ASP.NET MVC 4 multi tenancy

Question

In ASP.NET MVC 4 I see that there is and [Authorize] attribute and now a corresponding [AllowAnonymous] attribute that can easily let you require authentication to access specific controller actions.

What I need is true multi tenancy though. Each user can access only their own records, and all records other than the user accounts should be owned by individual users.

In Hobo (http://hobocentral.net) which is a Rails plugin, this was easily accomplished by adding the following line of code in my ApplicationController:

before_filter :login_required, :except => [:login, :signup, :do_signup, :activate]

And then in my model:

belongs_to :owner, :class_name => "User", :creator => true

# --- Permissions --- #

def create_permitted?
  acting_user == owner || !owner_changed?
end

def update_permitted?
  acting_user == owner || !owner_changed?
end

def destroy_permitted?
  acting_user == owner || !owner_changed?
end

def view_permitted?(field)
  owner_is? acting_user or new_record?
end

And finally in my model's controller:

def index
  hobo_index current_user.modelName
end

Does something so simple and elegant exist or is built into ASP.NET MVC? So far I've found several ways to implement multi tenancy in ASP.NET MVC but I'm unsure as to which is the clearly correct way. I also intent to use .NET 4.5 and Entity Framework 5 if that helps.

Answer 1

if you are using any type of built in authentication in asp.net MVC then its already present as you can use something like

HttpContext.Current.User.Identity.Name

and if you are not using some kind of internal authentication mechanism then you can do what i did simple when authentication a user save the primary key in a session variable.

Session["User"] = Key;

and inside each controller take out the variable

var key = Session["User"];

and retrive the user data based on the key