Reputation: 5321
.Net Core - Identity Server with Multiple Auth Servers
I have 4 auth servers which validates tokens for incoming request on my app.
I have below configurations in ConfigureServices of Startup.cs
services.AddAuthentication()
.AddJwtBearer("authServer1", options =>
{
options.Authority = "https://authserver1.com/AuthServices/Auth";
options.Audience = "web.api";
})
.AddJwtBearer("authServer2", options =>
{
options.Authority = "https://authserver2.com/AuthServices/Auth";
options.Audience = "web.api";
})
.AddJwtBearer("authServer3", options =>
{
options.Authority = "https://authserver3.com/AuthServices/Auth";
options.Audience = "web.api";
})
.AddJwtBearer("authServer4", options =>
{
options.Authority = "https://authserver4.com/AuthServices/Auth";
options.Audience = "web.api";
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("authServer1", "authServer2", "authServer3", "authServer4")
.Build();
});
When I call the API, it works fine.
The problem is suppose any of the auth server goes down and I try to call the API then application gives error saying that particular auth server is not found or any error specific to the situation.
1) How can I skip errors which can occur when any of the auth server goes down?
2) How does the policy work when selecting the respective auth server for validating the incoming request? Does it work like switch case (jumps directly to the respective auth server) or if-else ladder (checks each auth server for request validation until it find the actual one)
Upvotes: 5
Views: 1174
Answers (1)
Reputation: 5321
I have achieved what I had asked for in the question.
1) How can I skip errors which can occur when any of the auth server goes down?
I configured OnAuthenticationFailed for suppressing errors which were failing the request
.AddJwtBearer("authServer1", options =>
{
options.Authority = "https://authServer1.com/AuthServices/Auth";
options.Audience = "web.api";
options.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = (context) =>
{
context.NoResult();
return Task.CompletedTask;
},
};
});
2) How does the policy work when selecting the respective auth server for validating the incoming request? Does it work like switch case (jumps directly to the respective auth server) or if-else ladder (checks each auth server for request validation until it find the actual one)
This seems working like if-else ladder. I logged some info inside OnAuthenticationFailed and what I found was even though only 1 auth server should process the request but all the other auth server were also trying to process it and getting failed.
Upvotes: 1
Related Questions
- Handling authorization with IdentityServer4
- Multitenant Identity Server 4
- Sharing Authentication Between Asp .Net and Asp .Net Core
- Asp.net Core with Identity server 4
- .Net Core Web API with JWT authentication and multiple providers
- Asp Core: Azure Ad Auth + custom JWT + custom Identity store
- IdentityServer4 with multiple clients
- Asp.net core Identity and Token Based Authetication
- Asp.Net Core / IdentityServer Complex Authorization
- Multiple Authentication Middlewares ASP.NET Core