更改每个请求的 OWIN 身份验证中间件(多租户，每个租户的 oauth API 密钥) [英] Change OWIN Auth Middleware Per Request (Multi-tenant, oauth API keys per tenant)

问题描述

我有一个多租户应用程序.每个租户都可以通过 Facebook、Twitter、Google 等使用 OAUTH-2 对其用户进行身份验证.每个租户都有自己的用于上述服务的 API 密钥.

I have a multi-tenant application. Each tenant can authenticate its users using OAUTH-2 with Facebook, Twitter, Google, etc. Each tenant has its own API keys for the aforementioned services.

设置 OWIN 管道的典型方法是在启动中使用"身份验证提供程序，但这会在应用启动时设置 API 密钥.我需要能够为每个请求更改每个 oauth API 使用的密钥.

The typical way to setup the OWIN pipeline is to "use" auth providers in Startup but this sets the API keys at app start. I need to be able to change which keys are used with each oauth API for each request.

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            Provider = cookieAuthProvider,
            CookieName = "VarsityAuth",
        });

        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        app.UseMicrosoftAccountAuthentication(
            clientId: "lkjhlkjkl",
            clientSecret: "kjhjkk");

我需要能够根据租户根据请求更改这些设置.我该怎么做?

推荐答案

编辑 - 我现在可以确认此解决方案对我有用.

Edit - I can now confirm this solution is working for me.

我正在为我自己的项目调查这个问题，该项目需要根据配置根据主机名或请求的第一个文件夹段支持多租户.

I'm investigating this problem for my own project which needs to support multi tenants based on either the host name or the first folder segment of the request depending on configuration.

我还没有测试过这个，但我认为在启动时这样的代码可能会起作用:

I have not yet tested this but I'm thinking code something like this in startup might do the trick:

例如，我想为每个租户使用不同的 auth cokie 名称，我认为启动时的代码可能会起作用:

for example I want to use a different auth cokie name per tenant, and I'm thinking code in startup something like this might work:

// for first folder segment represents the tenant
app.Map("/branch1", app1 =>
{
    app1.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
       {
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<SiteUserManager, SiteUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    },

        CookieName = "branch1-app"
    });

});

// for when the host name of the request identifies the tenant
app.MapWhen(IsDomain1, app2 =>
{
    app2.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<SiteUserManager, SiteUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        },

        CookieName = "domain1-app"
    });

});

private bool IsDomain1(IOwinContext context)
{
    return (context.Request.Host.Value == "domain1");
}

这篇关于更改每个请求的 OWIN 身份验证中间件(多租户，每个租户的 oauth API 密钥)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！