I searched around for a while but did not find any useful info so I thought I’d post my issue here to get some help.
I have an ASP.NET MVC application with multi-tenant setup where I have a single MVC application with multiple websites running on different domains.
I am following the “ASP.NET (OWIN)” quickstart guide and got it to work in general but all websites are being redirected to one Auth0 application login page. It appears that this is because the clientId/secret setup depending on the request url doesn’t actually work per session. It seems to be per application instance.
Is there any way to have each of my website with different domain under the single MVC application redirect to their corresponding Auth0 application universal login pages?
I’ve been looking at Owin multi-tenancy options but many examples are for .NET Core and not MVC.
// Startup.cs
public void Configuration(IAppBuilder app)
{
// Configure Auth0 parameters
string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"];
//QUESTION? Any way to set this depending on the domain in request uri? If request is made from example1.com then use clientId1. If request is made from example2.com then use clientId2.
string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"];
//QUESTION? Any way to set this depending on the domain in request uri? If request is made from example1.com then use clientSecret1. If request is made from example2.com then use clientSecret2.
string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"];
string auth0RedirectUri = ConfigurationManager.AppSettings["auth0:RedirectUri"];
string auth0PostLogoutRedirectUri = ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"];
// Enable the Cookie saver middleware to work around a bug in the OWIN implementation
app.UseKentorOwinCookieSaver();
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login")
});
// Configure Auth0 authentication
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "Auth0",
Authority = $"https://{auth0Domain}",
ClientId = auth0ClientId,
ClientSecret = auth0ClientSecret,
RedirectUri = auth0RedirectUri,
PostLogoutRedirectUri = auth0PostLogoutRedirectUri,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
Scope = "openid profile",
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = notification =>
{
if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}";
var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = notification.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
notification.Response.Redirect(logoutUri);
notification.HandleResponse();
}
return Task.FromResult(0);
}
}
});
}