Multi-Tenant Identity Boundaries
Multi-Tenant Identity Boundaries
To guarantee complete workspace confidentiality, Asterisk 2 implements robust multi-tenant data segregation. The solution enforces isolation bounds programmatically at the Entity Framework core access layer, ensuring tenant organization operations never leak context.
Tenant Authorization & Data Segregation Logic
The diagram below details how user identity requests map securely to organization database limits:
graph LR
%% User Access
subgraph Browser["Client Workspace Context"]
Req["Inbound Action Request<br/>(Targeting Project Id / Slug)"]
end
%% Routing & Injection
subgraph Router["ASP.NET Core Middleware"]
ClaimsContext["Claims Principal Engine<br/>(Extracts User Identity)"]
ScopedDI["Dependency Resolver<br/>(Instantiates Scoped EF Provider)"]
end
%% Security Engine
subgraph ValidationEngine["Database Validation Boundary"]
QueryFilter["EF Core Global Query Filters<br/>(Where e.OrgId == User.OrgId)"]
RBAC_Logic["Resource Access Check<br/>(IsOwner / IsTenantAdmin)"]
end
%% Isolated Storage
subgraph MasterDB["Shared Storage Engine"]
DB_Data[("Application Master Store<br/>(Isolated Logical Ledgers)")]
end
%% Flows
Req --> ClaimsContext
ClaimsContext ==>|"User Claims Scope"| ScopedDI
ScopedDI ==>|"Inject Tenant Context"| QueryFilter
QueryFilter ==>|"Filter Execution Path"| RBAC_Logic
RBAC_Logic -->|"Access Granted"| DB_Data
%% Dark Theme Styling Matrix
classDef clientClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef routeClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef validClass fill:#312e81,stroke:#ec4899,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef dbClass fill:#065f46,stroke:#10b981,stroke-width:2px,color:#fff,rx:6px,ry:6px;
class Browser,Req clientClass;
class Router,ClaimsContext,ScopedDI routeClass;
class ValidationEngine,QueryFilter,RBAC_Logic validClass;
class MasterDB,DB_Data dbClass;
Structural Security Mechanisms
1. Scoped Dependency Resolution
When an authenticated web request triggers, framework controllers initialize database contexts as scoped instances. The user claims object is mapped to the active execution context, preventing session data crossing.
2. Implicit Query Interception
To eliminate cross-tenant data leaking, database entity structures implement automated query filter overrides directly inside ApplicationDbContext.cs. This implicitly appends organization id conditions to every database query, ensuring customer read operations return only their workspace assets.
3. Cross-Project Access Enforcement
To modify document projects, the controller layer validates whether the user identity belongs to the project's authorized administrator array. Actions targeting unauthorized project IDs are rejected with persistent 403 Forbidden status errors.