Dynamic OpenIdConnectOptions for multi-tenant leases in Asp.net Core 2.1- *

I am working with aspnetcore v2.1 (latest dev branches) to create a multi-tenant application where each tenant authenticates against their own Azure B2C AD tenant. This approach was chosen so that the email and password choices and social login associations are unique to each tenant.

Instead of the static ClientId used in Startup.ConfigureServices, I want to apply the correct ClientId and permissions based on the current tenant ID (which I determine based on the hostname). Building on the previous 2.0- * code check I used IOptionsSnapshot to let me apply the correct options as shown below.

In Startup.ConfigureServices:

services.AddSingleton<IOptionsSnapshot<OpenIdConnectOptions>, OpenIdConnectOptionsSnapshot>();
services.AddAuthentication().AddCookie().AddOpenIdConnect();

      

In Startup.Configure:

app.UseAuthentication();

      

With implementation:

public class OpenIdConnectOptionsSnapshot : IOptionsSnapshot<OpenIdConnectOptions>

      

However, I now found that my OpenIdConnectOptionsSnapshot is no longer being created or referenced.

What is the correct way to apply dynamic client ClientId, permissions, etc. in AspNetCore Security 2.1.0 - *?

(I'm open to "you're doing it completely wrong" and suggests various ways to achieve multi-tenancy for tenants who don't have a pre-existing AzureAD footprint)

+3


source to share


1 answer


Try using IOptionsMonitor instead, we changed the way IOptionsSnapshot works quite late in 2.0 and enabled auth to use the monitor.



Snapshot options are now covered

+1


source







All Articles