilyName, user.UserName),
        new Claim(JwtRegisteredClaimNames.Email, user.Email)
    }.Union(userClaims);

    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"]));
    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

    var token = new JwtSecurityToken(
        issuer: _config["Tokens:Issuer"],
        audience: _config["Tokens:Audience"],
        claims: claims,
        expires: DateTime.UtcNow.AddMinutes(90),
        signingCredentials: creds
    );
+4
source share
1 answer

You can add a list of keys, audiences, etc., like this, to the TokenValidationParameters parameters

  ValidAudiences = new List<string> 
        {
            "AUDIENCE1",
            "AUDIENCE2" 
        }
0
source

Source: https://habr.com/ru/post/1674894/


All Articles