How to implement Multi-tenant User Login using ASP.NET Identity

Question

I'm developing a Multi-tenant solution and I want to use the latest ASP.NET Identity framework specifically the Entity Framework implementation.

Basically I need to allow two users to have the same username, though it must be unique within a tenant, I'd also like to make use of external sign-ins such as Twitter, Microsoft, Facebook and Google.

From what I can tell, the framework was not designed with multi-tenancy in mind, though it does seem to allow extensibility. I'd prefer to make use of as much existing components as possible, though at the moment I think I'm going to have to abandon the Entity Framework implementation, and code it all myself.

Has anyone else tried this and how much have they had to code themselves.

You could store and handle the user `Jim` of tenant `7` as `7\Jim` internally. — Slauma, Nov 18 '13 at 18:33
How it went? We are currently implementing the same thing. Is 2.0 any better? Library need some improvement or have any problems? — Bart Calixto, Aug 28 '14 at 01:31
@Bart it went fine, see my answer http://stackoverflow.com/a/20230452 — James Skimming, Aug 28 '14 at 10:06

James Skimming · Accepted Answer · 2014-08-28T10:09:30.280

28

I've now got a working solution that I've shared in a GitHub repository:

https://github.com/JSkimming/AspNet.Identity.EntityFramework.Multitenant

The extensibility required to support multi-tenancy is not possible with the 1.0.0 release of Microsoft.AspNet.Identity.EntityFramework (at least not without a lot of custom work), but is available in the 1.1 alpha release currently available through the Nightly ASP.NET Web Stack NuGet Packages.

I've decided to release what I've produced as a NuGet package AspNet.Identity.EntityFramework.Multitenant, as stated it currently requires the Nightly ASP.NET Web Stack NuGet Packages.

I've provided two simple sites that make use the package to allow for multi-tenancy:

Vanilla Implementation which is the standard MVC5 template project that uses a string primary keys.
- The changes necessary to provide multi-tenancy have been isolated to this commit.
Integer Primary Key Implementation which is making a few more customisations to use integer primary keys
- The changes necessary to provide multi-tenancy have been isolated to this commit.

I plan to update the solution as the 1.1 version of ASP.NET Identity is released.

I hope others find some use in the nuget package I've released, any feedback is more than welcome and please raise any issues you find.

Update

The solution has now been updated to use the 2.0 release of Microsoft.AspNet.Identity.EntityFramework.

edited Aug 28 '14 at 10:09

answered Nov 26 '13 at 23:54

James Skimming

4,991
4
26
32

Hi James, this is exactly what I need in my current project, but I am having trouble getting it added in. For one, the namespace AspNet.Identity.EntityFramework.Multitenant; won't work, I've got the right version of EF, is there something obvious I should check for? Thanks – Fred Johnson Mar 18 '15 at 19:12
As is the way I found the answer no more than a minute later. It may be of use adding this to your description, and many thanks on this work! Install-Package AspNet.Identity.EntityFramework.Multitenant – Fred Johnson Mar 18 '15 at 19:14
Thank you for making this. My question is, can this be implemented like the Facebook/Google/Microsoft logins are? Meaning, I have one of **many** projects. When the user clicks the Login from any project, I would like them to go to this generic logon site that (your code) lets them log in or use FB/G/MS and then returns me what I need (Identity + Claims) back to whatever site they came from. Just like if I integrate FB/G/MS into any site, it actually goes to FB/G/MS, authenticates and returns back to my site. So as seamless as the FB/G/MS login is, I want that with this multi-tenant site. – Grandizer Mar 30 '15 at 12:36
@Grandizer if I understand you correctly, yes it also works with external logins, e.g. FB/Google/MS. – James Skimming Apr 02 '15 at 19:10
@JamesSkimming thnx for the good work James. Is there any documentation on how to get started with your Example solutions? Or maybe a fuller example project available somewhere? I see you passing in the tenantid in the AccountController constructor but I'm a little lost on how to go on from there. – darren May 16 '15 at 14:46
@mongoose_za once having set the tenantid, you should be able to use the UserManager as before, that's the intention. – James Skimming May 18 '15 at 15:43
hi can you please update to 2.2, and set user tenat context on login to filter tables only for his tennat? – Transformer Feb 25 '17 at 05:39

score 3 · Answer 2 · answered Nov 18 '13 at 17:42

3

Yeah we explicitly left this as an extensibility scenario. You should be able to do this via overriding UserManager properties and implementing your own custom IUserStore. Although you might be able to extend the EF UserStore potentially as well and just add a tenantId to your user.

answered Nov 18 '13 at 17:42

Hao Kung

28,040
6
84
93

Thanks for replying, really appreciate it. I've been looking at the nightly builds as these allow for greater extensibility of the models. I'm currently prototyping a solution. – James Skimming Nov 18 '13 at 21:29

How to implement Multi-tenant User Login using ASP.NET Identity

2 Answers2

Update

Linked