我们正在尝试为我们的产品使用奇妙的IdentityServer。您的应用程序应该能够与不同的租户一起工作,并且每个租户都可以拥有自己的身份提供者。用于多租户的多个OpenIdConnectAuthentication-Middlewares
的IdentityServer部分“可能”(它的工作原理,但我不知道这是否是超级聪明的)来解决这样的:
app.Map("/demotenant", (test) =>
{
test.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Embedded IdentityServer",
SigningCertificate = Certificate.Load(),
Factory = factory,
RequireSsl = false,
AuthenticationOptions = new AuthenticationOptions
{
EnableLocalLogin = false,
IdentityProviders = ConfigureIdentityProviders,
},
});
});
app.Map("/demotenant2", (test) =>
{
test.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Embedded IdentityServer",
SigningCertificate = Certificate.Load(),
Factory = factory,
RequireSsl = false,
AuthenticationOptions = new AuthenticationOptions
{
EnableLocalLogin = false,
IdentityProviders = ConfigureIdentityProviders,
},
});
});
现在我试图用这个从我的web应用。当我正在/ demotenant它应该使用/ demotenant身份服务器等
app.Map("/demotenant", (test) =>
{
test.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "cookies",
});
test.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "cookies",
Authority = "http://localhost:63958/demotenant",
ClientId = "webapp",
RedirectUri = "http://localhost:57354/",
ResponseType = "id_token",
Scope = "openid",
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = async f =>
{
f.ProtocolMessage.AcrValues = "datasourceId:test";
},
},
});
});
app.Map("/demotenant2", (test) =>
{
test.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "cookies",
});
test.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "cookies",
Authority = "http://localhost:63958/demotenant2",
ClientId = "webapp",
RedirectUri = "http://localhost:57354/",
ResponseType = "id_token",
Scope = "openid",
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = async f =>
{
f.ProtocolMessage.AcrValues = "datasourceId:test";
}
},
});
});
遗憾的是它不工作,或者至少我不能触发认证流程。
我的“简单”示例只是使用[Authorize]属性,它将魔法重定向到我的IdentityServer。 所以问题是:
- 是否有可能基于路由触发其中一个authroization,如果是的话:如何?