Multi-Tenant does not cater for Role with same Role-Name in > 1 Tenant

[274188A]

Blazor Studio 1.6.0 Blazor Wasm, ASP Security, Multi-Tenant

STEPS Login as TenantsAdmin Add 2 New Tenants Add a Role to both new tenants using same Role Name Try to Add new User to any tenant with the Role from step above.

Exception thrown

User does get added to the correct tenant - but the AspNetUserRoles table remains empty. That part failed.

Also tried going back in to Edit the user and Add a Role - also fails but I'm unable to determin the exception:

[274188A]

I have a hunch that because I have 2 tenants, and both tenants have Roles named identically, and selection is taking place base on Role name, this causes the error. Maybe Role name has to be unique across all tenants (not a great idea) or select roles from within the context of the Tenant being used.

Also while in the RBS designer setting Access for a page - may be awkward if a user can't distinguish Roles of Tenants as shown below:

[enchev]

Fixed and will be released in our update next week.

[VyacheslavPridchin]

I am still encountering the same issue, even with the latest version of Radzen Blazor Studio installed (version 1.13.2).

The key issue here is that roles are being looked up by name, and when queried from the database, it returns the first role it finds – the one that was created first.

Steps to Reproduce:

1. Create the first tenant, "tenant_1."
2. Create the second tenant, "tenant_2."
3. Add two roles to the first tenant: "User" and "Admin."
4. Add the same two roles to the second tenant: "User" and "Admin."
5. Create a new user for the second(!) tenant, "tenant_2," and attempt to assign a role.

Result:

If you inspect the new user in the application, you'll notice that no role is attached. In the database, a record will be added to the "AspNetUserRoles" table for the new user. However, the attached role will be the one with the same name but associated with the first created tenant, "tenant_1," even though we were creating the user for a different tenant, "tenant_2."

Possible Causes:

Upon examining the code execution sequence, it becomes evident that the issue arises during the following steps: -> AddApplicationUser.FormSubmit(Models.ApplicationUser) -> SecurityService.CreateUser(Models.ApplicationUser) -> (invoke Post request to ApplicationUsers with new user data) -> ApplicationUsersController.Post([FromBody] ApplicationUser) -> UserManager.AddToRolesAsync(user, roles.Select(r => r.Name))

At this stage, the "AddToRolesAsync" method is executed within the "UserManager" class, which is located in another assembly and cannot be independently modified. The problem with this method is that it assigns roles solely based on their names, without considering the tenant ID. Consequently, it assigns to a new user only those roles that were created for the first tenant, "tenant_1."

This error will occur with any number of tenants greater than 1. It is only possible to correctly modify roles for the initially created tenant.

Proposed Solution:

In my opinion, an excellent solution would be to create global roles that are visible to all tenants. These roles could only be created by one user, "tenantsadmin." Additionally, you could create local roles that are specific to each tenant and are not visible to other tenants.

Using this solution will also make it easier to manage page access based on roles within the Blazor Studio editor. Global roles can be utilized for these purposes. Since roles are currently dynamically created within the application and can even be created after publication, their primary goal of separating page access is lost.

[enchev]

I already answered your forum post: https://forum.radzen.com/t/multi-tenant-does-not-cater-for-role-with-same-role-name-in-1/15114/2