search

Finbuckle / Finbuckle.MultiTenant

Finbuckle.MultiTenant is an open-source multitenancy middleware library for .NET. It enables tenant resolution, per-tenant app behavior, and per-tenant data isolation.
https://www.finbuckle.com/multitenant
Apache License 2.0
1.31k stars 267 forks source link

Per Tenant JWTBearer Options failed with authentication #827

Closed KarthikEK20 closed 4 months ago

KarthikEK20 commented 4 months ago

I'm trying to use the latest version 7.0.1. of the Finbuckle to resolve multitenant and to authorize per tenant basis. Hence, I need to set JWTBearerOptions that is Authority based on tenant-resolved domain URL. I have followed doc, and some older samples,

https://www.finbuckle.com/MultiTenant/Docs/Options https://github.com/Finbuckle/Finbuckle.MultiTenant/issues/303

Both have details on how to do it, but if I follow the same, it doesn't work as expected. The problem I'm facing is, that I can see the JWTBearerOption set per tenant by using the "builder.Services.ConfigurePerTenant" line, but still, the authorisation fails because of authority don't have any value.

Here is the example code I followed.

// Configure Services services.AddHttpContextAccessor(); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer();

        services.AddMultiTenant<TenantInfo>()
            .WithStore(ServiceLifetime.Scoped)
            .WithRemoteAuthenticationCallbackStrategy()
            .WithHostStrategy("__tenant__");

        services.ConfigurePerTenant<JwtBearerOptions, TenantInfo>((options, tenantInfo) =>
        {
            options.Authority = "https://mydomain.com/";
            options.Audience = "API"; // API Resource Name
        });

// Configure Middleware

        app.MapControllers();
        app.UseStaticFiles();

        app.UseRouting();

        app.UseAuthentication();
        app.UseAuthorization();

        app.UseMultiTenant();

//Note - I tried to position the UseMultiTenant() middleware before Use Authentication line, still no use.

If I tried without "PerTenantOption", the authorisation works. Below is the service part code.

// Configure Services services.AddHttpContextAccessor(); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.Authority = "https://mydomain.com/"; options.Audience = "API"; // API Resource Name }););

        services.AddMultiTenant<TenantInfo>()
            .WithStore(ServiceLifetime.Scoped)
            .WithRemoteAuthenticationCallbackStrategy()
            .WithHostStrategy("__tenant__");

So, changing the JWTBearerOptions using "services.ConfigurePerTenant<JwtBearerOptions, TenantInfo>" is something irrelevant with actual JWTBearerOptions? Could you please explain what I'm missing?

Thanks in advance.

aswin-ingenuous commented 4 months ago

I also experienced the same issue. It was resolved by specifying the scheme name during ConfigurePerTenant<>().

services.AddAuthentication()
  .AddJwtBearer(); // this line adds `JwtBearerHandler` using `JwtBearerDefaults.AuthenticationScheme` scheme

// important: use the scheme i.e. `JwtBearerDefaults.AuthenticationScheme`
services.ConfigurePerTenant<JwtBearerOptions, TenantInfo>(JwtBearerDefaults.AuthenticationScheme, (options, tenant) =>
KarthikEK20 commented 4 months ago

Thanks, But I tried to add the JwtBearerDefaults.AuthenticationScheme as you suggested, still the authorization fails.

AndrewTriesToCode commented 4 months ago

Hi, do you mind posting a link to a repository with a basic project that reproduces the problem?

KarthikEK20 commented 4 months ago

I got it fixed @AndrewTriesToCode . Actually @aswin-ingenuous suggestion works perfect. This is what I missed.

Also, Removing the line .WithRemoteAuthenticationCallbackStrategy() hasn't made any impact.

Somehow, when I tried it yesterday missed to keep the middleware in right orders, So I got the same error. But now I tried this fix with fresh application, and everything works as expected. Thank you guys for the valuable solution.

aswin-ingenuous commented 4 months ago

[heart] Aswin Trisnadi reacted to your message:

From: KarthikEK20 @.> Sent: Thursday, May 16, 2024 2:01:38 PM To: Finbuckle/Finbuckle.MultiTenant @.> Cc: Aswin Trisnadi @.>; Mention @.> Subject: Re: [Finbuckle/Finbuckle.MultiTenant] Per Tenant JWTBearer Options failed with authentication (Issue #827)

I got it fixed @AndrewTriesToCodehttps://github.com/AndrewTriesToCode . Actually @aswin-ingenuoushttps://github.com/aswin-ingenuous suggestion works perfect. This is what I missed.

Somehow, when I tried it yesterday missed to keep the middleware in right orders, So I got the same error. But now I tried this fix with fresh application, and everything works as expected. Thank you guys for the valuable solution.

— Reply to this email directly, view it on GitHubhttps://github.com/Finbuckle/Finbuckle.MultiTenant/issues/827#issuecomment-2115335674, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AT3ICOLZ7A4HTE2ZB6R3F5DZCS34FAVCNFSM6AAAAABHVPLYA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJVGMZTKNRXGQ. You are receiving this because you were mentioned.Message ID: @.***>