0

I need to develop a custom RoleProvider for a MultiTenant web app. At the DB level, we have a table that relates Users with Roles with Tenants.

enter image description here

My problem is that RoleProvider gets user roles just passing the User as parameter, and we need to take the Tenant into account.

In RoleProvider implementation we have:

public override string[] GetRolesForUser(string username)
{
    //Code to retrieve roles from repo
}

As the roles are for a user in an specific Tenant, we need:

public override string[] GetRolesForUser(string username, int tenantId)
{
    //Code to retrieve roles from repo
}

The current tenant is stored in the ControllerBase class (the one that all controllers inhereted from).

The Membership and Role Providers are in a separate project, so I don't see a way to use the current Tenant. I think I could create my custom RoleProvider in the web app project.

Any idea on how to implement the RoleProvider interface taking the Tenant as part of the input ?

Romias
  • 13,783
  • 7
  • 56
  • 85
  • A tenant is an Organization, so, for each Organization a user has a certain set of roles. – Romias Oct 31 '12 at 02:51
  • what you need is a decorator pattern basically. if the other project doesnt allow you do that, you need to wrap that within another class of yours. – DarthVader Oct 31 '12 at 03:07
  • @DarthVader, I don't really get what you say, I do know the decorator pattern, but since RoleProvider is "invoked" by ASP.NET MVC, I don't see how to extend it. Would you be so kind to deepen your answer? – Romias Oct 31 '12 at 13:47
  • You're sort of in a pickel. You won't be able to over ride the GetRolesForUser and add an additional parameter because the calling chain up stream won't know to use your new method. I suppose you could create your own RoleProvider and modify the initalize function as suggested here http://stackoverflow.com/questions/1551503/dependency-injection-and-asp-net-membership-providers and use dependency inject to inject the "tennenant" information. – Nick Bork Oct 31 '12 at 14:28

1 Answers1

0

Well, just to inform you what I did in my case:

As our routes are in the form of http://[tenantName].[domain]/[App]/[Area] we ended up getting the [tenantName] from the Request, since it is unique, and with the Tenant and the UserName that came as a parameter I can do my select on our UsersInTenants' table.

The very same can be done using cookies as a way to pass aditional information.

So you can access the request, with the cookies, but for what I research the Session is not yet initialized in most cases.

Hope it helps!

Romias
  • 13,783
  • 7
  • 56
  • 85