c# - Multi-Tenant physical isolation -


we have multi-tenant asp.net mvc 4 web application each tenant having own repository of files (a folder in file-system). took shared database, shared schema approach , identify tenants subdomain.

what best way ensure tenant can access repository folder , no other folder in file-system? check in application business logic, if make mistake...?

when running application, tenants run under same user (which defined in iis application pool).

do need serve each tenant separate user - using impersonation? need impersonate each time request made server - in order fill it?

i've heard has performance drawbacks , not prefered way, is?

we have windows service fills requests in background (for tenants), sent through msmq. service needs change identity every time gets request?

edit: in addition, need type of isolation if uploads file infected virus - affect tenant's files, , not every tenant on server. use ant-virus software, need separation in case antivirus software not identify virus.

thank you

all tenants run under same user

if each tenant has separate iis web app , identity (whether app pool or "normal" user), can use ntfs access control.

these not depend on having users having local or domain user accounts on web servers allow impersonation (and ntfs access control).

however add memory overhead on servers of course – each tenant have own worker process.

[…]msmq. service needs change identity every time gets request?

i'm not sure can impersonation based on msmq messages, expect not work (msmq messages not carry necessary identity information).

anything shared going need implemented check access: depending on nature of processing may more difficult (eg. if client requests can of order "get information file" arbitrary file: service need access checks1).

1 there win32 functions heavy lifting.


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more