Multi-Tenant Identity Boundaries

Multi-Tenant Identity Boundaries

To guarantee complete workspace confidentiality, Asterisk 2 implements robust multi-tenant data segregation. The solution enforces isolation bounds programmatically at the Entity Framework core access layer, ensuring tenant organization operations never leak context.


Tenant Authorization & Data Segregation Logic

The diagram below details how user identity requests map securely to organization database limits:

graph LR
    %% User Access
    subgraph Browser["Client Workspace Context"]
        Req["Inbound Action Request<br/>(Targeting Project Id / Slug)"]
    end

    %% Routing & Injection
    subgraph Router["ASP.NET Core Middleware"]
        ClaimsContext["Claims Principal Engine<br/>(Extracts User Identity)"]
        ScopedDI["Dependency Resolver<br/>(Instantiates Scoped EF Provider)"]
    end

    %% Security Engine
    subgraph ValidationEngine["Database Validation Boundary"]
        QueryFilter["EF Core Global Query Filters<br/>(Where e.OrgId == User.OrgId)"]
        RBAC_Logic["Resource Access Check<br/>(IsOwner / IsTenantAdmin)"]
    end

    %% Isolated Storage
    subgraph MasterDB["Shared Storage Engine"]
        DB_Data[("Application Master Store<br/>(Isolated Logical Ledgers)")]
    end

    %% Flows
    Req --> ClaimsContext
    ClaimsContext ==>|"User Claims Scope"| ScopedDI
    ScopedDI ==>|"Inject Tenant Context"| QueryFilter
    QueryFilter ==>|"Filter Execution Path"| RBAC_Logic
    RBAC_Logic -->|"Access Granted"| DB_Data

    %% Dark Theme Styling Matrix
    classDef clientClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef routeClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef validClass fill:#312e81,stroke:#ec4899,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef dbClass fill:#065f46,stroke:#10b981,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class Browser,Req clientClass;
    class Router,ClaimsContext,ScopedDI routeClass;
    class ValidationEngine,QueryFilter,RBAC_Logic validClass;
    class MasterDB,DB_Data dbClass;

Structural Security Mechanisms

1. Scoped Dependency Resolution

When an authenticated web request triggers, framework controllers initialize database contexts as scoped instances. The user claims object is mapped to the active execution context, preventing session data crossing.

2. Implicit Query Interception

To eliminate cross-tenant data leaking, database entity structures implement automated query filter overrides directly inside ApplicationDbContext.cs. This implicitly appends organization id conditions to every database query, ensuring customer read operations return only their workspace assets.

3. Cross-Project Access Enforcement

To modify document projects, the controller layer validates whether the user identity belongs to the project's authorized administrator array. Actions targeting unauthorized project IDs are rejected with persistent 403 Forbidden status errors.