C# - Multi-tenant User Model
Aug 14, 2010
In a multitenant system that hosts multiple organizations and applications, where an organization may use several applications hosted on the system, should my user and role model be such that a single user or role can exist across multiple applications and organizations? Or should I limit a user entity to a single organization/application pair and then define some overarching model to tie those user entities together? That is: John Doe is a person He wants to use ApplicationA and ApplicationB He works for two different companies (just bear with me), OrganizationA and OrganizationB Should the user model be:
johndoe@someuniquesuffix is his unique user name. This gives him access to both applications for both organizations. johndoe@applicationa@organizationa is his username for ApplicationA at OrganizationA. [URL]is his username for ApplicationB at organizationA...and the same for OrganizationB. Then have some "master" list that says that all 4 user accounts for the apps/orgs correspond to the same actual "person", John Doe?
The same scenario(s) described above applies to how I will design my Role schema.
View 2 Replies
Similar Messages:
Oct 10, 2010
I'm building a multi-tenant ASP .NET application. Given that each tenant can configure their application dynamically (which may involve dynamic custom assemblies being loaded into memory), I need a means of isolating each tenant.
I'd prefer not to create a new Web Application per tenant for maintenance reasons.
I've was considering using the AppDomainManager to create an AppDomain per application, but it seems this is not intended to be used for ASP .NET applications.
View 3 Replies
Dec 28, 2010
I have been seeking the best way, or at least a good way, to handle Client Access for a Multi-Tenant/SaaS-type web app designed with MVC 2.There are no tricks as far as client customizations needed here. So every company will have the same experience on the app. I just need to understand how I can isolate the experience so that a logged in user only sees data relevant to his company. My tactic is that my database houses a "tenantID" column for each row so I can easily isolate the rows that way. I am wondering if the default provider using the ASPNETDB.mdf can be modified to route users to their assigned company data. I have seen examples using route paths ({tenant}/{controller}/{action}/{id}) but even those threads express doubts. So if anyone has a good method that they are comfortable with, I am all ears (or eyes).
View 5 Replies
Dec 21, 2010
I've been all around the net for weeks now trying to figure out the best way to set up a Multi-tenant website (building a web app that multiple companies and their employees will use). As far as a database goes, I am interested in using one database with a copied set of tables for each company. As far as managing the login and security in MVC2 I am lost with the myriad of examples (mostly old and not MVC) that I have seen. So ideally my app would allow a company rep to register their company and then be able to add their own employees to the site. Then all employees could login and be securely associated with their own company's tables (table names would be appended with their AccountID).
I'm not sure if this would be handled using routing or session variables or what the more ideal and up to date methods might be. Like others who have discussed this issue, it seems like this should be a much more fleshed out solution as it is becoming a more common use on the internet. I'm even willing to simplify the database down to one set of tables that stores an AccountID in each row if needed.
View 1 Replies
Apr 7, 2010
I want to create a multi-tenant application that uses the hostname to determine the customer.
For example:
CustomerOne.myapp.com
AnotherCo.myapp.com
AndOneMore.myapp.com
I can do the database and security side with no problems, I can also get the hostname from the URL, but what I am struggling to find out is how to create the basic plumbing that would allow a new customer to sign up online, provide their company name, and for the application to create the new URL, ready to be used straight away.
View 1 Replies
Jan 24, 2010
im trying to build my first multi-tenant application, i used a shared database and it is complete now, i want to build the app now, and i tried this approach: all urls in the app have the following form ~/user/page.aspx(user directory is logical) where user is the current user, which is saved in a session after he logs in. when the user requests a page, say ~/user/profile.aspx, he is routed to the real page ~/profile.aspx and then his data are retrieved from the database. i dont think this is how multi tenant applications work, but i couldnt think of another method.
View 1 Replies
Dec 21, 2010
I currently have a MVC2 application hosted on premise that allows the user to add custom extensions (controllers, filters, views, validators) so that they can extend the application to suit their needs. I'm using MEF as my composition container, but MVC2 relies on the extensions (assemblies, views and scripts) to be located in a particular directory or found at runtime based on a configuration setting. The MEF catalog is instantiated at startup meaning if any new extensions are required to be added or updated then the application needs to be restarted. This is all fine in a single-tenant world but now I want to make it multi-tenant hosted in the azure cloud.
The problem I forsee is the location of the custom extensions and how they are deployed. My initial thought is to use azure blob storage (one per tenant) to store the custom extensions and then download per-session (rather than Application Startup), however in the past the way MVC has worked is it tries to resolve assemblies and find views within the current AppDomain whereas my assemblies and their embedded resources will be in memory.
View 3 Replies
Jan 10, 2011
Does anyone have a simple tutorial on how to build a multi tenant application using MVC 2?
View 1 Replies
Mar 10, 2010
I'm after a bit of advice on how to handle a multi tenant site in ASP.NET from a UI perspective. What I want to be able to offer is a choice of layouts to the client i.e.
Layout 1: Navigation horizontal at the top. Search results in a table in the middle. Some text at the bottom.
Layout 2: Navigation vertical on the left. Some text in the middle. Search results at the bottom
Layout 3, Layout 4, Layout x etc...
Each element within the various layouts can differ too. For example, the search results might look like simple list in Layout 1, but will have a completely different look in Layout 2. Once a client has decided on Layout x, I then need to apply their company identity to the layout by changing the colours, logos, etc.
View 3 Replies
Oct 15, 2010
I have scoured the web and have yet to find and example that matches my requirements.
What I have is an existing multi-tenant asp.net application where all users authenticate against a single SQL Server database. This database also contains several other settings type data that is used within the application. Each client after authentication, utilizes thier own SQL Server database for data storage, for isolation purposes. Essentially all of the client database are identical and reside on the same server, but reside on one or more servers as well.
The application is currently written in asp.net 2.5 framework and utilizes the Micrsoft Practices Enterprise Library for DAL. Wnd we are looking to migrate to 4.0 and implement NHibernate to replace the MPEL.
I have implemented a solution already using NHibernate and the 4.0 framework, so I am familar with the concepts. I found the resources for my current session manager here as a matter of fact. But that application only had a single database, so not much too it.
The implementation is essentially what you see here:
[URL]
The other solutions that I have seen multiple config entries and/or files to manage this, but that is not desireable, since we may add new clients frequently and all of the connection information is already maintained in the authentication database.
[code]....
View 1 Replies
Nov 20, 2010
My application is used by several customers, who needs to maintain their own database. Currently I'm keeping all the connectionstrings and according to the user, change it. (In a case of CRUD operation). Is this errenous way? I don't know much about MultiTenant applications. Is that the best solution for my problem?
View 1 Replies
Jan 24, 2010
I am developing a web application which implements membership, roles and profiles. I also want it to be multi-tenant / multi-domain. By this I mean that I will have hundreds of domain names pointing at the same web application. I want users to be able to create accounts at each individual domain. I want the opposite of "single sign on". I want users to be able to use the same username, email address and password (or different ones, at their choice) to create accounts at the different sites. I do not want users to have any awareness that the different domains have any relation to each other as they will look different and have different content. The first problem I run into is that usernames have to be unique within the forms auth aspnet db.
Well, if they want to use the same username to register on 10 different sites then I need to support that. My first thought was that instead of identifying a user by their username, I need to extend the aspnet tables and sprocs to consider the username + a unique site identifier. Is there any sample code or has anyone else ever done this before? Should I just abandon the built in aspnet forms auth and roll my own custom auth scheme? The data on the sites is not sensitive so security isn't really that important to me.
View 8 Replies
Mar 30, 2010
we are building a multi-tenant application, which will support that each tenant can have a unique top level domain, the application is build using the asp.net 3.5 and SQL servr 2005, while each tenant will have different database. I have seen a number of questions about the similar applications on the StackOverFlow, but none of them is related to the Testing, I want to know is how one can test the application in a development environment, specially How can we test that each customer connects to his own DB based on the URL. how can we emulate different domains on the local system. like [URL] and [URL]all goes to dev machine's IIS.
View 1 Replies
Jan 18, 2011
Our current application is working fine but when you try to misbehave like we found out that When login with same user in multiple tab with different organization(there is a organization dropdown in the master page which sets the cookie whenever it is changed.) in tab one it is org 1 and tab 2 it is org2 , cookie has the later org 2 in it but when we go back in tab1(which had org1) and save the record org 2 will be saved with the record So can some one share some sort of a checklist with us which address these types of problem.
View 3 Replies
Oct 29, 2010
We have a simple ASP.NET app that uses the ASP.NET SqlMembershipProvider and all is great.
We want to create a second app on the same server, also use the SqlMembershipProvider, but a different "applicationName" so that the user accounts between the two apps are kept separate.
It looks like this would be possible by making the two different app domains (ie they each have their own web.config), but I'm hoping to just put them in different directories so I don't have 3 web.configs (one for each app, and the main one) that all have to be kept synchronized. So what I'm after is:
/web.config
/APP1 (uses membership provider in /web.config, with userlist A)
/APP2 (uses membership provider in /web.config, with userlist B)
It looks simple to define multiple membership providers that use a different 'applicationName' value.
But how do you tell the system.web.authentication node which membership provider to use?
View 2 Replies
Feb 15, 2011
I've got a multi level dependency chain in my object model: An organization has the following children relationships:
Organization
.CompetitionGroups
.CompetitionGroups.Venues
.CompetitionGroups.Competitions
.Divisions.Games
.Divisions.Games.Participants
.Divisions.Games.Participants.GameSegments
.Divisions.SubDivisions...
.Divisions
.Teams
.Teams.Players
.Teams.Participants
.Teams.Participants.GameSegments
.VenueDates
This is just a glimpse at the object model, but it's focused on the complexity of the relationships and lists. What I can't really get is what's the best way to factor my repository interfaces, given the requirements to do a unit of work. For example, to create a game, you'll need a venuedate and two participants. Does that mean the GamesController should require an IGameRepository, an IVenueDateRepository, and an IParticipant repository? Should they be rolled into one repository?
Also, what about in the consumption cases? For example, to display a signle team's schedule, you'll need all of the Participants for that Team, all of the Games for that participant, and all of the GameSegments for the participant. If those are factored into individual repositories I can't see how you can do efficient queries. Does that mean you have Repositories specifically focused on different cases? for example:
public interface IScheduleRepository {
public ICollection<Game> GetScheduleForTeam(Team team);
// More consumption methods
}
public class ScheduleRepositry : IScheduleRepository {
public ScheduleRepository (ModelContext context) {
// Do stuff with context
}
public ICollection<Game> GetScheduleForTeam(Team team) {
return (
from p in context.Participants
where ((p.Game.VenueDate != null) &&
(p.TeamId == team.Id))
orderby p.Game.VenueDate.StartTime
select p.Game).ToList();
}
// more consumption methods
}
public interface IGameRepository {
public void AddGame(Game game);
// More crud methods
}
// Not showing games repository
public class GamesController : Controller {
public GamesController (IGameRepository gamesRepo,
IVenueDateRepository venueDateRepo,
IParticipantRepository participantRepo) {
// do stuff with repos here
}
[HttpPost]
public ActionResult AddGame(Game game) {
// Skipping validation logic
// this?
VenueDate = venueDateRepo.Add(game.VenueDate);
foreach (Participant p in Game.Participants)
{
participantRepo.Add(p);
}
Game = gamesRepo.AddGame(game);
// or this?
// how would the game repo know to persist
// the children elements? is that tight coupling?
Game = gamesRepo.AddGame(game);
}
// more consumption methods
}
My question is I don't yet understand to what degree factoring your repositories make sense based on a connected object model. I'd love to get some advice here.
View 1 Replies
Apr 4, 2011
There are multiple roles. (Role A, Role B etc) There are multiple input/output fields. (Field A, Field B etc) There are multiple permission levels controlling access to each field. (Read, Direct Edit, Edit With Approval, None) Each role has its own permissions to fields. (Role A has Read Permission to Field A; Role B has Direct Edit permission to Field A etc) Every role can be assigned to users and they are assigned by Geographic information. (User A is assigned to Role A for Continent: Europe - Country: Germany; User B is assigned to Role A for Continent: Europe - Country: France; User A is assigned to Role B for Continent: Europe - Country: France etc) Users can have multiple roles User identity is coming from Windows Authentication.
is it possible to represent this type of kind of multi-layered security model using ASP.NET internal membership/role providers? If so, what should my starting point be? Creating only custom role provider with custom methods and fields be enough?
View 3 Replies
Apr 19, 2010
in my web application, what i did is when the user login, i check the username and password to the database, if user name and password match then allow to visit next pages and store the user name on Session, now my doubt is more then one user can use the same username and password(if they are friends then they shared their uname and pwd) so, how to avoid multiple use login?
View 2 Replies
Oct 25, 2010
I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on [URL] and user can signup on the website and it will get the domain like [URL] and for user2 will be [URL] so and so forth. so in this case how would I maintain the session for each user? each user will be representing a single website along with public interface and admin pages.
what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach.
View 5 Replies
Nov 22, 2010
I am working with asp.net 2.0 and sql server 2005. so trying to describe it below:
THE SITUATION
I have a few tables to hold data for billing information. The first table has each dedicated to each location, and a serial number that can be incremented. The concept is to update this data based on location, every time there is a new bill, so may be location A has serial 25 since it is doing well but location B has serial 5.
THE PROBLEM
SO based on this requirement I need to update a table to get the latest serial for a particular location and then use that serial for other tables which will be holding the billing details. The second part is as regular as it can be, but generating a new number, and getting this value is my problem. Since this will be multi user system, so I want some robust solution. I do not know whether I can use a identity field for this purpose or not.
View 1 Replies
Mar 23, 2011
I have a webservice which of course has to be .net 3.5 (a side note is does anyone know why you can't create a webservice using .net 4.0?).
Anyhow it is using entity framework, which I have recently discovered was a really bad mistake to try to use this in .net 3.5.
I have a table "Licenses" with the following columns: LicenseKey, ProductCode, OrderID, Seq, UserName.
In my asp.net 4.0 application I can simply do the following to perform an update:
[Code]....
But it appears there is no ExecuteStoreCommand in .net 3.5 with entity framework. Can anyone explain to me how to accomplish the same thing? The thing I need to point out is that because this is a multi-user access service. I need to verify that SQL will only update the given record where OrderID and Seq is what I tell it ONLY if the UserName is already null. So if two users process the same statement at the same time only one would work and the other would not because the sql should fail (or return 0, rather than a 1) for the second one.
View 2 Replies
Mar 9, 2010
I am looking at a design pattern which has come up in quite a few of my firm's projects.It has historically functioned correctly, however I have heard some other developers argue that there is a possibility of session corruption using this pattern. I'm looking for insight from other .NET developers here on Stack Overflow. Basically, there's a class -- usually either static or a Singleton pattern, depending largely on the developer who wrote it -- stored in App_Code.This class encapsulates access to the current session via properties.All of these properties take the form of:
[code]...
However,because this is just a static entry to HttpContext.Current.Session,it seems like it should be safe, as it is not fundamentally any different than the Page class encapsulating this in the Session property.As I said,no other site on which my company has worked that used this pattern saw it ever have any issues -- and that includes some pretty large and highly active userbases.But I want to just get a fresh perspective.
Are there potential multi-user issues, race conditions, or other failings/flaws which specifically could cause session corruption in the above pattern?
View 2 Replies
Jun 30, 2015
I've got a system where tasks get loaded and assigned to staff members.
I'm thinking of how I would like to somehow refresh a client page for a staff member if a new task gets assigned to that staff member. Some clerical people will be loading and assigning tasks to staff members.
How have you all handled this type of refresh in a webby environment. I'm fully jQuery and Ajax so I've got the tools...
View 9 Replies
Jul 29, 2010
I found lots of sites telling me how to put a database into single user mode, but how can I determine what mode a database is currently in?
View 2 Replies
Jan 7, 2011
I need to create a singleton that would hold lots of data for a spedesign patterns - Singleton behavior with multi-user requests in ASP.NETcific user. However, I am not unclear as to what the behavior of that singleton is in regard to multi-user app requests.
Here is the scenario:
On AppStart event I want to load common data for all users (from SQL) and store it as a collection somewhere within the ASP.NET storage mechanisms.
If I store that data in the cache, I would also have to create a static property in the Global.asax that would provide access to that the data from the cache.
This is not ideal because whenever an instance of any particular page, or generic handler, or what have you tries to query this data using Linq the property has to load the data from the cache... introducing latency. I need this data to be immediately available. (think of it as about 5K rows of data stored in collection of objects...)
I was thinking to use a singleton to get that data, and store it but I don't know how it would behave between requests (and postbacks), as well as application instances, in terms of its persistence.
On PostAuthenticate event I want to get user specific data from SQL in the form of a collection. If i store it as a singleton (in a similar manner as the common data) i am not clear as to:
How is the data persisted? What is the scope of that singleton (it should be for the duration of the user session). How can I ensure that the data is immediately available to whatever needs to consume it?
What happens between post-backs to that singleton? If another user logs in would another instance of that singleton be created for that specific application instance?
View 1 Replies
