4

Bakground: I want to develop a multi-tenant application in ASP.NET Core and have been looking into Ben Fosters Saaskit library which seems to provide good solutions for common problems in multitenancy applications.

Problem: The SaasKit have a UsePerTenant method which is nice for doing different things per-request depending on current tenant.

My goal is to use the UsePerTenant method combined with different IOptions objects injected via dependency injection. This can be used in the authentication middleware like

AddAuthentication().AddCookie(..).AddOpenIdConnect(...)

Which is configured in the ConfigureServices method in Startup.cs

public class Startup
{
    // Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        ...
    }

    // Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app)
    {
        ...
    }
}

I can’t make the authentication middleware in ASP.NET 2.0+ use different IOptions objects per-request since the ConfigureServices method in the Startup.cs file only runs once every application startup and the UsePerTenant method should be used in the Configure method which is running for each incoming/outgoing request in the ASP.NET pipeline.

Question: How to dynamically change cookie and OpenID Connect options in the ConfigureServices method based on current tenant?

Jonas
  • 3,155
  • 5
  • 35
  • 55
  • Possible solution currently as a pull request in the SaasKit library https://github.com/saaskit/saaskit/pull/96 – Jonas Mar 12 '18 at 21:29
  • 1. Create a Service IUserAuthenticationManager, 2. Make it a singleton which has an IHTTPAccessor in it, 3. Create a property which accessing it will resolve your userid from the HTTPCurrent Context. 4. Use that userId to create you access rule – johnny 5 Mar 12 '18 at 21:34

2 Answers2

3

I have found a good way to get per tenant options for any type of ASP.NET Core options, including cookie or openID Connect. I have wrapped this up into a framework called Finbuckle.MultiTenant.

It basically boils down to a setup that looks like this:

services.AddMultiTenant().
            WithInMemoryStore()).
            WithRouteStrategy().
            WithPerTenantOptionsConfig<CookieAuthenticationOptions>((o, tenantContext) => o.Cookie.Name += tenantContext.Id);

See my here for more information if you are curious: https://www.finbuckle.com/MultiTenant

achandlerwhite
  • 191
  • 1
  • 5
  • Can this solution use with IdentityServer4? – Sampath May 10 '18 at 18:48
  • @Sampath, For authentication options yes because IS4 uses the normal options under the hood. For data it's more complicated -- if you use the ASP.NET Identity plug-in for IdentityServer4 then yes for the user data. The config and operational data would be harder--it would be a lot of work to change the EF plugins for those, but it could be done. – achandlerwhite May 11 '18 at 22:39
  • Thanks for the reply. I'm using ASP.net identity + EF Core. And for the API, I'm using .Net Core Web API2. I think we can mange identity server multi-tenant part. Issue is configure API for OIDC. My system is having single DB per client and each client having their own domain. – Sampath May 14 '18 at 11:41
  • @Sampath Per tenant OpenID Connect options are supported. Check out the project webpage at https://www.finbuckle.com/multitenant to see the documentation. If you have any questions just create an issue in the github. -Drew – achandlerwhite May 16 '18 at 19:43
2

The following PR provides a solution for the above question. https://github.com/saaskit/saaskit/pull/96

The PR have been merged with the "master" branch now.

It wasn't merged yet (November 2018)

Serhii Kyslyi
  • 1,745
  • 24
  • 43
Jonas
  • 3,155
  • 5
  • 35
  • 55