Option 1 (Preferred Approach) For all tenants:
Auth Server: https://auth.koimpact.tw/
API: https://api.koimpact.tw/
For each tenant's Angular app:
https://{0}-app.koimpact.tw/
Option 2 For each tenant:
Auth Server: https://{0}-auth.koimpact.tw/
API: https://{0}-api.koimpact.tw/
Angular App: https://{0}-app.koimpact.tw/
Question: Are both of these options feasible, or is only Option 2 possible?
[maliming] said: hi
Auth Server: Configured as https://imm-auth.koimpact.tw/ API Endpoint: Configured as https://imm-api.koimpact.tw/
Is the
immthe tenant's name?If you have a new tenant
testAuth Server: Configured as https://test-auth.koimpact.tw/ API Endpoint: Configured as https://test-api.koimpact.tw/
Is the imm the tenant's name?
Yes.
So, we cannot have multiple tenants pointing to the same auth server (e.g., auth.koimpact.tw)? Instead, does each tenant require its own dedicated configuration, like:
https://{0}-auth.koimpact.tw/
https://{0}-api.koimpact.tw/
And is this configured via:
csharp
Configure<AbpTenantResolveOptions>(options =>
{
options.AddDomainTenantResolver(configuration["TenantDomain"]);
});
Is that correct?
Host Admin Site: We plan to use http://sroi-admin.awesome-tech.link/ as the host admin site.
Auth Server: Configured as https://imm-auth.koimpact.tw/ API Endpoint: Configured as https://imm-api.koimpact.tw/
First Tenant: The first tenant is set up as https://imm.koimpact.tw/. In the future, we expect to add other tenants, such as https://other-tenant.koimpact.tw/.
Question: Can this setup work as intended?
host admin / 1q2w3E*
imm admin / 1q2w3E*
https://imm.koimpact.tw/
AuthServer logs.txt https://drive.google.com/file/d/1yDKkGTFL9TuIfHwxEnNd__OmM1Abv2wH/view?usp=sharing
Hello, first of all, when attempting to log in to the website, it successfully reaches the authserver but shows a tenant switching option.
However, in the Angular app, I can see that it retrieves the IMM tenant based on the base application URL.
Then, in the authserver, whether I try to log in with the host account credentials or the IMM (tenant) account credentials, the login fails. The Angular app keeps redirecting back and forth to the authserver in a loop.
docker-compose.yml
sroi-auth: image: sroi-authserver:0.0.10 environment: - App__CorsOrigins=https://*.koimpact.tw,https://sroi-admin.awesome-tech.link - App__SelfUrl=https://auth-imm.koimpact.tw - App__RedirectAllowedUrls=https://imm.koimpact.tw,https://sroi-admin.awesome-tech.link - App__domainsFormat=https://{0}.koimpact.tw - AuthServer__Authority=https://auth-imm.koimpact.tw
AuthServer
`public override void PreConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration();
PreConfigure<OpenIddictBuilder>(builder =>
{
builder.AddValidation(options =>
{
options.AddAudiences("Sroi");
options.UseLocalServer();
options.UseAspNetCore();
});
});
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", configuration["AuthServer:CertificatePassPhrase"]!);
serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
});
PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
{
options.EnableWildcardDomainSupport = true;
var domainsFormat = configuration.GetValue<string>("App:DomainsFormat");
if (!string.IsNullOrWhiteSpace(domainsFormat))
{
foreach (var domainFormat in domainsFormat.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
{
options.WildcardDomainsFormat.Add(domainFormat);
}
}
});
}
}`
Can you help me check where my system has misconfigured settings that allow public access?
https://imm.koimpact.tw/
