Base solution for your next web application
Open Closed

"Create account" adding new users to Default tenant instead of creating a new tenant #10597


User avatar
0
SelfSwapAdmin created

ASP.NET Zero 10.2 Angular 10/.NET Core 5

I have multitenancy enabled.

For our site, each new user registering from the login page will create a new tenancy. This first user will be a power user that can add additional users for that tenancy which share the subscription and tenant data.

I followed this procedure to have users login by unique email address: https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Core-Angular-Sign-In-Without-Specifying-Tenant

I am disabling all places where the standard UI allows the display/switching of tenants. We don't want our users to see any of that.

I am just testing the standard "Create account" from the login page. Why does it automatically assign new users created there to the Default tenant? What is the most appropriate way to change the system so that it creates a new tenant for that user instead? Thank you.


6 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    For our site, each new user registering from the login page will create a new tenancy

    Could you explain how did you implement this ? And share the code where you create a new tenant if possible ?

    Thanks,

  • User Avatar
    0
    SelfSwapAdmin created

    Actually this sentence "For our site, each new user registering from the login page will create a new tenancy" is a requirements statement.

    I have not modified any base code to satisfy this requirement. How to do this is modification is my inquiry.

    After making the change to login only by email address, which eleminates the login page controls to show and switch Tenants, I tested creating a new user from the login page.

    I discovered that all new users created the go to the Default tenant 1. We need the system to create a new tenant for each user creating a login.

    Before just figuring out what to change on my own, I want to seek advice on how to properly do this. Also I thought that behavior was unusual and I want to better understand what the intended design is to make sure we are doing things properly.

    To summarize, I am inquiring how to configure or modify the base code t create a new tenant for each self-registering user. Thank you.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @SelfSwapAdmin

    Thanks, got it now. But, creating a new tenant for each login attempt seems a bit dangerous. You can also consider doing this on the user registration page.

    In both cases, to create a new tenant, you can switch to Host context first as explained here https://aspnetboilerplate.com/Pages/Documents/Multi-Tenancy#switching-between-host-and-tenants and then create the tenant in this scope.

    After that, switch to newly created tenant's context and assign the newly created tenant's Id to new user's TenantId field;

    It should be something like this;

    int tenantId = 0;

    using (_unitOfWorkManager.Current.SetTenantId(null)) // Host context
    {
        tenantId = _tenantManager.CreateWithAdminUserAsync(...); // Create tenant using TenantManager class
    }
    
    using (_unitOfWorkManager.Current.SetTenantId(tenantId)) // Tenant context
    {
        var user = new User(){
          TenantId = tenantId,
          ...
        }
    }
    
  • User Avatar
    0
    SelfSwapAdmin created

    I'm still not sure you understand my explanation of our requirements. We will have customers who are single users and customers who are organizations with multiple employees needing access to the same tenancy. The application will store very sensitive financial information. We might have some customers in the future whose size or security requirements might require their data to be compartmentalized into a dedicated database. Therefore each logical "customer" will have it's own tenancy to enable this physical separation and to maximize data security otherwise.

    The new account (customer) registration procedure will enable the creation of a new tenancy for either a single user account or an organization who will later add additional users through the administration tools that the site grants them access to. A user has to click a new account registration button in order to start that process. It would not happy via the login button. For tenants needing multiple users, the first user who registered and created a new tenancy is automatically granted a "Tenant Admin" role which gives them the rights to adminster their tenancy including subcription level and user maintenance.

    In this way it works like most other sites, including Amazon as shown below, where the "Create your Amazon account" button establishes a new account. This account could be an individual account or a business account. Creation of a new account does not associate the account to some "Default" tenant which would store all the account's data with other user's data. The problem I am reporting is that the "Create account" process with our .NET/Angular 10.2 based solution is adding new users to the Default tenant when login by email address is enabled, and not creating a new tenant for it. Is that by design? What is the theory behind that?

    HOWEVER, I was just reviewing the "What is Multi-Tenancy?" page you referred me to and struggling to understand what it is from there that you are advising me to do when I suddenly realized the problem I am reporting has to be caused by a cookie. Sure enough I invoked our site from an incognito window and got a different result, with the login page showing "New Tenant" instead of "Create Account". I clicked the "New Tenant" button and it prompted me to selected a subscription level. If I log out and log back inThis is exactly what we want and what I am expecting. Then I tested it on all major browsers incognito and not, including one other browser I have been testing with for a while. Curiously I discovered that the problem only occurs on browsers (Chrome and Edge) that I been using for a while to test our site.

    I then deleted our site's cookies from Chrome and Edge and discovered that the problem no longer reoccurs on either of those browsers. It appears the problem I needed to fix only occured with old cookies, probably those created before I changed the configuration to login by email and bypass tenant selection. So right now it appears all is well and no code or further configuration changes are needed. Were you aware of this behavior? If not, I thought you might like to know about it. Thank you for your help.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @SelfSwapAdmin

    The default implementation in AspNet Zero (without the login only by email address implementation) works exactly like you want. But, if you enable "login only by email address" in the login page, then it might make things complicated.

    When a user tries to login with the email address, login page tries to detect the user's tenancy and sets a cookie. When user is logged out, only user relatead cookies are deleted and the tenant related cookies stay on the browser. Because of this, if same user tries to register a new user, it will be registered to tenant detected previously.

    As a solution, you can try not using "login only by email address" or you can remove the tenant cookie in the logout operation but just note that this problem can occur for the same user and one user can't affect another user's registration progress.

  • User Avatar
    0
    SelfSwapAdmin created

    Like I wrote above, it seems to be working find now after deleted any pre-existing cookies from browers I had tested on before. The new cookies are not presenting a problem. I will leave everything as-is for now. Thank you!