-
Notifications
You must be signed in to change notification settings - Fork 164
Securing the sharding data
A developer created a multi-tenant application that uses sharding and, by mistake he deleted the FileStore Cache file (see issue #115 how that happens). At that point he lost the sharding information and he couldn't get it back. While the deletion of a FileStore Cache file is very rare, the consequences of loosing the sharding information on an active application would be very bad. Therefore I added code in AuthP version 8.1.0 a new feature to backup the sharding information, plus some features to ensure the sharding information is correct. This page shows what you need to do to use this new feature.
NOTE: You may ask why I use the FileStore Cache if it has this problem?. Its all about performance. Every access to the tenant's data needs the specific sharding data for that tenant, and typically more that 90% of all the requests needs the sharding data. In terms of speed the FileStore Cache get the sharding in ~25 ns, while using a SQL Server distributed cache would take at least 0.1 ms – that means FileStore cache is >4,000 faster.
Here are the sections in this page:
- Overview of the "Secure your sharding data" feature
- What the
CheckTwoShardingSourcesmethod does - [Things to do if there are errors]
The solution in AuthP version 8.1.0 adds a new database called ShardingEntryBackup (referred to as 'ShardingBackup database') to the AuthP's AuthPermissionsDbContext and extra code is added to the GetSetShardingEntriesFileStoreCache so any change to a sharding information in the the FileStore Cache will also update the database ShardingEntryBackup.
For new multi-tenant applications built with AuthP version 8.1.0 the backup is automatic, but if you are updating an existing multi-tenant application, then you need to run the method called CheckTwoShardingSources in the GetSetShardingEntriesFileStoreCache which will copy the existing FileStore Cache's sharding data to the ShardingEntryBackup. See the next section for how you do this.
When the CheckTwoShardingSources method is run it goes through four stages. The first three stages are about making the that the two sources, i.e FileStore Cache and the ShardingBackup database, have sharding data in them. The final stage checks that the two sources are the same. The four stages are:
- Intro to multi-tenants (ASP.NET video)
- Articles in date order:
- 0. Improved Roles/Permissions
- 1. Setting up the database
- 2. Admin: adding users and tenants
- 3. Versioning your app
- 4. Hierarchical multi-tenant
- 5. Advanced technique with claims
- 6. Sharding multi-tenant setup
- 7. Three ways to add new users
- 8. The design of the sharding data
- 9. Down for maintenance article
- 10: Three ways to refresh claims
- 11. Features of Multilingual service
- 12. Custom databases - Part1
- Videos (old)
- Authentication explained
- Permissions explained
- Roles explained
- AuthUser explained
- Multi tenant explained
- Sharding explained
- How AuthP handles sharding
- How AuthP handles errors
- Languages & cultures explained
- JWT Token refresh explained
- Setup Permissions
- Setup Authentication
- Startup code
- Setup the custom database feature
- JWT Token configuration
- Multi tenant configuration
- Using Permissions
- Using JWT Tokens
- Creating a multi-tenant app
- Supporting multiple languages
- Unit Test your AuthP app