Get the source code for this video for FREE → the-dotnet-weekly.ck.page/multitenancy Want to master Clean Architecture? Go here: bit.ly/3PupkOJ Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt As a few awesome viewers have noted - the Tenant ID should come from a JWT or auth Cookie. I hoped that part was obvious since this is more of a proof of concept for Multitenancy. I wanted to focus on the EF features you can leverage to achieve this. And I left out the part about safely providing the Tenant ID. In any case, I'm updating this comment for posterity. TL;DR: For a production implementation, get the Tenant ID from the JWT/Cookie instead of passing it in a header. Join The .NET Weekly → bit.ly/4bfozSz It's a newsletter with 53,000+ engineers that teaches you how to improve at .NET and software architecture.

I never really found joy in backend development. After your videos about DDD, code architecture etc. Im finally enjoying writing backend code. Keep it going!

WOW. I recently had an interview about multitenancy, and I just popped these ideas out of my head - of course without implementation details.

This is exactly how I implemented multi-tenancy in my last application, but like you said in your pinned comment, also passed in the tenantId from a JWT. In addition, instead of of adding a query filter on each modelBuilder, I added a global query filter that adds this to all my entities matching a base type I created for everything that would be tenant-specific

Thank you Milan. You tought me again something new. Two weeks ago i enrolled in your Pragmatic Clean Architecture course after followed you on LinkedIn and KZbin.

Adding a tenant_id claim inside a JWT is also a good option

For the production app you need to check if a logged in user has access to a passed X-TenantId header. That way another user couldn't get data than doesn't belong to his tenant even if he somehow figures out the tenant identifier. This year my team was implementing a multi-tenant modular monolith application. We had some niche requirements where a user could have access to multiple tenants, single tenant or all tenants (i.e: super admin) defending on a role. It was the hardest use case of multi tenancy implemented by my lead

Thank you so much for the informative video. Multitenancy, in general, is a bit challenging, especially when it comes to managing tenants and their subscriptions through a dedicated tenant administration portal. This is in conjunction with data isolation strategies such as a Shared Database for All Tenants and a Separate Database Per Tenant. We dedicated the past four years to analyzing and studying the best practices that should be considered when building a SaaS app using the Multitenancy approach.

Milan this is not usable, this is not the way how multitenancy will be implemented. Maybe if you would implement both sides: frontend and backend. But as soon as you make your backend API public, it's not possible that other side on frontend will be controlling access to data via custom HTTP header. It would mean that any user who can log-in could use any TenantId in header and access to data of other users/tenants. The better solution is to either have own AuthN server (or at least AuthZ function after external login) and return TenantId as a claim in a JWT token which is issued by the server side and can be verified and not modified by client. Second part of video - the connection string for tenants are normally saved for each tenant in the database and loaded for ex. once at login and stored in local browser storage. Also it's not needed to store TenantId for the records. Better solution is to store just CompanyId. Imagine that common function is to move company to other Tenant. In this case you just change the relation between CompanyId and other TenantId and you're good. You have to have function like "Check TenantId against Company" for controlling of access to data of different tenants.

At last! Can't wait to watch on bigger screen! Thx!

Awesome video. It was what I needed in my project. Thank you !

Love it ❤ How to handle MIGRATIONS for multi DB scenario ❗️❗️

That's a beautiful solution! Thanks for sharing!

Thanks for bringing clarity to this topic. Can you break down how to resolve tenants by using a sub-domain? Perhaps tenant-resolution is an abstraction in itself - perhaps by header, subdomain and even http-query-parameter.

I like your approach, but couldn't you create a DBContext Factory which returns you back a DBContext based on the tenantId you provided ?

can you teach completely how to use benchmarking with api projects .i love your videos.

Always a good content quality! Thank you for sharing!

I like the way you present the different tenant scenarios and how you automagically apply the tenantId in your queries. I didn't know you could use DI in the application DB context, to use values from an external service. Is this possible if using separate configuration files in combination with assembly scanning? I understand that you are only showing the basics in this video, but wondering if an improvement for a further video could be, using and validating JWT tokens. By accepting and reading the tenantId from the JWT token you protect against simply changing the tenantId in the header (if that's sensitive). You could just reference your video on JWT tokens in this video.

I wonder if we could apply the query filter by convention if the entity thas the TenantId field, then apply automagically, instead of adding the query filter to every single entity (or worse, the new intern forgetting to add the query filter to a new entity)

Thank you for creating this helpful content, Milan ☺👏

We have a multi tenant system where some data is shared. We created them to be hierarchical so tenants can create their own sub tenants

Do you have a video showing how you set up those logs to show in the docker window?

That was a very useful video! Could you please post another one on implementing multi-tenancy using isolated databases for each tenant?

YEEEEEEEEEEES, I've been struggling with this theme a few weeks ago. Thank you so much for this video. Hope you can continue it

Great video. How can I set the tenant id into the header after login or call login api ?

I have a question here. In DB per tenant model, how identity storage should be structured and implemented?

what if I got an unknown amount of tenants with same connection string but different database setting? How do I setup that one ?

great video, thank you, what about multi-tenancy with single db and many schemas? (each schema ==> tenant)

How would you implement this if you wanted to allow the SaaS admin to also sign in to this application and perform some actions like inviting the company via email or issuing broadcast notification for all tenants? This would require a different entity than Company.

I don't have a TenantId before logging in, how do I know which database to access?

How to use this multitenancy using hangfire too?

what about multi-tenant database per tenant? Meaning only the databases are whats separated they share the same web api. Its been hard to learn how to do this with ef core. My idea is ill have a master database to store all tenant info and connection strings. When a tenant signs up for example, ill create there database on azure. Use ef core, add them to the master database. When I need to connect to the tenant database, I query the master database, grab the connection string some how make ef core work with dynamic connection strings. Create maybe a initial setup, where you run the first migration (similar to update-database in package manager console) on the tenants database. However most of this is theory, would love a video on this.

Nice video. I have a question. How to make outbox pattern with separate databases? maybe job per tenant or something else

How you solve the Di of the service for running migrations? Since it throws a object null reference exception.

The TenantProvider can be registered as Singleton. HttpContextAccessor is also a singleton. It uses AsyncLocal to ensure the scope. So, it is not important to register it as scoped ;-)

Really useful, thanks, but in multiple database scenario, how to create a tenant ?

I study a lot from your videos tks ，and I have a question how to change database connetctiongs when add a new tenant

That’s the Microsoft docs, can you make a more realistic scenario? What about auth in these scenarios?

Great video!

@MilanJovanovicTech How about the schema based multi-tenant, I know it is not supported in EF core. Is there a way to do that ?

Hi Milan, thank you for your videos, they are great. I really like the part about filtering with EF Core, thanks :) I just have one point: I am not a big fan of doing the GetTenantId in the constructor because if there is an exception, it will be wrapped in a DI container exception (Autofac dependency injection exception). What do you think of the Finbuckle library for multi-tenant? I like it.

Good episode 👍. It would be enlightening if you used a more realistic scenario, instead of headers, determined tenantId using custom claims extracted from JWT. An idea for a future episode.😉

Thanks for the effort, your videos are good and I appreciate the time like people yourself put into them. One question, in a Clean architecture with the core entities seperate from the main Infrastructure/Identity, what are people's view on creating entities that have relationships back to the individual user, rather than just the Tenant. For example, consider a "Keys" table maybe that is unique to the user logged in?

Hi Milan, I would like to note here that the firtst approach with the EF Query Filters is applicable when your users or tenants exists outside of this application. For example I have an MVC asp net core application and users are inside the same application (monolith) which makes it a mutlitenant application since every user can only access and modify their own data and all of them exist in the same databse. However the approach with the app user resolver service did not work for me. THe reason is because the OnModelCreating method is only called once for the project's lifetime. So before anyone would login the query filters had alreaady instatiated with null as the tenantId. I was actually around this issue for some time but for this type of application i mentioned it seems it is not an applicable solution. Great video, Keep up the good work!

THANK YOU so mcuh! Such a gem information!

Isn't it through TenantId that multiple databases determine which database to connect to? Before logging in, I don't know TenantId. How can I connect to the database and obtain user information? Is there a separate database for login logic?

Hello, How would you do it if the connection strings would have to be dynamic as well for the single tenancy case? Ex: Company x and Company y both registered within the application and you have to build dynamic databases for both of them without modifying the current app.configuration file I also enjoy your content, keep it up!! Thank you!

Does TenantId need to be purchased? How to deal with it?

What is base way to use with dapper

Hi. How i can setup individual users which does not have tenant?

Thank you for the pro content

Wouldn't data leak to another tenant if they changed the header value that holds the tenant id?

What is the best database migration strategy in case each tenant has different databases?

Will this resolves concurrency? As multiple concurrent tenants using at same time? e.g. in terms of lambda functions. I am new to this by the way..

Excellent. As always, there is no free repository related to the video. Any sales channel through Amazon to buy your complete course🤔

Thank u for the video, can u make a video on migrations with multi tanécy please ?

Hi Milan, I am a dedicated follower and student of your two courses. Do you have any plans for a course focused on multitenancy or SaaS applications? Any recommendations you could give me for my project? I would like to follow the strategy of using EF Core for commands and Dapper for queries. Additionally, I would like to use Keycloak as the identity provider for the different tenants. Thank you for your videos; they are very helpful for our projects and for improving as software architects.

Come on… It is basic concept of multi tenancy. It’s a great presentation. For the goal of the POC it was kept simple as possible. Of course it can be extended based on everyone’s requirements. Important and focus is EF support here, because this can be achieved also without EF Core.

This may seem like a novice question, but if the SasS application is going to be used for multiple domain names, where each spins up its own instance of the application with its individual frontend, if anyone has an example of how to solve that issue, I'd be very interested to see how thats done.

I wondering how DbContextConnectionPool would work ?

Ok but when generate efcore migrations with efcore tool: Unable to create a 'DbContext' of type ''. The exception 'Tenant ID not present'

Does anyone know the docs for creating a service? Please send the link.

It doesnt have to come from the JWT it can also be inferred from the url like a subdomain per tenant.

Thank you! Btw. The "X-" convention in "X-TenantId" is no longer considered necessary as per RFC 6648 🙂

Logging in with a separate database?

useful content

I hope people understand that this is an example only and you should NEVER EVER do this in production

🥷🏾🔥

Tenant could be passed via part of route