SaaS / Multi-Tenancy

[deepshikhasinha241]

Hi,

I am new to CSLA and am just starting to get my head around this wondeful framework.
Can anyone guide me in the right direction in building a Multi-Tenant Blazor Server app. I have gotten to the point where I have a basic Blazor Server app running using CSLA with custom Authentication. Any Sample code would be great.

Thanks
Deepshikha

[rockfordlhotka]

The first thing to figure out is your authentication strategy, which will be different between Blazor wasm and server-side Blazor.

You say server-side Blazor, which is good - that's simpler. The reason it is simpler is because the user identity is managed entirely on the server, so aspnetcore already helps you protect it. You'll have a ClaimsPrincipal and ClaimsIdentity representing the user, and can rely on the claims in the identity for your authorization rules and other per-user information.

The second thing to figure out is your data isolation strategy. Are you going to have a different database for each tenant, or does your database schema have tenant columns to keep the data isolated? That's a big architectural decision with a whole lot of consequences for either choice!

The third thing to figure out is whether you'll have shared app servers, or the app servers will be per-tentant. You do get decent isolation from aspnetcore, but there are business ramifications (performance, server costs, chargebacks to clients, support, etc.) that impact whether you allow a server to support multiple tenants, or dedicate servers to specific tenants.

From there, you need to determine whether business rules can vary depending on tenant, and this is where CSLA is impacted. Remember that business rules include authorization, validation, calculation, and algorithmic rules.

If you decide to share servers across tenants, then you'll need to use the CSLA concept of a rule set, with the idea being that each rule set represents the rules for a given tenant. Typically you'll have a claim in your user's identity that indicates their tenant, and that maps to the rule set. When adding rules to a type or domain object (AddBusinessRules, for example), you'll add rules for all rule sets.

If you decide to have isolated app servers, then you won't need rule sets, because you will load the tenant-specific rules depending on the tenant to which each server is pinned.

Obviously your DAL will be impacted by your data isolation strategy. Typically that doesn't impact csla code, and the DAL relies on the user identity tenant claim to select the right database or tenant views/queries.