Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Multi-Tenant with AspNetCore.Identity #2128

Closed
ovidiaconescu opened this issue Mar 2, 2018 · 7 comments
Closed

Multi-Tenant with AspNetCore.Identity #2128

ovidiaconescu opened this issue Mar 2, 2018 · 7 comments
Labels
question

Comments

@ovidiaconescu
Copy link

ovidiaconescu commented Mar 2, 2018
edited

Is there a preferred way to enable multi-tenancy on IDS4 on aspnetcore 2.0 using AspNetCore.Identity?

The samples from #442 - https://github.com/schatekar/IdentityServer4.MultiTenant and https://github.com/khelben/IdsvrMultiTenantExample based on https://github.com/saaskit/saaskit no longer work due to the fact that the method UseCookieAuthentication in CookieAppBuilderExtensions is now obsolete.

I've attempted to work it out like https://stackoverflow.com/questions/48384484/multitentant-identity-server-4#comment85163360_48384484 and modify the AspNetUser and SignInManager as in https://www.scottbrady91.com/ASPNET-Identity/Quick-and-Easy-ASPNET-Identity-Multitenancy but the issue stands that signing-in a user on one tentant automatically considers it signed-in on all clients.
@ovidiaconescu
Copy link
Author

Since the problem is with builder.UseCookieAuthentication, as it is now obsolete, I've done a PR on saaskit to update it to netcoreapp2.0 and changed the way auth is set in the AspNetMvcAuthDemo

I'm using two transient services that set the configuration from the tenant every time it is needed.
This is something that @brockallen suggested way back in #19

See PR here: saaskit/saaskit#96

@leastprivilege
Copy link
Member

Any update on the issue? closing for now - feel free to re-open if it needs further discussion.

@ovidiaconescu
Copy link
Author

Not unless there is another suggested way to achieve multi-tenancy?

@leastprivilege
Copy link
Member

ASP.NET Core itself is not multi-tenant. So regardless how much duct-tape you put around it - there are limits.

@AndrewTriesToCode
Copy link
Contributor

@ovidiaconescu Apologies in advance for commenting on a closed item--I have found a decent solution for multitenancy and authentication under the new ASP.NET Core 2 model. It centers around customizing IOptionsCache and the end result is custom Cookie or OpenID Connect (or really any authentication options) per tenant.

I have some code that wraps up this approach nicely including support for tenant identification by subdomain or route variable. See the "Finbuckle.MultiTenant" project on my profile if you are interested in seeing how I was able to get this to work. There is a sample project in there that does exactly what I think you are looking for.

@maxisam
Copy link

maxisam commented Apr 25, 2018

@leastprivilege your statement might not be true after 2.1.

aspnet/Security#1718

https://stackoverflow.com/questions/49596938/openid-connect-identifying-tenant-during-login/49682427#49682427

@lock
Copy link

lock bot commented Jan 13, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@maxisam @ovidiaconescu @leastprivilege @AndrewTriesToCode