Starts in:
1 DAY
10 HRS
40 MIN
26 SEC
Starts in:
1 D
10 H
40 M
26 S
Open Closed

Impersonate tenant issue with custom tenant resolver by sub domain #4615


User avatar
0
balessi75 created

ABP 7.0.1 Commercial / Blazor Server / EF / Separated IDS / Non-tiered

Hi, We extended the tenant entity to add a "Host" column which stores a tenant specific subdomain for each tenant (tenant1.domain.com) by following https://blog.antosubash.com/posts/abp-extend-tenant-with-custom-host

We then implemented the following tenant resolver:

	public override async Task ResolveAsync(ITenantResolveContext context)
	{
            var currentContextAccessor = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>();
            var tenantRepository = context.ServiceProvider.GetRequiredService<IHostTenantRepository>();
      
            var host = currentContextAccessor?.HttpContext?.Request.Host.Host;

	    host = GetSubDomain(host);

            if (tenantRepository != null && !host.IsNullOrWhiteSpace())
            {
                var tenant = await tenantRepository.GetTenantByHost(host);
            
                if (tenant != null)
                {
                	context.TenantIdOrName = tenant.Name;
                }
            }
	}

Everything works as expected as we can login to each tenant with a tenant specific subdomain in the URL.

The problem we are finding though is that if we attempt to impersonate a tenant from the host, we are not redirected to the tenant's URL (tenant1.domain.com) instead we stay at at the host URL with no subdomain (domain.com).

Has this tenant impersonation issue ever come up with a basic tenant resolver based on subdomain? Any guidance, examples, or work arounds will be greatly appreciated as tenant impersonation and a custom tenant resolver are both requirements for us.


13 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    please share your project structure screenshot, thanks

  • User Avatar
    0
    balessi75 created

    Our project structure looks like this (from Abp Blazor Server template)

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I think you can replace these balzor pages. Add your tenant domain to action of ImpersonationForm.

    This requires sharing cookies between the subdomain and the main domain name.

  • User Avatar
    0
    balessi75 created

    Thanks @maliming,

    I will try the page overrides and let you know how that works.

    In the meantime, can you explain this in more detail?

    This requires sharing cookies between the subdomain and the main domain name.

    I have limited experience with cookie management and am wondering if there are possible issues or workarounds to consider.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I have limited experience with cookie management and am wondering if there are possible issues or workarounds to consider.

    something like this https://gist.github.com/maliming/b1ea80d68982a5b7064d7df6bafa89f5

  • User Avatar
    0
    balessi75 created

    Hi @maliming,

    We are not having any success. We successfully replaced TenantManagment.razor. From there, it wasn't exactly clear to us on how to correctly add the tenant's domain to the action of ImpersonationForm, so for a proof of concept, we hardcoded the action URL as follows:

    Once we did this and then attempted to impersonate the tenant, we are directed to the login screen for that tenant (instead of instantly being logged in as the tenant). When we then try to login to the tenant, we receive the following error:

    Impersonating a user within a tenant works fine because everything is under the same sub domain URL.

    We also tried overriding the OnPostAsync() method of ImpersonateTenantModel and changed return Redirect("~/"); to direct to the tenant's sub domain URL, and this seems to work, but the 'return to impersonator' link no longer appears and were not sure this is the correct way of implementing tenant impersonation with each tenant having it's own subdomain.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I will check and find a way.

  • User Avatar
    0
    balessi75 created

    hi

    I will check and find a way.

    Excellent, thank you @mailiming

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you join the meeting and reproduce this error?

    https://us05web.zoom.us/j/84897529084?pwd=ZUVHaU5qWkFTc01YZm9CZ2h5UHdCdz09

  • User Avatar
    0
    balessi75 created

    Hi @maliming,

    I sent you a direct email with details for reproducing/troubleshooting...

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    OK, I will check it asap.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://github.com/balessi75/FM.Test/issues/1

  • User Avatar
    0
    balessi75 created

    Hi @maliming,

    Just wanted to thank you for the quick turnaround on this issue. Your solution worked perfectly. Thank you, we appreciate the support!

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06