I'm trying to build a Multi tenant SaaS application, and i know there are multiple approaches to that, but i picked the multi-database one i think it would fit most.
so I create a db for each tenant and store a table of tenants in the main db
and connect users to their respective db based on the subdomain.
now my issue here is where to store the users, in the main db? or the tenant db, storing the users in the main db is going to make it difficult to get user related models in other db's, but storing it inside tenants db would make it difficult to authenticate on all users ...
also what's the best scenario?
authenticate, get jwt token.
send token with each request.
on each request validate token, check subdomain, connect to respective tenant db, execute request.
is this a good approach? what should I do with the users table issue?
ThnQ
I can offer third option. Have user both in tenant and main db. You can then create procedure to update main db when user changes in tenant db (or vice versa).
Also, I don't know models in Laravel, but MySQL doesn't have problem with cross database JOINs.
Good option will be to keep users in tenant database. As you are distinguishing your tenant based on sub-domain, you can tell your authentication system to query sub-domain specific database.
Sharing flow of authentication
User hits the sub-domain to login for application
User credentials will be sent to application
Before passing credentials to authentication, decide database for user authentication based on sub-domain from which user came.
Pass database name, user credentials to authentication system
Authentication system query specific database and authenticate user
Generate session
Related
I want to use MariaDB (mysql) users to authenticate in a Laravel app. So instead of having a users table and a single database user for the whole application I want each login to be a separate database user and have permissions managed by the database.
This will be an internal app used by no more than 10 users.
Do I need to create a custom user provider in Laravel? What would be the best way to go about this?
I am creating a Multi Tenant application which each individual Tenant will have their own list of users (able to login as well).
As this is the first time I am developing such application I am unsure what is the best practice to store those sub users under every Tenant.
Current design:
Master User Database (stores login credentials of multiple tenants)
Tenant Database (each tenant will have their individual database)
To allow individual Tenant to have their own sub users, I am thinking to add a new Table under individual Tenant Database. Another way is to add a new Table under Master User Database which will store all those information.
Also, the login should be done at a centralized login portal whereby Tenant or sub users will do the login there and will redirected accordingly.
But after logging in, I am unsure if it is best to redirect to Tenant sub domains or a general dashboard.
Anyone have experience in these and can give me some solid suggestions?
EDIT 2017-04-20: On another thought, I think that it might not be advisable for sub users of Tenant to store in Master User Database since it will be exposed? But if users are to be stored in individual Tenant database then how can a centralized login portal works?
Very Simple You need to create tenant sub user into master user table as well, then your single login page will work.
I'm trying to implement an authentication system and I'm unsure of the correct way to components to use in the Symfony security component.
In essence, what I want to do is authenticate users against an LDAP server, but also have access to User objects for the purposes of database queries (e.g. listing all users in a dropdown).
Now in the LDAP tutorial it states:
Checking a user's password against an LDAP server while fetching user information from another source (database using FOSUserBundle, for example).
However, it doesn't really go into any explicit detail about how this is done. How can I create User objects from the LDAP server? I just want to store usernames, emails, and roles - I don't need passwords since I want to do actual authentication with the LDAP server itself.
Or am I better off to not use User entities in a database, and instead grab all the user information from the server whenever someone logs in (so that it's up to date)? If this is the case, how do I fetch this information when someone logs in, and use it in a similar way as I would a set of User entity objects?
I have a web app which I need to duplicate for multiple clients.
Each client will have his own server space and a database.
Each database will have one user table per client and they have independent data from each others.
Clients could access to their site via sub-domain URLs.
One client's URL may look like this ex: www.abcgroup.example.com (client: abcgroup)
I want to have one centralized login page at www.example.com/login.
Once a client login, he will be redirected to abcgroup.example.com automatically, without having to type his own sub-domain URL.
ex:This site managed to do it https://tictail.com/
Problem is that I have multiple databases with multiple user tables. So how can I authenticate users globally from one login page?
I'm not sure whether I have to check against all the user tables in client databases.
Do I need to read from all the user tables? (I'm using Codeigniter 2)
Thanks!
2 ways to do this:
Have a central DB that has all the users. This makes sure all the users are unique. Having multiple DBs, you may run into duplicate users.
Making the user select or type in the subdomain in the login page. Some web apps do this.
I'm creating a web app that users will create an account for, which allows them to read/write data on a database. I'm about to start creating the login authentication part of the website, and its my first time really doing this part. As I understand it, I'm going to create a users table which will store all the necessary login info for the website.
I know there are also database roles/permissions. My question is about how the 2 relate in this instance. Do I need to authenticate the users on the website and the database? My thought process was that if all of my PHP scripts are set up in such a way that the session data will only allow authenticated users read/write to the DB, then I don't need to do anything on the database end, but I want to make sure I'm thinking about this correctly.
Is that clear as mud?
If I understand correctly, your question is wether or not your users need access to your database.
Your users are not going to communicate with the database directly. Your app will. Your users are only going to use your app which will act as an interface between the user and the database.
Therefore, only the app needs access (and the appropriate permissions) to the database. Because it now has access to the database, it becomes responsible for making sure that only the right people can perform certain actions. (by means of a login- and permission system)
If not all users should have the same permissions within your app (you might have normal users and administrators), you need to create a permission system within your app that checks wether a user has the appropriate permissions to perform a certain action.
For instance if someone tries to delete some important data, you
make sure he's logged in (if he's not, redirect to the login page)
make sure he has the appropriate role / permissions (in this case he should be an administrator - if he's not, cancel the action)
Symfony's page on Security gives some insight. Just skip the Symfony-specific parts and read about the general idea.
Your users will authenticate on your website (by requesting details about their validity from the database). Once authenticated they can do things that the website gives them access to.
The only user that will communicate with the database directly is you/your website. Your database will have a table entitled 'users', but the actual user of the database should be no one else but you - you don't want to give random users free reign. You can then set what database queries you wish the database to perform on certain users actions.
Hope that helps clarify