Asp.net Core 2使用Identity Server 4启用多租户 [英] Asp.net Core 2 enable multi tenancy using Identity Server 4

查看:745
本文介绍了Asp.net Core 2使用Identity Server 4启用多租户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个IDP(身份服务器4),托管有多个绑定:auth.company1.com和auth.company2.com 我也有一个不受该IDP保护的API.因此,为了访问API,我需要从IDP获取访问令牌.可以在启动级别在API级别进行配置,如下所示:

I have an IDP (Identity Server 4) hosted with multiple bindings: auth.company1.com and auth.company2.com I also have an API protected from that IDP. So in order to access the API I need to get the access token from the IDP. This is configured at startup class at the API level like this: 

     services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "https://auth.company1.com/";
                options.RequireHttpsMetadata = true;
                options.ApiName = "atb_api";
            });

如何配置选项.权限动态地允许来自多个域的权限 https://auth.company1.com/ https://auth.company2.com/吗?

How can I configure options.Authority dynamically so it allows authority from multiple domains https://auth.company1.com/ and https://auth.company2.com/ ?

推荐答案

我解决了这个问题.

在启动类的保护API级别上,我具有以下配置:

At the protecting API level at the startup class I have this configuration:

services.AddAuthentication("Bearer")
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://shared-domain-for-every-tenant/";
            options.RequireHttpsMetadata = true;
            options.ApiName = "atb_api";
        });

魔术发生在IDP级别(IdentityServer4),在配置IdentityServer时,我添加了选项IssuerUri,如下所示:

The magic happens at the IDP level (IdentityServer4), while configuring the IdentityServer I add the option IssuerUri like this:

services.AddIdentityServer(options => {
            options.IssuerUri = "https://shared-domain-for-every-tenant/";
        })..AddDeveloperSigningCredential() ...other configurations ...

当我导航到 https://auth.company1.com/.well -已知/openid配置 返回的文档是这样的:

When I navigate to https://auth.company1.com/.well-known/openid-configuration the returned document is like this:

  {
    "issuer": "https://shared-domain-for-every-tenant/",
    "jwks_uri": "https://auth.company1.com/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "https://auth.company1.com/connect/authorize",
    "token_endpoint": "https://auth.company1.com/connect/token",
    "userinfo_endpoint": "https://auth.company1.com/connect/userinfo",
    ...
  }

请注意,issure是一个静态URL,而其他所有端点都特定于发出请求的租户.这样一来,API就可以验证访问令牌,并且每个租户都有不同的终结点(我需要为每个租户显示不同的登录屏幕).

Notice the issure is a static url while all the other endpoints are specific to the tenant that made the request. This allows the API to validate the access token and also have different endpoints for each tenant (I need this to show a different login screen for each of them).

希望它可以帮助某个人:)

Hope it helps someone out there :)

这篇关于Asp.net Core 2使用Identity Server 4启用多租户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆