I have created this open source project to handle security aspects of a hosted multi-tenant applications. Recently, made some enhancements, just wanted to blog about these changes. I am using this in two large healthcare applications. It is evolving based on the actual application needs (eating your own dog food!).
As I mentioned earlier, until very recently I used ASP.NET provider model to accomplish security. Provider model provided a very nice abstraction over many of the security needs.But it totally lacked the support for multi-tenant scenario. I have added this support and abstraction is provided through SOAP and REST services.
Your login screen will have enterprise (tenant) name in addition to username and password.
Recently added a concept called ‘EnterpriseAttribute’. In a typical multi-tenant application, there are several scenarios where you have to store tenant specific information. I will give a concrete example. We are building an EDI platform. We have to load the EDI documents belonging to many tenants. Where to store metadata such as folder information, database connections etc.? I could have easily made this part of my platform. After some thinking, I decided to make this part of the security project and generalized these concepts (folders, connections etc.) and called them ‘Attributes’. I am pretty sure your applications will have many such attributes. Added corresponding API in SOAP and REST services to get/set these enterprise attributes.
Also added an attribute called ‘DisplayOrder’ in Application Entity. Whenever your application requests for this list, they will be automatically sorted by this order. This will give you control over how you want to display list of features/modules.