Do you have any examples of how we can implement a custom tenancy resolver on the API side?
We have external apps that need to be able to call the API but do so securely. Each tenant will call the API from a single (multi-tenant) app that can be configured to run for different domains per tenant. There will be no username/password to pass into auth the API so we need a token-based or api key based system where we can give a token to an API connection based on the current tenant.
That may be confusing so here's an example. We have a single vue.js app that the app service can be bound to: app.tenant1.com (Tenant 1) app.tenant2.com (Tenant 2) app.tenant3.com (Tenant 3) Each domain represents a different tenant but running through the same vue.js app. We need to be able to call the asp.net zero API from that vue.js app but if the vue.js app is being loaded as app.tenant1.com we need the API on the Zero side to be able resolve that incoming API call as being a Tenant 1 tenant.
Currently, the API requires a un/pw to handshake and get a token. Since we have separate apps that need to access the API (mostly read only) we need to have a way that the token can be looked up from an API key/host header combo and not a un/pw.
Any thoughts here?
3 Answer(s)
-
0
Hi,
AspNet Zero doesn't support only the API Key at the moment because each action must be related to a user. You can add a new field to user entity (API key) or create a separate table to related API Keys with Users. Then, when a reuqest is sent to server, you can get the API Key and find the related user and generate a token.
For your custom domain resolver issue, you can take a look at https://github.com/aspnetzero/aspnet-zero-core/tree/dev/angular/src/shared/multi-tenancy/tenant-resolvers. We implement a similar approach on our angular app. Angular app retrieves the TenantId from the current URL (subdomain or query string etc...) and sends Abp.TenantId to API with every request. You can implement a similar approach for your VueJS app.
-
0
Hi,
AspNet Zero doesn't support only the API Key at the moment because each action must be related to a user. You can add a new field to user entity (API key) or create a separate table to related API Keys with Users. Then, when a reuqest is sent to server, you can get the API Key and find the related user and generate a token.
For your custom domain resolver issue, you can take a look at https://github.com/aspnetzero/aspnet-zero-core/tree/dev/angular/src/shared/multi-tenancy/tenant-resolvers. We implement a similar approach on our angular app. Angular app retrieves the TenantId from the current URL (subdomain or query string etc...) and sends Abp.TenantId to API with every request. You can implement a similar approach for your VueJS app.
That GitHub link did not work. I get a 404
-
0
Hi,
Please add your GitHub user on https://aspnetzero.com/LicenseManagement. Then, you can access this page.
