使用IdentityServer4的子域多租户登录

本文介绍了使用IdentityServer4的子域多租户登录的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在尝试使用Identityserver4实现多租户应用程序

i'm trying to implement multi tenant application with identityserver4 let's say i have

• web1.local
• web2.local

当我登录到web1.local时，另一个域名为web2.local也会自动登录.

when i logged in to web1.local other domain which is web2.local also automatically logged in.

总有分开这些登录名的信息吗?

is there anyway to separate these logins?

我当时想对IUserSession

public virtual async Task CreateSessionIdAsync(ClaimsPrincipal principal, AuthenticationProperties properties) { if (principal == null) throw new ArgumentNullException(nameof(principal)); if (properties == null) throw new ArgumentNullException(nameof(properties)); var currentSubjectId = (await GetUserAsync())?.GetSubjectId(); var newSubjectId = principal.GetSubjectId(); if (!properties.Items.ContainsKey(SessionIdKey) || currentSubjectId != newSubjectId) { properties.Items[SessionIdKey] = CryptoRandom.CreateUniqueId(16); } IssueSessionIdCookie(properties.Items[SessionIdKey]); Principal = principal; Properties = properties; } private void IssueSessionIdCookie(string sid) { if (Options.Endpoints.EnableCheckSessionEndpoint) { if (GetSessionIdCookieValue() != sid) { HttpContext.Response.Cookies.Append( Options.Authentication.CheckSessionCookieName, sid, CreateSessionIdCookieOptions()); } } }

什么是最好的方法?

推荐答案

我相信您遇到的问题是，一旦Identity Server发出会话cookie，无论最初使用哪个应用程序登录，IdentityServer都会始终跳过登录其他任何应用程序的后续请求(由于该最初管理的会话Cookie).

I believe the problem you are having is that once the session cookie is issued by IdentityServer regardless of which application was originally used to sign in, IdentityServer will always skip the login on subsequent requests from any other applications (because of that originally administered session cookie).

要始终在不同应用程序之间强制进行身份验证，可以在授权请求上使用提示"查询字符串，并将其设置为等于登录".可以在此处找到更多信息: docs.identityserver .io/zh-CN/latest/endpoints/authorize.html?highlight = prompt

To always force the authentication between different applications, you can use the 'prompt' query string on the authorize request and set it equal to 'login'. More information can be found here: docs.identityserver.io/en/latest/endpoints/authorize.html?highlight=prompt