Hi,
I am building a mobile front-end for our application - and the requirement for the user to enter the tenant name is cumbersome.
For the web, this makes sense, and is not a problem, because each customer will be given a custom domain (3rd level), which provides the requisite tenancy information for the backend code.
For mobile applications, however - one cannot create a copy of the app in the app store, for each tenant (Apple app store violation - and would also just be a PITA) - so I understand why the user needs to specify a tenant when logging in.
It is, however, cumbersome for the user.
I could provide a dropdown to choose the tenant - however, because this would need to be a public API call (unauthenticated), it's a security/privacy concern - exposing the list of customer names.
Ideally, the user would log in using email/password, then be presented with a list of all tenancies which matched those credentials, allowing the user to pick one.
What would be your recommendation around achieving this?
4 Answer(s)
-
0
@adam If you're using Ionic for app development see here: Ionic reop integrated with Zero The way I have achieved a single app for all tenants is to build a registration system. Enter the tenant name in the app and pass back the tenantId which should be saved to local storage and used for all cookies thereafter. I have added a further step which is to register the device, notify the admin who then has to authorise the device before it can be used. Implement a device SignalR service so the device can be controlled from the server (i.e. found, tracked and local storage removed in case of a possible security breach).
-
0
Thanks @bobingham - nice design.
I'm using Flutter.
Your proposal doesn't quite fit for me however - as registration can happen either through the app or via the web.
Even if the user initially registers through the app - they will likely log on using other devices, which is not another registration - just a login.
The only way I can see (and the cleanest) is for the server to offer a list of tenants, once the user has been authenticated against at least one of the tenants.
Something like this (server-side pseudo code):
var listOfTenants = tenants.Where(x => x.email == userSubmittedEmail && x.password == userSubmittedPassword) if (listOfTenants.Count == 0) return InvalidLoginAttempt() else { var firstTenant = listOfTenants.First(); GenerateAuthenticationToken(firstTenant); if (listOfTenants.Count == 1) return RedirectToWelcomePage(firstTenant) else return RedirectToTenantChooser(listOfTenants) } -
0
@adam, In my case I charge per device connected to the system. A tenant must register via the web first and each device must be authorised so I can charge on a pro-rata basis for usage per day per month. Therefore the tenancyname is always known. Any user can use any device but the devices are carefully managed. I think the business case is probably different to yours but good luck with the project!
-
0
Hi @adam.langley
You can first query records in AbpUserAccounts table with the given username and list all tenants related to those records. After that, you can proceed with login since you will have the correct TenantId.
