Base solution for your next web application
Open Closed

Multi Tenant token issue #11788


User avatar
0
SRTMDEV created

Hello, suppose we have 2 tenants in our application consider it as https://t1.net and https://t2.net. I am getting token from https://t1.net and the API which i am calling is of https://t2.net so after sending the request it getting the successful response and the data is inserting in the https://t1.net tenant (from where token was generated). It is ignoring the API URL.


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @SRTMDEV

    Do you also send Abp.TenantId request header ?

  • User Avatar
    0
    SRTMDEV created

    Hi @SRTMDEV

    Do you also send Abp.TenantId request header ?

    No, we are just passing token in header

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @SRTMDEV

    I assume this is becasue, during the data insert, we don't set the tenantId automatically. Are you able to query data in the same way ?

  • User Avatar
    0
    SRTMDEV created

    Currently, TenantId is automatically taken from the passed token during inserting data. Due to that there is a possibility it will ignore tenancy URL and insert data with TenantId which is available in token/session. Is there any functionality in ANZ to unauthorize any request if the token TenantId and tenancy URL do not match?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    This seems like an odd and problematic behaviour. Could you create an issue here https://github.com/aspnetzero/aspnet-zero-core, so we can work on this ?