We were working on a multi-tenant application using Umbraco. Umbraco supports the concept of membership, but its membership does not support multi-tenant in any manner. So, We were faced with the problem of how to address this issue. We saw three potential solutions:
- Use custom built membership
- Modify Umbraco’s Membership
- Choose a modern membership provider
We originally built our membership system back in about 2003. While it worked and might have been sufficient for some of the current requirements, it was clearly antiquated. It did not have support for many new features such as claims based authentication/authorization; federated identity, two factor authentication, etc. It had more than outlived its lifetime.
We could have modified Umbraco’s membership, but Umbraco’s membership also suffered from some of the same antiquities. It was a role based membership; not quite up-to-date with today’s claims based systems. Given this, it is quite likely that Umbraco may make changes to their membership in coming releases. If we modified Umbraco’s code, we would likely face future maintenance costs.
So, we decided to look around at some solutions for modern Asp.Net security that would support multi-tenant. After review a couple options, we settled on Brock Allen’s Membership Reboot. For a list of features for the Membership Reboot, see https://github.com/brockallen/BrockAllen.MembershipReboot/.
For many applications, we believe the Membership Reboot will work out of the box with minimal modification. For the integration with Umbraco multi-tenant, there were three primary tasks: dependency injection update, tenant configuration, and content integration. I will write about each of these in subsequent posts.