使用IdentityServer4的子域多租户登录 [英] Sub domain Multi Tenant login with IdentityServer4

问题描述

我正在尝试使用Identityserver4实现多租户应用程序

i'm trying to implement multi tenant application with identityserver4 let's say i have

• web1.local.com
• web2.local.com

当我登录到web1.local.com时，另一个域名为web2.local.com也会自动登录.

when i logged in to web1.local.com other domain which is web2.local.com also automatically logged in.

总有分开这些登录名的信息吗?

is there anyway to separate these logins?

我当时想对IUserSession

public virtual async Task CreateSessionIdAsync(ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (principal == null) throw new ArgumentNullException(nameof(principal));
    if (properties == null) throw new ArgumentNullException(nameof(properties));

    var currentSubjectId = (await GetUserAsync())?.GetSubjectId();
    var newSubjectId = principal.GetSubjectId();

    if (!properties.Items.ContainsKey(SessionIdKey) || currentSubjectId != newSubjectId)
    {
        properties.Items[SessionIdKey] = CryptoRandom.CreateUniqueId(16);
    }

    IssueSessionIdCookie(properties.Items[SessionIdKey]);

    Principal = principal;
    Properties = properties;
}

private void IssueSessionIdCookie(string sid)
{
    if (Options.Endpoints.EnableCheckSessionEndpoint)
    {
        if (GetSessionIdCookieValue() != sid)
        {
            HttpContext.Response.Cookies.Append(
                Options.Authentication.CheckSessionCookieName,
                sid,
                CreateSessionIdCookieOptions());
        }
    }
}

什么是最好的方法?

推荐答案

我相信您遇到的问题是，一旦Identity Server发出会话cookie，无论最初使用哪个应用程序登录，IdentityServer都会始终跳过登录其他任何应用程序的后续请求(由于该最初管理的会话Cookie).

I believe the problem you are having is that once the session cookie is issued by IdentityServer regardless of which application was originally used to sign in, IdentityServer will always skip the login on subsequent requests from any other applications (because of that originally administered session cookie).

要始终在不同应用程序之间强制进行身份验证，可以在授权请求上使用提示"查询字符串，并将其设置为等于登录".可以在此处找到更多信息: http://docs.identityserver .io/zh-CN/latest/endpoints/authorize.html?highlight = prompt

To always force the authentication between different applications, you can use the 'prompt' query string on the authorize request and set it equal to 'login'. More information can be found here: http://docs.identityserver.io/en/latest/endpoints/authorize.html?highlight=prompt

这篇关于使用IdentityServer4的子域多租户登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！