Multi tenancy not supported?
See original GitHub issueDescribe the bug When adding the bank id provider multiple times following exception is thrown:
InvalidOperationException: The HttpClient factory already has a registered client with the type 'ActiveLogin.Authentication.BankId.Api.IBankIdApiClient'. Client types must be unique. Consider using inheritance to create multiple unique types with the same API surface.
What area is it related to BankID
To Reproduce Steps to reproduce the behavior: Create a new empty NET Core application, install the ActiveLogin-package and call AddBankId twice.
Expected behavior When calling AddBankId a isolated authentication provider is created for given schema. So we can add multiple customers with different certificates.
Screenshots
NuGet package version ActiveLogin.Authentication.BankId.AspNetCore 2.0.1 (same behavior i 3.0.0)
Runtime version NET Core 3.0 (same behavior i 3.1)
Desktop (please complete the following information):
- Windows
- Chrome
Additional context Is multi tenancy something you had in mind when creating this package or was it never meant to support multiple customers with different certificates in the same application?
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (4 by maintainers)
Top GitHub Comments
Hi Peter!
Thank you for your quick reply!
That’s great! We will solve our multi tenancy feature using the UseClientCertificateResolver-extension and some kind of cookie to determinate where the end user is coming from.
But first we need to update to latest version (Active Login, Identity Server, NET Core) to get the extension but that wont be that big of a deal 😃
Thank you for bringing us Active Login!
Regards
Ohh, you’ve found a bug! Thanks for reporting this. The project we are implementing multi tenancy for isn’t live yet, and we simply haven’t found this in our testing yet. It’s really sad we don’t have any unit test for this specific part, but the problem is that the callback is only triggered when making a real call to their API, so no easy way to fix that at the moment.
The problem is (what I can find out) is that ASP.NET caches the choice of certificate in the HttpMessageHandler pool. It seems to be cached by hostname, because usually you want to select cert based on hostname. But in our case we have multiple certificates for the same hostname.
Anyway, I’ll make a hotfix to fix this issue, but until that is out, could you confirm that the below code would work?
UseClientCertificateResolver
is only an extension method to make it easier to configure, so you can try out the code below yourself before we make the hotfix. The fix is to disable caching if you enableUseClientCertificateResolver
.It’s not optimal, but the best/inly solution with current architecture. I’ve had a brief discussion with a colleague and for version 5 or similar we’d like to rearchitechture the solution to allow for a IBankIdClientFactory that you can override and provide different clients for different tenants.
If you confirm that the above works, I’ll try to find time this week to release the hotfix.