ASP.NET Identity + Bearer Token + Multi-Tenant
Question
I've created a multi-tenant application using Entity Framework, WebAPI, ASP.NET Identity. Basically it reads the subdomain of the tenant and using it to read the connection string from the database and sets it on runtime.
Everything is great, database is creating etc, but the only issue now is the ASP.NET Identity Bearer Token.
When I've generated a bearer access token for http://tenant1.#####.com/token , it seems that the token is signed on the same application (no machine key was specified) and it's allowing access to http://tenant2.#####.com controllers as well, which shouldn't be the case as it's different subdomains / tenants.
Are there any ways around this? Or perhaps I should be looking into other Security Framework and not ASP.NET Identity?
1 answers
solution1
3 2015-07-09 05:01:57
MVC5 makes it easy to add a tenant name claim to the user identity. In the Models directory, edit the ApplicationUser class in IdentityModels.cs :
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
// Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// Add claim for tenant name
userIdentity.AddClaim(new Claim("tenantName", "abcCompany");
// Add custom user claims here
return userIdentity;
}
Then when an authenticated request is processed, validate that the User contains correct claim and value.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.