Generating an Authentication Token with a Dynamic Machine Key
Generating an Authentication Token with Dynamic Machine Key
I am using OWIN security context and CookieAuthenticationProvider
for generating authentication cookies:
public partial class Startup {
public void ConfigureAuth(IAppBuilder app) {
app.UseCookieAuthentication(new CookieAuthenticationOptions() {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Authentication/Login"),
Provider = new CookieAuthenticationProvider()
});
}
}
However, I would like to implement this in a multi-tenant environment. I already have a tenant context set up, which has a machine key property associated with it; I just need a way to generate the token based on the tenant-specific machine key (not the machine key in the file web.config
).
Ideally I would like to inherit and extend existing OWIN classes (maybe
CookieAuthenticationProvider
) rather than implement my own.
Does anyone know how to generate an authentication token from a given machine / private key?
Bill
Update
Since the "Machine" keys cannot be edited; instead of trying to set up machine keys, would it be safe to implement IDataProtectionProvider
or augment DataProtectionProvider
to use System.Security.Cryptography.DpapiDataProtector
and pass the tenant's private private key as a parameter specificPurpose
?
If all tenants shared the machine key, but each tenant had their own private key, they would not be able to decrypt every authentication token, correct?
source to share