DEV Community: Luqman Bolajoko The latest articles on DEV Community by Luqman Bolajoko (@luqman_bolajoko). https://dev.to/luqman_bolajoko https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2067717%2F210c5fa7-7a68-438c-b511-5bb5ed410917.jpg DEV Community: Luqman Bolajoko https://dev.to/luqman_bolajoko en 🔥 What I Learned From OgaVenue’s Rise and Fall — And How IsabiVenues Is Doing It Differently Luqman Bolajoko Mon, 30 Jun 2025 08:50:15 +0000 https://dev.to/luqman_bolajoko/what-i-learned-from-ogavenues-rise-and-fall-and-how-isabivenues-is-doing-it-differently-4f0c https://dev.to/luqman_bolajoko/what-i-learned-from-ogavenues-rise-and-fall-and-how-isabivenues-is-doing-it-differently-4f0c <p>In Nigeria’s fast-growing event industry, one startup once stood out as the go-to for booking venues: OgaVenue. They had funding, visibility, and strong early traction. But despite a great idea and some early wins, the platform faded into obscurity.</p> <p>As the founder of <a href="https://dev.to%F0%9F%94%A5%20What%20I%20Learned%20From%20OgaVenue%E2%80%99s%20Rise%20and%20Fall%20%E2%80%94%20And%20How%20IsabiVenues%20Is%20Doing%20It%20Differently">IsabiVenues</a>, I’ve studied OgaVenue’s journey deeply. Why did it lose steam? What were the traps? And how do we build something more resilient for the Nigerian market?</p> <p>Here’s what I learned—and how we’re applying it to do better.</p> <p>❌ What Went Wrong With OgaVenue</p> <ol> <li><p>Users and Venue Owners Bypassed the Platform After discovering venues on OgaVenue, people often contacted the venue directly to avoid commissions. This killed their revenue engine.</p></li> <li><p>No Real-Time Booking The process wasn’t seamless. Users had to wait for manual confirmation. That’s friction—and friction loses customers.</p></li> <li><p>Venue Owners Were Not Fully Onboard Many venues just used the platform for passive leads but didn’t update availability, respond fast, or stay committed.</p></li> <li><p>No Strong Differentiator It became more of a directory than a platform—making it easy to be bypassed, ignored, or replaced.</p></li> <li><p>Nigeria-Specific Challenges From distrust of online payments to preference for face-to-face negotiation, the product didn’t adapt deeply enough to the local realities.</p></li> </ol> <p>✅ What We’re Doing Differently With IsabiVenues </p> <ol> <li><p>Exclusivity &amp; Incentives We’re partnering with venues to offer discounts, perks, and limited-time deals only available via IsabiVenue.</p></li> <li><p>True Real-Time Booking No waiting. We’re building a frictionless experience where users can view availability, book instantly, and pay securely.</p></li> <li><p>Tools for Venue Owners From dashboards and automated confirmations to lead tracking and analytics—we’re making venue owners love using IsabiVenue, not just tolerate it.</p></li> <li><p>Booking Protection &amp; Trust We’re introducing verified listings, secure payments, and cancellation protection. It’s not just about booking—it’s about peace of mind.</p></li> <li><p>Built for the Nigerian Market Our UX and messaging speak the local language—literally and culturally. We’re blending online booking with offline support, WhatsApp follow-ups, and more.</p></li> </ol> <p>💡 Final Thoughts</p> <p>OgaVenue walked so others could run. Their story is a goldmine of lessons—not a failure to laugh at, but a roadmap of what to do better.</p> <p>At IsabiVenues, we’re taking these insights seriously. Our goal is not just to build a website. It’s to build the future of venue booking in Nigeria, powered by trust, technology, and local understanding.</p> <p>If you're an investor, venue owner, or event planner who wants to be part of that journey—let's talk.</p> <p>hashtag#EventTech hashtag#IsabiVenues hashtag#StartupLessons hashtag#NigerianTech hashtag#MarketplaceStrategy hashtag#PMF hashtag#StartupAfrica hashtag#EventPlanning hashtag#FoundersJourney</p> Connecting NestJS and ASP.NET Core with gRPC: A Step-by-Step Guide Luqman Bolajoko Mon, 30 Sep 2024 07:09:53 +0000 https://dev.to/luqman_bolajoko/connecting-nestjs-and-aspnet-core-with-grpc-a-step-by-step-guide-bo1 https://dev.to/luqman_bolajoko/connecting-nestjs-and-aspnet-core-with-grpc-a-step-by-step-guide-bo1 <p>As microservices continue to grow in popularity, efficient communication between services becomes increasingly important. gRPC, a high-performance RPC framework, is ideal for such scenarios due to its support for language-agnostic, efficient binary serialization. In this article, we'll explore how to create a <strong>gRPC service in ASP.NET Core</strong> and consume it from a <strong>NestJS client</strong>.</p> <h3> <strong>1. Create the gRPC Service in ASP.NET Core</strong> </h3> <h4> <strong>Step 1: Set Up an ASP.NET Core gRPC Service</strong> </h4> <p>First, create a new <strong>ASP.NET Core gRPC Service</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet new grpc <span class="nt">-n</span> GrpcService <span class="nb">cd </span>GrpcService </code></pre> </div> <p>Ensure you have the following package in your <code>.csproj</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;PackageReference</span> <span class="na">Include=</span><span class="s">"Grpc.AspNetCore"</span> <span class="na">Version=</span><span class="s">"2.40.0"</span> <span class="nt">/&gt;</span> </code></pre> </div> <h4> <strong>Step 2: Define the gRPC Service in Proto File</strong> </h4> <p>In the <code>Protos</code> folder, define your gRPC service and messages using the <code>.proto</code> format.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight protobuf"><code><span class="na">syntax</span> <span class="o">=</span> <span class="s">"proto3"</span><span class="p">;</span> <span class="k">option</span> <span class="na">csharp_namespace</span> <span class="o">=</span> <span class="s">"GrpcService"</span><span class="p">;</span> <span class="kd">service</span> <span class="n">Greeter</span> <span class="p">{</span> <span class="k">rpc</span> <span class="n">SayHello</span> <span class="p">(</span><span class="n">HelloRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">HelloReply</span><span class="p">);</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">HelloRequest</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">name</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">HelloReply</span> <span class="p">{</span> <span class="kt">string</span> <span class="kd">message</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h4> <strong>Step 3: Implement the gRPC Service</strong> </h4> <p>Now, implement the gRPC service in C# by overriding the <code>SayHello</code> method defined in the <code>.proto</code> file. Create a <code>GreeterService.cs</code> in your project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">GreeterService</span> <span class="p">:</span> <span class="n">Greeter</span><span class="p">.</span><span class="n">GreeterBase</span> <span class="p">{</span> <span class="k">public</span> <span class="k">override</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">HelloReply</span><span class="p">&gt;</span> <span class="nf">SayHello</span><span class="p">(</span><span class="n">HelloRequest</span> <span class="n">request</span><span class="p">,</span> <span class="n">ServerCallContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">Task</span><span class="p">.</span><span class="nf">FromResult</span><span class="p">(</span><span class="k">new</span> <span class="n">HelloReply</span> <span class="p">{</span> <span class="n">Message</span> <span class="p">=</span> <span class="s">$"Hello, </span><span class="p">{</span><span class="n">request</span><span class="p">.</span><span class="n">Name</span><span class="p">}</span><span class="s">!"</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> <strong>Step 4: Configure ASP.NET Core for gRPC</strong> </h4> <p>In the <code>Startup.cs</code> file, configure your gRPC service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">void</span> <span class="nf">ConfigureServices</span><span class="p">(</span><span class="n">IServiceCollection</span> <span class="n">services</span><span class="p">)</span> <span class="p">{</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddGrpc</span><span class="p">();</span> <span class="p">}</span> <span class="k">public</span> <span class="k">void</span> <span class="nf">Configure</span><span class="p">(</span><span class="n">IApplicationBuilder</span> <span class="n">app</span><span class="p">,</span> <span class="n">IWebHostEnvironment</span> <span class="n">env</span><span class="p">)</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseRouting</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseEndpoints</span><span class="p">(</span><span class="n">endpoints</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">endpoints</span><span class="p">.</span><span class="n">MapGrpcService</span><span class="p">&lt;</span><span class="n">GreeterService</span><span class="p">&gt;();</span> <span class="c1">// For gRPC-Web support:</span> <span class="n">endpoints</span><span class="p">.</span><span class="nf">MapGrpcWeb</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Run the ASP.NET Core gRPC service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet run </code></pre> </div> <p>Now, your gRPC service is running on <code>https://localhost:5001</code>.</p> <h3> <strong>2. Connect to the ASP.NET Core gRPC Service from a NestJS Client</strong> </h3> <h4> <strong>Step 1: Set Up a NestJS Project</strong> </h4> <p>Create a new NestJS project to act as the client:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nest new grpc-client <span class="nb">cd </span>grpc-client </code></pre> </div> <h4> <strong>Step 2: Install gRPC and Protobuf Dependencies</strong> </h4> <p>To use gRPC in NestJS, you need to install the following dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @nestjs/microservices grpc @grpc/proto-loader </code></pre> </div> <h4> <strong>Step 3: Define the Proto File in NestJS</strong> </h4> <p>Copy the <code>.proto</code> file from the ASP.NET Core service and place it in the NestJS project, inside a <code>protos</code> folder. This ensures both the client and the server use the same contract.</p> <p>Your <code>protos/greet.proto</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight protobuf"><code><span class="na">syntax</span> <span class="o">=</span> <span class="s">"proto3"</span><span class="p">;</span> <span class="kd">service</span> <span class="n">Greeter</span> <span class="p">{</span> <span class="k">rpc</span> <span class="n">SayHello</span> <span class="p">(</span><span class="n">HelloRequest</span><span class="p">)</span> <span class="k">returns</span> <span class="p">(</span><span class="n">HelloReply</span><span class="p">);</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">HelloRequest</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">name</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">HelloReply</span> <span class="p">{</span> <span class="kt">string</span> <span class="kd">message</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h4> <strong>Step 4: Configure the NestJS gRPC Client</strong> </h4> <p>In your <code>app.module.ts</code>, set up the NestJS gRPC client to connect to the ASP.NET Core service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClientsModule</span><span class="p">,</span> <span class="nx">Transport</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/microservices</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">join</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppController</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app.controller</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app.service</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span> <span class="nx">ClientsModule</span><span class="p">.</span><span class="nf">register</span><span class="p">([</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GREETER_PACKAGE</span><span class="dl">'</span><span class="p">,</span> <span class="na">transport</span><span class="p">:</span> <span class="nx">Transport</span><span class="p">.</span><span class="nx">GRPC</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost:5001</span><span class="dl">'</span><span class="p">,</span> <span class="na">package</span><span class="p">:</span> <span class="dl">'</span><span class="s1">greeter</span><span class="dl">'</span><span class="p">,</span> <span class="na">protoPath</span><span class="p">:</span> <span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">./protos/greet.proto</span><span class="dl">'</span><span class="p">),</span> <span class="p">},</span> <span class="p">},</span> <span class="p">]),</span> <span class="p">],</span> <span class="na">controllers</span><span class="p">:</span> <span class="p">[</span><span class="nx">AppController</span><span class="p">],</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span><span class="nx">AppService</span><span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppModule</span> <span class="p">{}</span> </code></pre> </div> <h4> <strong>Step 5: Create the NestJS Service and Controller</strong> </h4> <p>Create the service that will call the gRPC method:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Injectable</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ClientGrpc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/microservices</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Observable</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">rxjs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">OnModuleInit</span><span class="p">,</span> <span class="nx">Inject</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">GreeterService</span> <span class="p">{</span> <span class="nf">sayHello</span><span class="p">(</span><span class="nx">data</span><span class="p">:</span> <span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}):</span> <span class="nx">Observable</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppService</span> <span class="k">implements</span> <span class="nx">OnModuleInit</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">greeterService</span><span class="p">:</span> <span class="nx">GreeterService</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(@</span><span class="nd">Inject</span><span class="p">(</span><span class="dl">'</span><span class="s1">GREETER_PACKAGE</span><span class="dl">'</span><span class="p">)</span> <span class="k">private</span> <span class="nx">client</span><span class="p">:</span> <span class="nx">ClientGrpc</span><span class="p">)</span> <span class="p">{}</span> <span class="nf">onModuleInit</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">greeterService</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nx">getService</span><span class="o">&lt;</span><span class="nx">GreeterService</span><span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">Greeter</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nf">sayHello</span><span class="p">(</span><span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">Observable</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">greeterService</span><span class="p">.</span><span class="nf">sayHello</span><span class="p">({</span> <span class="nx">name</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In your <code>app.controller.ts</code>, create an endpoint that consumes the gRPC service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span><span class="p">,</span> <span class="nx">Get</span><span class="p">,</span> <span class="nx">Query</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app.service</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Controller</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppController</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="nx">appService</span><span class="p">:</span> <span class="nx">AppService</span><span class="p">)</span> <span class="p">{}</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">hello</span><span class="dl">'</span><span class="p">)</span> <span class="nf">sayHello</span><span class="p">(@</span><span class="nd">Query</span><span class="p">(</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">)</span> <span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">appService</span><span class="p">.</span><span class="nf">sayHello</span><span class="p">(</span><span class="nx">name</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> <strong>Step 6: Run the NestJS Client</strong> </h4> <p>Start the NestJS client:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run start </code></pre> </div> <p>Now, you can call <code>http://localhost:3000/hello?name=NestJS</code> from a browser or Postman. The NestJS client will call the ASP.NET Core gRPC service, which responds with a greeting message.</p> <h3> <strong>Best Practices for Connecting gRPC Services Across Platforms</strong> </h3> <ol> <li> <strong>Shared Proto Files</strong>: Ensure that both services (ASP.NET Core and NestJS) use the same <code>.proto</code> file for compatibility.</li> <li> <strong>gRPC Communication</strong>: Since gRPC uses HTTP/2, make sure that both your client and server are running in environments that support HTTP/2.</li> <li> <strong>Security</strong>: Always use TLS (HTTPS) for gRPC communication, especially in production environments, to secure data transmission.</li> <li> <strong>Load Balancing</strong>: When scaling the ASP.NET Core gRPC service, implement load balancing mechanisms to distribute traffic efficiently.</li> <li> <strong>Error Handling</strong>: Handle gRPC errors properly, as they differ from traditional REST errors. Implement retry mechanisms and ensure that errors are communicated to clients clearly.</li> </ol> <h3> <strong>Conclusion</strong> </h3> <p>gRPC provides a powerful way to connect microservices across different platforms and languages. By using ASP.NET Core for the gRPC server and NestJS for the client, you can take advantage of gRPC’s performance and binary serialization to build fast, scalable, and reliable APIs.</p> <p>Whether you're building a distributed system or integrating different services, <strong>gRPC</strong> offers an efficient communication model that scales well for both simple and complex use cases. Try it out in your next project and experience the power of cross-platform microservices!</p> nestjs aspnetcore grpc webdev Implementing ASP.NET Identity for a Multi-Tenant Application: Best Practices Luqman Bolajoko Mon, 23 Sep 2024 09:57:22 +0000 https://dev.to/luqman_bolajoko/implementing-aspnet-identity-for-a-multi-tenant-application-best-practices-4an6 https://dev.to/luqman_bolajoko/implementing-aspnet-identity-for-a-multi-tenant-application-best-practices-4an6 <p>Building a <strong>multi-tenant application</strong> presents unique challenges, especially when it comes to managing user authentication and authorization across multiple tenants. In this article, I’ll walk you through how to implement <strong>ASP.NET Identity</strong> in a multi-tenant environment while following best practices to ensure scalability, security, and maintainability.</p> <h3> <strong>What is a Multi-Tenant Application?</strong> </h3> <p>A multi-tenant application allows multiple organizations (tenants) to use the same instance of an application, with each tenant’s data isolated from others. This architecture is efficient for scaling and cost-sharing but requires special consideration when handling user authentication and authorization.</p> <h3> <strong>Setting up ASP.NET Identity for Multi-Tenancy</strong> </h3> <p>ASP.NET Identity is a flexible framework for handling authentication and user management. To adapt it for a multi-tenant setup, you need to:</p> <ol> <li> <strong>Identify and differentiate tenants</strong> in your user store.</li> <li> <strong>Isolate user data</strong> so each tenant only sees its own users.</li> <li>Implement <strong>custom authentication and role management</strong> tailored to each tenant.</li> </ol> <h3> <strong>Step 1: Modify the User Model to Support Multi-Tenancy</strong> </h3> <p>In a multi-tenant app, each user must be associated with a specific tenant. You can modify the ASP.NET Identity <strong>User</strong> model by adding a <code>TenantId</code> property to track the tenant a user belongs to.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ApplicationUser</span> <span class="p">:</span> <span class="n">IdentityUser</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">TenantId</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Step 2: Extend IdentityDbContext to Handle Tenant Data</strong> </h3> <p>Next, extend the <code>IdentityDbContext</code> to support tenant-specific data by ensuring that queries are filtered based on the <code>TenantId</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ApplicationDbContext</span> <span class="p">:</span> <span class="n">IdentityDbContext</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">ApplicationDbContext</span><span class="p">(</span><span class="n">DbContextOptions</span><span class="p">&lt;</span><span class="n">ApplicationDbContext</span><span class="p">&gt;</span> <span class="n">options</span><span class="p">)</span> <span class="p">:</span> <span class="k">base</span><span class="p">(</span><span class="n">options</span><span class="p">)</span> <span class="p">{</span> <span class="p">}</span> <span class="k">protected</span> <span class="k">override</span> <span class="k">void</span> <span class="nf">OnModelCreating</span><span class="p">(</span><span class="n">ModelBuilder</span> <span class="n">builder</span><span class="p">)</span> <span class="p">{</span> <span class="k">base</span><span class="p">.</span><span class="nf">OnModelCreating</span><span class="p">(</span><span class="n">builder</span><span class="p">);</span> <span class="c1">// Add a global query filter to isolate data by tenant</span> <span class="n">builder</span><span class="p">.</span><span class="n">Entity</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;().</span><span class="nf">HasQueryFilter</span><span class="p">(</span><span class="n">u</span> <span class="p">=&gt;</span> <span class="n">u</span><span class="p">.</span><span class="n">TenantId</span> <span class="p">==</span> <span class="nf">GetCurrentTenantId</span><span class="p">());</span> <span class="p">}</span> <span class="k">private</span> <span class="kt">string</span> <span class="nf">GetCurrentTenantId</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Implement logic to retrieve the current tenant's ID, e.g., from the request or context</span> <span class="k">return</span> <span class="n">TenantResolver</span><span class="p">.</span><span class="nf">ResolveTenantId</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Step 3: Tenant Resolution</strong> </h3> <p>To ensure that each user is associated with the correct tenant, you'll need a <strong>tenant resolver</strong> to determine which tenant the current request is related to. This can be based on the subdomain, a URL segment, or a custom header.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">static</span> <span class="k">class</span> <span class="nc">TenantResolver</span> <span class="p">{</span> <span class="k">public</span> <span class="k">static</span> <span class="kt">string</span> <span class="nf">ResolveTenantId</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Example: Resolve tenant from subdomain or URL segment</span> <span class="kt">var</span> <span class="n">host</span> <span class="p">=</span> <span class="n">HttpContext</span><span class="p">.</span><span class="n">Current</span><span class="p">.</span><span class="n">Request</span><span class="p">.</span><span class="n">Host</span><span class="p">.</span><span class="n">Value</span><span class="p">;</span> <span class="k">return</span> <span class="n">host</span><span class="p">.</span><span class="nf">Split</span><span class="p">(</span><span class="sc">'.'</span><span class="p">)[</span><span class="m">0</span><span class="p">];</span> <span class="c1">// Assuming subdomain is used for tenant identification</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Step 4: Configure Authentication</strong> </h3> <p>In a multi-tenant application, it's essential to ensure that users can only authenticate with their tenant-specific credentials. Customize the <strong>login logic</strong> to check for the <code>TenantId</code> during authentication.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">CustomSignInManager</span> <span class="p">:</span> <span class="n">SignInManager</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">CustomSignInManager</span><span class="p">(</span><span class="n">UserManager</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;</span> <span class="n">userManager</span><span class="p">,</span> <span class="n">IHttpContextAccessor</span> <span class="n">contextAccessor</span><span class="p">,</span> <span class="n">IUserClaimsPrincipalFactory</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;</span> <span class="n">claimsFactory</span><span class="p">,</span> <span class="n">IOptions</span><span class="p">&lt;</span><span class="n">IdentityOptions</span><span class="p">&gt;</span> <span class="n">optionsAccessor</span><span class="p">,</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">SignInManager</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;&gt;</span> <span class="n">logger</span><span class="p">,</span> <span class="n">IAuthenticationSchemeProvider</span> <span class="n">schemes</span><span class="p">,</span> <span class="n">IUserConfirmation</span><span class="p">&lt;</span><span class="n">ApplicationUser</span><span class="p">&gt;</span> <span class="n">confirmation</span><span class="p">)</span> <span class="p">:</span> <span class="k">base</span><span class="p">(</span><span class="n">userManager</span><span class="p">,</span> <span class="n">contextAccessor</span><span class="p">,</span> <span class="n">claimsFactory</span><span class="p">,</span> <span class="n">optionsAccessor</span><span class="p">,</span> <span class="n">logger</span><span class="p">,</span> <span class="n">schemes</span><span class="p">,</span> <span class="n">confirmation</span><span class="p">)</span> <span class="p">{</span> <span class="p">}</span> <span class="k">public</span> <span class="k">override</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">SignInResult</span><span class="p">&gt;</span> <span class="nf">PasswordSignInAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">userName</span><span class="p">,</span> <span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">bool</span> <span class="n">isPersistent</span><span class="p">,</span> <span class="kt">bool</span> <span class="n">lockoutOnFailure</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Resolve tenant before signing in</span> <span class="kt">var</span> <span class="n">tenantId</span> <span class="p">=</span> <span class="n">TenantResolver</span><span class="p">.</span><span class="nf">ResolveTenantId</span><span class="p">();</span> <span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="k">await</span> <span class="n">UserManager</span><span class="p">.</span><span class="nf">FindByNameAsync</span><span class="p">(</span><span class="n">userName</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">user</span> <span class="p">==</span> <span class="k">null</span> <span class="p">||</span> <span class="n">user</span><span class="p">.</span><span class="n">TenantId</span> <span class="p">!=</span> <span class="n">tenantId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">SignInResult</span><span class="p">.</span><span class="n">Failed</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="k">base</span><span class="p">.</span><span class="nf">PasswordSignInAsync</span><span class="p">(</span><span class="n">userName</span><span class="p">,</span> <span class="n">password</span><span class="p">,</span> <span class="n">isPersistent</span><span class="p">,</span> <span class="n">lockoutOnFailure</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Step 5: Role-Based Access Control (RBAC) by Tenant</strong> </h3> <p>Each tenant may have its own set of roles and permissions. Modify your role model to include a <code>TenantId</code> and adjust role checks to account for the current tenant.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ApplicationRole</span> <span class="p">:</span> <span class="n">IdentityRole</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">TenantId</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Step 6: Secure Data Access</strong> </h3> <p>With multi-tenant applications, data isolation is crucial. In addition to securing authentication and authorization, ensure that users can only access tenant-specific data. Apply global query filters in your <strong>DbContext</strong> or use repository patterns to filter data based on the current <code>TenantId</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">UserRepository</span> <span class="p">:</span> <span class="n">IUserRepository</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ApplicationDbContext</span> <span class="n">_context</span><span class="p">;</span> <span class="k">public</span> <span class="nf">UserRepository</span><span class="p">(</span><span class="n">ApplicationDbContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span> <span class="n">_context</span> <span class="p">=</span> <span class="n">context</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">IQueryable</span><span class="p">&lt;</span><span class="n">User</span><span class="p">&gt;</span> <span class="nf">GetUsers</span><span class="p">()</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">tenantId</span> <span class="p">=</span> <span class="n">TenantResolver</span><span class="p">.</span><span class="nf">ResolveTenantId</span><span class="p">();</span> <span class="k">return</span> <span class="n">_context</span><span class="p">.</span><span class="n">Users</span><span class="p">.</span><span class="nf">Where</span><span class="p">(</span><span class="n">u</span> <span class="p">=&gt;</span> <span class="n">u</span><span class="p">.</span><span class="n">TenantId</span> <span class="p">==</span> <span class="n">tenantId</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Step 7: Testing Multi-Tenancy</strong> </h3> <p>When testing a multi-tenant app, ensure you:</p> <ul> <li>Test login and authentication for multiple tenants.</li> <li>Ensure users and roles are properly isolated across tenants.</li> <li>Verify data is accessible only to authorized tenants.</li> </ul> <p>Using unit tests and integration tests, mock tenant resolution and ensure tenant-specific logic is applied.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">TestMethod</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">User_Should_Only_See_Tenant_Data</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Arrange</span> <span class="kt">var</span> <span class="n">tenantId</span> <span class="p">=</span> <span class="s">"tenant_1"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">tenantUser</span> <span class="p">=</span> <span class="k">new</span> <span class="n">ApplicationUser</span> <span class="p">{</span> <span class="n">UserName</span> <span class="p">=</span> <span class="s">"user1"</span><span class="p">,</span> <span class="n">TenantId</span> <span class="p">=</span> <span class="n">tenantId</span> <span class="p">};</span> <span class="c1">// Act</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_signInManager</span><span class="p">.</span><span class="nf">PasswordSignInAsync</span><span class="p">(</span><span class="n">tenantUser</span><span class="p">.</span><span class="n">UserName</span><span class="p">,</span> <span class="s">"password"</span><span class="p">,</span> <span class="k">false</span><span class="p">,</span> <span class="k">false</span><span class="p">);</span> <span class="c1">// Assert</span> <span class="n">Assert</span><span class="p">.</span><span class="nf">AreEqual</span><span class="p">(</span><span class="n">SignInResult</span><span class="p">.</span><span class="n">Success</span><span class="p">,</span> <span class="n">result</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Best Practices Recap</strong> </h3> <ul> <li> <strong>Isolate User and Role Data</strong>: Ensure that users, roles, and permissions are scoped to specific tenants.</li> <li> <strong>Global Query Filters</strong>: Use query filters to automatically scope data access to the correct tenant.</li> <li> <strong>Tenant Resolution</strong>: Implement a robust tenant resolution strategy based on subdomains, URL segments, or custom headers.</li> <li> <strong>Custom Authentication</strong>: Customize the authentication process to include tenant checks.</li> <li> <strong>Test Thoroughly</strong>: Always test your application in multi-tenant scenarios to avoid security and data leakage issues.</li> </ul> <h3> <strong>Conclusion</strong> </h3> <p>Implementing ASP.NET Identity in a multi-tenant environment can be challenging, but with the right practices, you can ensure scalability, security, and data isolation. By following the steps outlined in this guide, you'll be able to build a robust multi-tenant identity management system tailored to the needs of each tenant.</p> <p>Let me know if you’ve encountered similar challenges or have other best practices for multi-tenant applications. I'd love to hear your thoughts in the comments!</p> webdev multitenancy aspnetcore identity Best Practices for Building .NET Core Web APIs Luqman Bolajoko Sat, 14 Sep 2024 14:40:33 +0000 https://dev.to/luqman_bolajoko/best-practices-for-building-net-core-web-apis-5hc1 https://dev.to/luqman_bolajoko/best-practices-for-building-net-core-web-apis-5hc1 <p>When building APIs in .NET Core, ensuring they are efficient, secure, scalable, and easy to maintain is crucial. In this post, I’ll walk through some best practices for building <strong>.NET Core Web APIs</strong>, covering areas such as performance, security, and maintainability.</p> <h3> <strong>1. Leverage Dependency Injection</strong> </h3> <p>One of the biggest advantages of .NET Core is its built-in <strong>Dependency Injection (DI)</strong> support. DI helps in managing service lifetimes and reducing tight coupling between components. Use it to inject dependencies such as services, repositories, and other layers into your controllers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">void</span> <span class="nf">ConfigureServices</span><span class="p">(</span><span class="n">IServiceCollection</span> <span class="n">services</span><span class="p">)</span> <span class="p">{</span> <span class="n">services</span><span class="p">.</span><span class="n">AddScoped</span><span class="p">&lt;</span><span class="n">IMyService</span><span class="p">,</span> <span class="n">MyService</span><span class="p">&gt;();</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>2. Follow RESTful Principles</strong> </h3> <p>Ensure your APIs follow standard RESTful conventions. Use proper HTTP methods (GET, POST, PUT, DELETE) for operations and return appropriate status codes (200 for success, 404 for not found, 201 for created, etc.).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"{id}"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">GetUser</span><span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_userService</span><span class="p">.</span><span class="nf">GetUserAsync</span><span class="p">(</span><span class="n">id</span><span class="p">);</span> <span class="k">return</span> <span class="n">user</span> <span class="p">==</span> <span class="k">null</span> <span class="p">?</span> <span class="nf">NotFound</span><span class="p">()</span> <span class="p">:</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">user</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>3. Secure Your API</strong> </h3> <p>Security is critical. Always use <strong>HTTPS</strong> to encrypt communication between the client and server. Implement <strong>JWT</strong> (JSON Web Token) for authentication and authorization, allowing only authenticated users to access specific endpoints.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">Authorize</span><span class="p">]</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"secure-data"</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">GetSecureData</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="s">"This data is secured!"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>4. Centralize Error Handling</strong> </h3> <p>Use <strong>Middleware</strong> for centralized exception handling to ensure that errors are consistently handled across your API. This approach simplifies your controllers and keeps the error-handling logic separate.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">ErrorHandlingMiddleware</span> <span class="p">{</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">Invoke</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">RequestDelegate</span> <span class="n">next</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">next</span><span class="p">(</span><span class="n">context</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">HandleExceptionAsync</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">ex</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">private</span> <span class="k">static</span> <span class="n">Task</span> <span class="nf">HandleExceptionAsync</span><span class="p">(</span><span class="n">HttpContext</span> <span class="n">context</span><span class="p">,</span> <span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="n">StatusCode</span> <span class="p">=</span> <span class="m">500</span><span class="p">;</span> <span class="k">return</span> <span class="n">context</span><span class="p">.</span><span class="n">Response</span><span class="p">.</span><span class="nf">WriteAsync</span><span class="p">(</span><span class="n">ex</span><span class="p">.</span><span class="n">Message</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>5. Use Data Transfer Objects (DTOs)</strong> </h3> <p>DTOs help manage the data flow between your client and server, ensuring that only required fields are exposed and minimizing data transfer size. They also prevent over-posting and under-posting attacks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">UserDto</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Name</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Email</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>6. API Versioning</strong> </h3> <p>Over time, your API will evolve, and breaking changes may occur. Use <strong>API versioning</strong> to maintain backward compatibility and ensure clients can continue using older versions without breaking.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">ApiVersion</span><span class="p">(</span><span class="s">"1.0"</span><span class="p">)]</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"api/v{version:apiVersion}/[controller]"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="p">[</span><span class="n">HttpGet</span><span class="p">]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">GetV1</span><span class="p">()</span> <span class="p">=&gt;</span> <span class="nf">Ok</span><span class="p">(</span><span class="s">"Version 1"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>7. Enable Caching for Better Performance</strong> </h3> <p>For APIs that return frequently requested data, implement caching to reduce server load and improve response times. You can use <strong>In-Memory Cache</strong> or <strong>Distributed Cache</strong> depending on your needs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">ResponseCache</span><span class="p">(</span><span class="n">Duration</span> <span class="p">=</span> <span class="m">60</span><span class="p">)]</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"{id}"</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">GetCachedUser</span><span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="n">_userService</span><span class="p">.</span><span class="nf">GetUser</span><span class="p">(</span><span class="n">id</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">user</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>8. Log Everything</strong> </h3> <p>Logging is essential for monitoring and debugging APIs in production. Use libraries like <strong>Serilog</strong> or <strong>NLog</strong> to track requests, responses, and errors. Structured logging makes it easier to search and analyze logs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">MyService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">MyService</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">MyService</span><span class="p">(</span><span class="n">ILogger</span><span class="p">&lt;</span><span class="n">MyService</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">void</span> <span class="nf">Process</span><span class="p">()</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Processing request at {Time}"</span><span class="p">,</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>9. Validate Incoming Data</strong> </h3> <p>Use <strong>Data Annotations</strong> or <strong>Fluent Validation</strong> to validate user input and ensure data integrity. Validation should occur at the API boundary to prevent invalid data from flowing through the system.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">UserDto</span> <span class="p">{</span> <span class="p">[</span><span class="n">Required</span><span class="p">]</span> <span class="p">[</span><span class="nf">StringLength</span><span class="p">(</span><span class="m">50</span><span class="p">,</span> <span class="n">MinimumLength</span> <span class="p">=</span> <span class="m">2</span><span class="p">)]</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Name</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="n">EmailAddress</span><span class="p">]</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Email</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>10. Implement Pagination and Filtering</strong> </h3> <p>For large datasets, implement pagination and filtering to avoid sending too much data in a single request. This approach improves performance and provides a better user experience.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">HttpGet</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">GetUsers</span><span class="p">([</span><span class="n">FromQuery</span><span class="p">]</span> <span class="kt">int</span> <span class="n">pageNumber</span> <span class="p">=</span> <span class="m">1</span><span class="p">,</span> <span class="p">[</span><span class="n">FromQuery</span><span class="p">]</span> <span class="kt">int</span> <span class="n">pageSize</span> <span class="p">=</span> <span class="m">10</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">users</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_userService</span><span class="p">.</span><span class="nf">GetUsersAsync</span><span class="p">(</span><span class="n">pageNumber</span><span class="p">,</span> <span class="n">pageSize</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">users</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>11. Use Async/Await for Non-Blocking Operations</strong> </h3> <p>To improve scalability and responsiveness, always use asynchronous methods for I/O-bound operations. This prevents blocking threads while waiting for external resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">GetUser</span><span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_userService</span><span class="p">.</span><span class="nf">GetUserByIdAsync</span><span class="p">(</span><span class="n">id</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">user</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>12. Add Swagger for API Documentation</strong> </h3> <p>Use <strong>Swagger</strong> to generate interactive API documentation. It allows developers to easily explore your API’s endpoints, see request/response formats, and test the API in real-time.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">void</span> <span class="nf">ConfigureServices</span><span class="p">(</span><span class="n">IServiceCollection</span> <span class="n">services</span><span class="p">)</span> <span class="p">{</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddSwaggerGen</span><span class="p">(</span><span class="n">c</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">c</span><span class="p">.</span><span class="nf">SwaggerDoc</span><span class="p">(</span><span class="s">"v1"</span><span class="p">,</span> <span class="k">new</span> <span class="n">OpenApiInfo</span> <span class="p">{</span> <span class="n">Title</span> <span class="p">=</span> <span class="s">"My API"</span><span class="p">,</span> <span class="n">Version</span> <span class="p">=</span> <span class="s">"v1"</span> <span class="p">});</span> <span class="p">});</span> <span class="p">}</span> <span class="k">public</span> <span class="k">void</span> <span class="nf">Configure</span><span class="p">(</span><span class="n">IApplicationBuilder</span> <span class="n">app</span><span class="p">,</span> <span class="n">IWebHostEnvironment</span> <span class="n">env</span><span class="p">)</span> <span class="p">{</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseSwagger</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseSwaggerUI</span><span class="p">(</span><span class="n">c</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">c</span><span class="p">.</span><span class="nf">SwaggerEndpoint</span><span class="p">(</span><span class="s">"/swagger/v1/swagger.json"</span><span class="p">,</span> <span class="s">"My API V1"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Conclusion</strong> </h3> <p>These best practices for <strong>.NET Core Web APIs</strong> ensure that your application is secure, performant, and scalable. Whether you’re building small APIs or enterprise-level systems, these tips will help make your codebase more maintainable and easier to work with.</p> <p>Do you have other tips for improving .NET Core APIs? Drop them in the comments below!</p> webdev programming api dotnet Building a Scalable Multi-Tenant Community Management System with ASP.NET and Angular Luqman Bolajoko Fri, 13 Sep 2024 10:13:23 +0000 https://dev.to/luqman_bolajoko/building-a-scalable-multi-tenant-community-management-system-with-aspnet-and-angular-3jgk https://dev.to/luqman_bolajoko/building-a-scalable-multi-tenant-community-management-system-with-aspnet-and-angular-3jgk <h2> Introduction </h2> <p>Managing multiple communities from a single platform can be a daunting task, especially when data isolation, user roles, and performance are critical requirements. In this post, I’ll take you through how I built Community Hub, a multi-tenant community management system using ASP.NET and Angular. The goal was to create a platform that allowed administrators to efficiently manage multiple communities with separate users, events, and reports, while ensuring system scalability and security.</p> <h2> Why Multi-Tenancy? </h2> <p>Multi-tenancy allows a single software application to serve multiple tenants (in this case, communities) with data isolation and different user roles. This design is cost-effective, scalable, and ideal for businesses and organizations managing several independent groups.</p> <p>In Community Hub, each tenant is a distinct community that can manage its members, events, and resources independently. This setup ensures that data from one tenant never interferes with another while maintaining performance as the number of communities grows.</p> <h2> Tech Stack </h2> <p>Backend: ASP.NET Core for building scalable web services and APIs.<br> Frontend: Angular for a responsive user interface.<br> Database: SQL Server with multi-tenant support using row-level security.<br> Authentication: JWT for secure access control across tenants.<br> Implementing the Core Features</p> <h2> Designing a Multi-Tenant Architecture </h2> <p>The core challenge was creating a system where each tenant (community) could operate independently while sharing the same infrastructure. I implemented multi-tenancy using a shared schema approach, where each database table contains a TenantID column. This ensures that data is scoped to the correct tenant by filtering queries based on the tenant's ID.</p> <h2> Role-Based Access Control (RBAC) </h2> <p>Each tenant has its own set of users with distinct roles like Admins, Leaders, and Members. I used ASP.NET Identity to manage role-based access control, ensuring that each user has appropriate permissions based on their role within the community.</p> <h2> Optimizing Performance for Multiple Tenants </h2> <p>As the number of tenants grows, performance can become a bottleneck. To address this, I optimized database queries using indexing and caching. These optimizations reduced response times and ensured that the application could handle higher loads without sacrificing performance.</p> <h2> Challenges Faced and Solutions </h2> <p>Data Isolation Across Tenants<br> The primary challenge was ensuring that data from one tenant never leaked into another tenant’s workspace. By using TenantID filtering on all database queries, I achieved complete data isolation.</p> <h2> Maintaining Performance at Scale </h2> <p>As the system grew, handling a large number of tenants required further performance optimizations. I implemented database sharding and distributed caching to ensure that frequently accessed data was retrieved quickly, reducing server load and improving user experience.</p> <h2> Conclusion </h2> <p>Building a scalable multi-tenant platform like Community Hub involves careful planning around data architecture, user roles, and performance optimization. ASP.NET and Angular provided the perfect combination of scalability and security for this project.</p> <p>If you’re looking to build a similar multi-tenant system or have any questions, feel free to reach out or leave a comment below!</p> aspdotnet multitenancy performance angular