-
Notifications
You must be signed in to change notification settings - Fork 164
Multi tenant explained
The AuthP library contains a entity class called Tenant, which can be used for defining a DataKey in a multi-tenant database. Its the job of the Tenant to define the name on the tenant, which is stored in the TenantFullName property and a string DataKey for each tenant.
The AuthP's provides two types of multi-tenant database:
-
SingleLevel: This means each tenant is completely separate from other tenants. This is the typical way most multi-tenant databases are arranged. -
HierarchicalTenant: This means each tenant can create sub-tenants which allows a manager the access the sub-tenants data. This is useful if you need a groups sub-tenants into groups so that they can be managed as one, e.g. managing the stock across a specific geographical area.
NOTE: I would strongly recommend Microsoft's documentation about multi-tenant systems. This article covers all the different approaches to multi-tenant applications, including a comparison of each approaches.
The multi-tenant part of AuthP is handled by creating a Tenant for each different grouping of data.
In an application using the SingleLevel multi-tenant setting, then Tenant has a unique key and the data is never shared between other tenants. So the tenant names might be:
- Company1
- Company2
- Company3
- and so on...
If the application using the HierarchicalTenant multi-tenant setting, then one Tenant can link to a another tenant. This provides the 'higher' tenants to look at the data in the 'lower' tenants. So the tenant names might be:
- Company1
- West Coast
- SanFran shop1
- SanFran shop2
- East Coast
- ... and so on
- West Coast
- Company2
- London
- ... and so on
- London
Company1 and Company2 in this hierarchical setup are completely separate, but within each company users with a higher level can see data in the lower levels, e.g. a user linked to the "Company1" tenant can see all the data in Company!, while a user with a tenant of "Company1 -> West Coast" can only see the "West Coast", "West Coast -> SanFran shop1", and "West Coast -> SanFran shop2".
The AuthP library provides a way to associate a Tenant to a AuthP user. This provides a unique string for each tenant, which I call the DataKey. This is turned into a ASP.NET Core user's claim, which in turn is injected into your application's DbContext. This allows you to use EF Core's Global Query Filters so that the user can only access data that has the same DataKey value as the user's DataKey.
- Intro to multi-tenants (ASP.NET video)
- Articles in date order:
- 0. Improved Roles/Permissions
- 1. Setting up the database
- 2. Admin: adding users and tenants
- 3. Versioning your app
- 4. Hierarchical multi-tenant
- 5. Advanced technique with claims
- 6. Sharding multi-tenant setup
- 7. Three ways to add new users
- 8. The design of the sharding data
- 9. Down for maintenance article
- 10: Three ways to refresh claims
- 11. Features of Multilingual service
- 12. Custom databases - Part1
- Videos (old)
- Authentication explained
- Permissions explained
- Roles explained
- AuthUser explained
- Multi tenant explained
- Sharding explained
- How AuthP handles sharding
- How AuthP handles errors
- Languages & cultures explained
- JWT Token refresh explained
- Setup Permissions
- Setup Authentication
- Startup code
- Setup the custom database feature
- JWT Token configuration
- Multi tenant configuration
- Using Permissions
- Using JWT Tokens
- Creating a multi-tenant app
- Supporting multiple languages
- Unit Test your AuthP app