Home/ Questions/Q 7669657
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T15:38:42+00:00

I would appreciate some pointers regarding data access/control in a MVC based multi tenant

  • 0

I would appreciate some pointers regarding data access/control in a MVC based multi tenant site:

Is there a better/more secure/elegant way to make sure that in a multi tenant site the user can handle only its own data.
There are number of tenants using same app: firstTenant.myapp.com, secondTenant.myapp.com…

    //
    // GET: /Customer/
    // show this tenant's customer info only

    public ViewResult Index()
    {
        //get TenantID from on server cache
        int TenantID =  Convert.ToInt16( new AppSettings()["TenantID"]);
        return View(context.Customers.ToList().Where(c => c.TenantID == TenantID));
    }

If a user logs in for the first time and there is no server side cache for this tenant/user- AppSettings checks in db and stores TenantID in the cache.

Each table in database contains the field TenantID and is used to limit access to data only to appropriate Tenant.

So, to come to the point, instead of checking in each action in each controller if data belong to current tenant, can I do something more ‘productive’?

Example:

When firstTenant admin tries editing some info for user 4, url has:
http://firstTenant.myapp.com/User/Edit/4

Let’s say that user with ID 2 belongs to secondTenant. Admin from firstTenant puts
http://firstTenant.myapp.com/User/Edit/2 in url, and tries getting info which is not owned by his company.

In order to prevent this in the controller I check if the info being edited is actually owned by current tenant. 

    //
    // GET: /User/Edit/

    public ActionResult Edit(int id)
    {
        //set tennant ID
        int TenanatID = Convert.ToInt32(new AppSettings()["TenantID"]);
        //check if asked info is actually owned by this tennant
        User user = context.Userss.Where(u => u.TenantID == TenantID).SingleOrDefault(u => u.UserID == id);

        //in case this tenant doesn't have this user ID, ie.e returned User == null
        //something is wrong, so handle bad request
        //

        return View(user);
    }

Basically this sort of setneeds to be placed in every controller where there is an access to any data. Is there (and how) a better way to handle this? (Filters, attributes…)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I choose to use action filters to do this. It may not be the most elegant solution, but it is the cleanest of the solutions we’ve tried so far.

    I keep the tenant (in our case, it’s a team) in the URL like this: https://myapp.com/{team}/tasks/details/1234

    I use custom bindings to map {team} into an actual Team object so my action methods look like this:

    [AjaxAuthorize, TeamMember, TeamTask("id")]
public ActionResult Details(Team team, Task id)

    The TeamMember attribute verifies that the currently logged in user actually belongs to the team. It also verifies that the team actually exists:

    public class TeamMemberAttribute : ActionFilterAttribute
{
  public override void OnActionExecuting(ActionExecutingContext filterContext)
  {
    base.OnActionExecuting(filterContext);
    var httpContext = filterContext.RequestContext.HttpContext;

    Team team = filterContext.ActionParameters["team"] as Team;
    long userId = long.Parse(httpContext.User.Identity.Name);

    if (team == null || team.Members.Where(m => m.Id == userId).Count() == 0)
    {
        httpContext.Response.StatusCode = 403;
        ViewResult insufficientPermssions = new ViewResult();
        insufficientPermssions.ViewName = "InsufficientPermissions";
        filterContext.Result = insufficientPermssions;
    }
  }
}

    Similarly, the TeamTask attribute ensures that the task in question actually belongs to the team.

    • 0