Asp.net Core 2 使用 Identity Server 4 启用多租户 [英] Asp.net Core 2 enable multi tenancy using Identity Server 4

查看:43
本文介绍了Asp.net Core 2 使用 Identity Server 4 启用多租户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 IDP(身份服务器 4)托管多个绑定:auth.company1.com 和 auth.company2.com我还有一个受该 IDP 保护的 API.因此,为了访问 API,我需要从 IDP 获取访问令牌.这是在 API 级别的启动类中配置的,如下所示:

I have an IDP (Identity Server 4) hosted with multiple bindings: auth.company1.com and auth.company2.com I also have an API protected from that IDP. So in order to access the API I need to get the access token from the IDP. This is configured at startup class at the API level like this: 

     services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "https://auth.company1.com/";
                options.RequireHttpsMetadata = true;
                options.ApiName = "atb_api";
            });

如何动态配置 options.Authority 以允许来自多个域的权限 https://auth.company1.com/https://auth.company2.com/ ?

How can I configure options.Authority dynamically so it allows authority from multiple domains https://auth.company1.com/ and https://auth.company2.com/ ?

推荐答案

我解决了这个问题.

在启动类的保护 API 级别,我有以下配置:

At the protecting API level at the startup class I have this configuration:

services.AddAuthentication("Bearer")
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://shared-domain-for-every-tenant/";
            options.RequireHttpsMetadata = true;
            options.ApiName = "atb_api";
        });

神奇发生在 IDP 级别 (IdentityServer4),在配置 IdentityServer 时,我添加了选项 IssuerUri,如下所示:

The magic happens at the IDP level (IdentityServer4), while configuring the IdentityServer I add the option IssuerUri like this:

services.AddIdentityServer(options => {
            options.IssuerUri = "https://shared-domain-for-every-tenant/";
        })..AddDeveloperSigningCredential() ...other configurations ...

当我导航到 https://auth.company1.com/.well-已知/openid-配置返回的文档是这样的:

When I navigate to https://auth.company1.com/.well-known/openid-configuration the returned document is like this:

  {
    "issuer": "https://shared-domain-for-every-tenant/",
    "jwks_uri": "https://auth.company1.com/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "https://auth.company1.com/connect/authorize",
    "token_endpoint": "https://auth.company1.com/connect/token",
    "userinfo_endpoint": "https://auth.company1.com/connect/userinfo",
    ...
  }

请注意,该问题是一个静态 url,而所有其他端点都特定于发出请求的租户.这允许 API 验证访问令牌并为每个租户提供不同的端点(我需要它为每个租户显示不同的登录屏幕).

Notice the issure is a static url while all the other endpoints are specific to the tenant that made the request. This allows the API to validate the access token and also have different endpoints for each tenant (I need this to show a different login screen for each of them).

希望它可以帮助那里的人:)

Hope it helps someone out there :)

这篇关于Asp.net Core 2 使用 Identity Server 4 启用多租户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆