SAAS app, tenants

[papyr]

Hi, very nice, can you tell me how to support tenants, where company A's managers cannot see CompanyB's employees, so when looking at salaries etc.

thanks

[biggikalli]

Hi @papyr

Have you looked at the guide regarding multi-tenancy in: https://volkanceylan.gitbooks.io/serenity-guide/content/tutorials/multi_tenancy/multi_tenancy.html

[papyr]

Hi @biggikalli @volkanceylan great code so - :+1: I tried to follow that, but the link was broken https://github.com/volkanceylan/MovieTutorial/tree/master/MultiTenancy

Just drop in the nuget and it works, with 3 settings inside config.

1. - Also I wanted to recommend a couple of security add-ins NwebSec for ASP MVC Apps, single line of web.config protects the site. open source
2. - Also, setting the default engine to razor speed up your site
3. - setting max POST http length prevents buffer overun DOS and brute-force attacks

In your documentation, can you please add a couple of comments on seeding the ASP Identity V 2.2 for each tenants admin. Where in the code a link, (how) are the roles mapped to the controller-actions

thanks :)

[smartmeter]

ABP is more complicated but it has tenants and role to actions mapping built in https://github.com/aspnetboilerplate/aspnetboilerplate

[jsbUSMC]

Right now, Serenity uses FormsAuth and not Identity. You will have to add Identity to your project yourself.

[volkanceylan]

MultiTenancy will be rewritten. You don't need its code to follow tuturial though.

I don't know about NwebSec, but Serenity uses standard ASP.NET pipeline so you can integrate any library you like. There is a similar wiki article about CSRF attacks.