0

I'm trying to have a solution where one web application is serving multiple domains, for each domain I would like to configure its own providers, using the app id and secret for the external provider, I would like the cookie domain and the providers information to be read from a database based on the current domain name, so for example:

switch (currentDomainName)
{
case "web1.com": load cookie domain and providers information for web1.com ...
case "web2.com": load cookie domain and providers information for web2.com ...
...
}

I'm facing two major problems:

  1. I have no HttpContext available at the Owin Startup ConfigureAuth() and I'm not sure how to determine which domain name is used early on Startup...
  2. I understand that Startup only run once per web application, so for example, after web1.com is accessed for the first time, ConfigureAuth() will not run again for web2.com once it is already set by web1.com

I wonder if I can override some Owin methods and make it non static... or maybe find a way to implement this in a different way (but I still like to use Owin)

Where do I start?

Yovav
  • 2,557
  • 2
  • 32
  • 53
  • The providers are not built for that. How many domains are you considering? If it's just a few then you could fork the pipeline for each domain using something like MapWhen and provide different middleware for each. The trick is re-merging the pipeline afterwards. – Tratcher Jun 24 '16 at 17:00
  • About 10 domains, but maybe more in the future, do you know of any other middleware I should look into by any chance? – Yovav Jun 25 '16 at 03:15
  • No, it's not an area that's been developed much yet. At a certain point it's too complicated to manage within your app and you farm it out to a service like Azure AAD B2C https://azure.microsoft.com/en-us/services/active-directory-b2c/ – Tratcher Jun 26 '16 at 22:25

1 Answers1

0

You can get the request url and then do a lookup in the database to see what is the domain related customer. There could be a table that lists the identity providers for this domain

Example

TenantDomains
*************
TenantId      URL ......
tenant1       https://tenant1.company.com
tenant2       https://tenant2.company.com

IdProviders
***********
TenantId       ProviderIds       ......
tenant1        Custom, Social
tenant2        Social

Here the names are used instead of identifiers for ease of readability. However, the approach still remains the same.

You could do all the above lookup in a middleware and then use the value in the Environment and then set up the pipeline based on the data or decisions made earlier.

Example:

You can access the incoming request from the OWIN Context and do all the operation that would do otherwise on a HttpRequest from the owin context's request itself.

        app.MapWhen(req => req.Request.Headers.ContainsKey("Authorization"), apiAuth =>
        {
            // do anything that matches this request
            apiAuth.UseBearerAuthentication(new BearerAuthenticationOptions());

        });

HTH

Saravanan
  • 7,637
  • 5
  • 41
  • 72
  • Unfortunately, HttpRequest is not available at Startup and for that reason there's no way to determine the URL so early in the pipeline, I think there's a way to update the cookie later on when the request is available, but I don't think the Owin providers can be added or updated at a later point, so it seems it's not going to work out this way – Yovav Jul 06 '16 at 16:20
  • provided the examples for accessing the request while in the OWIN pipeline. @Yovav: please refer the sample edited in the above post. – Saravanan Jul 10 '16 at 06:19