Generating an Authentication Token with a Dynamic Machine Key

Generating an Authentication Token with Dynamic Machine Key

I am using OWIN security context and CookieAuthenticationProvider

for generating authentication cookies:

public partial class Startup {
    public void ConfigureAuth(IAppBuilder app) {
        app.UseCookieAuthentication(new CookieAuthenticationOptions() {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Authentication/Login"),
            Provider = new CookieAuthenticationProvider()
        });
    }
}

      

        
        
        
      

    

However, I would like to implement this in a multi-tenant environment. I already have a tenant context set up, which has a machine key property associated with it; I just need a way to generate the token based on the tenant-specific machine key (not the machine key in the file web.config

).

Ideally I would like to inherit and extend existing OWIN classes (maybe CookieAuthenticationProvider

) rather than implement my own.

Does anyone know how to generate an authentication token from a given machine / private key?

Bill

Update

Since the "Machine" keys cannot be edited; instead of trying to set up machine keys, would it be safe to implement IDataProtectionProvider

or augment DataProtectionProvider

to use System.Security.Cryptography.DpapiDataProtector

and pass the tenant's private private key as a parameter specificPurpose

?

If all tenants shared the machine key, but each tenant had their own private key, they would not be able to decrypt every authentication token, correct?