I have an mvc application that I allow businesses to log in using https://storea.mydomain.com

Question

0

Asked: June 5, 20262026-06-05T21:18:47+00:00 2026-06-05T21:18:47+00:00

I have an mvc application that I allow businesses to log in using https://storea.mydomain.com

0

I have an mvc application that I allow businesses to log in using
https://storea.mydomain.com https://storeb.mydomain.com etc etc

Each of the businesses has users created and I have a table that matches business ID to EmployeeId. I am trying to lock the application down so an authenticated user of businessA cant access information from BusinessB.

Where is the best place for me to be checking the user is allowed to access the subdomain? Do I override the OnActionExecuted action checking what the subdomain is then look at a session value to see if they match, if different log them out.

Or this there a more elegant way to do this?

Suggestions and advise on best practices would be great! thank you

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T21:18:49+00:00

Editorial Team

2026-06-05T21:18:49+00:00Added an answer on June 5, 2026 at 9:18 pm

A custom Authorize attribute seems a good place to perform this. You could override the AuthorizeCore method where you will have access to the HttpContext and you will be able to perform the custom authorization logic based on the subdomain.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have an mvc application that I allow businesses to log in using https://storea.mydomain.com

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply