Identityserver identitydbContext per tenant

Question

I'm looking at using identityserver and asp.net identity with multi tenancy. The idea is that each tenant will have their own database or shared database with the user details.

When deciding which database identityserver should authenticate against. I pass through the tenant acr_value which allows the login screen to display which tenant is being logged in and I have created my own middleware that injects into the constructor for my dbcontext

    public MyDbContext(DbContextProvider contextProvider) {}


    public DbContextProvider (IHttpContextAccessor context, IdentityServerContext ctx)
    { //we can get the host/acr_values in here }

The problem is when identityserver redirects to connect/token or userinfo - there is no longer anything to identify the client anymore, no redirect_uri or tenant which means I can't generate the connection string that I need.

Is what I'm thinking of possible?

Answer 1

I would not use DI to solve the problem.

In the user service use the acr value to determine to which user DB to go to. Much easier - and less magic.

Answer 2

Just my 2 cents on this. Don't use different users DB. I personally don't make multi tenant applications like this. You should make a common user database with each user having its database name in one of its columns. On successful login just connect the user with their database.

Using this approach, your application can behave as a public application where any user can come and register himself. Since, you have a common users DB, all you need to do is run some validations on user sign up and generate a new database against that user or company.

You will have a full control over all of your users. If you want to perform any action on a specific user, you would be able to do that easily in this approach. You can think of it as we Normalize the database to reduce data redundancy. Similarly by making a common Users DB and each user has a column to specify his database, you are making it more flexible.