-
Notifications
You must be signed in to change notification settings - Fork 164
Multi tenant explained
The AuthP library contains a entity class called Tenant, which can be used for defining a DataKey in a multi-tenant database. Its the job of the Tenant to define the name on the tenant, which is stored in the TenantFullName property and a string DataKey for each tenant.
The AuthP's provides two types of multi-tenant database:
-
SingleLevel: This means each tenant is completely separate from other tenants. This is the typical way most multi-tenant databases are arranged. -
HierarchicalTenant: This means each tenant can create sub-tenants which allows a manager the access the sub-tenants data. This is useful if you need a groups sub-tenants into groups so that they can be managed as one, e.g. managing the stock across a specific geographical area.
NOTE: I would strongly recommend Microsoft's documentation about multi-tenant systems. This article covers all the different approaches to multi-tenant applications, including a comparison of each approaches.
The multi-tenant part of AuthP is handled by creating a Tenant for each different grouping of data.
In an application using the SingleLevel multi-tenant setting, then Tenant has a unique key and the data is never shared between other tenants. So the tenant names might be:
- Company1
- Company2
- Company3
- and so on...
If the application using the HierarchicalTenant multi-tenant setting, then one Tenant can link to a another tenant. This provides the 'higher' tenants to look at the data in the 'lower' tenants. So the tenant names might be:
- Company1
- West Coast
- SanFran shop1
- SanFran shop2
- East Coast
- ... and so on
- West Coast
- Company2
- London
- ... and so on
- London
Company1 and Company2 in this hierarchical setup are completely separate, but within each company users with a higher level can see data in the lower levels, e.g. a user linked to the "Company1" tenant can see all the data in Company!, while a user with a tenant of "Company1 -> West Coast" can only see the "West Coast", "West Coast -> SanFran shop1", and "West Coast -> SanFran shop2".
The Tenant class contains information that defines the multi-tenant data. To create a new Tenant you have to provide a unique name e.g., "Company XYZ", and once created the method GetTenantDataKey() will return a unique string, known as the DataKey. This DataKey is what defines the unique 'slice' of your applications data.
Once an AuthP user has a Tenant class linked to it, then the AuthP's will automatically add a DataKey claim to the ASP.NET Core user. This allows you to send the DataKey claim value you application's DbContext via the AuthP IGetDataKeyFromUser service (see GetDataKeyFromUser class) to filter your various entity classes using EF Core's Global Query Filters. How you do that is explained in the creating a multi-tenant app documentation.
NOTE: If user hasn't got a Tenant class linked to it, then that user can't access any of the multi-tenant data.
- Intro to multi-tenants (ASP.NET video)
- Articles in date order:
- 0. Improved Roles/Permissions
- 1. Setting up the database
- 2. Admin: adding users and tenants
- 3. Versioning your app
- 4. Hierarchical multi-tenant
- 5. Advanced technique with claims
- 6. Sharding multi-tenant setup
- 7. Three ways to add new users
- 8. The design of the sharding data
- 9. Down for maintenance article
- 10: Three ways to refresh claims
- 11. Features of Multilingual service
- 12. Custom databases - Part1
- Videos (old)
- Authentication explained
- Permissions explained
- Roles explained
- AuthUser explained
- Multi tenant explained
- Sharding explained
- How AuthP handles sharding
- How AuthP handles errors
- Languages & cultures explained
- JWT Token refresh explained
- Setup Permissions
- Setup Authentication
- Startup code
- Setup the custom database feature
- JWT Token configuration
- Multi tenant configuration
- Using Permissions
- Using JWT Tokens
- Creating a multi-tenant app
- Supporting multiple languages
- Unit Test your AuthP app