Issues with signing in for a different tenant

[Habbni]

We try to provide a convient method to log in to tenants by providing a form on the default tenant that accepts credentials. We then lookup the corresponding tenant (by email address) and do something like this (simplified, removed validation code etc):

<lookup tenant code>
...
await shellScope.UsingAsync(async scope =>
{
    tenantUrl = Url.Content("~/" + shellScope.ShellContext.Settings.RequestUrlPrefix);
    var userServiceTenant = scope.ServiceProvider.GetRequiredService<IUserService>();
    var userSignInManager = scope.ServiceProvider.GetRequiredService<SignInManager<IUser>>();
    var user = await userServiceTenant.AuthenticateAsync(model.UserName, model.Password, (key, message) => errors.Add(key, message));
    await userSignInManager.SignInAsync(user, isPersistent: model.RememberMe);                      
    return Redirect(tenantUrl);
}

On first glance, this seems to work perfectly and we´re like "what a great platform" again.

But then we encounter issues. The most easy to reproduce is that a user just cant logout. We try:

signInManager.SignOutAsync()`

But it has no impact.

Maybe the entire approach is fundamentally wrong, but it felt right and seemed to work. Now we are somewhat lost..

[Piedone]

Take a look at the code of our Tenants Admin Login module for inspiration. You'll need to log in the user in an HTTP request made to the destination tenant.

[Habbni]

Ended up doing it very similar, thanks for your reply! We validate the user within the tenant scope, return a cookie to the client and then redirect to the destination tenant, which grabs that cookie to sign in. It works flawlessly this way now

[Piedone]

Awesome, then!