Multi-Tenancy Integration Guide (.NET)
Follow the five-step integration guide below.
Step 1: Install the package
Multi-Tenancy is included in Identity Validator:
dotnet add package PrimusSaaS.Identity.Validator
Step 2: Configure Program.cs and middleware
using PrimusSaaS.Identity.Validator;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddPrimusIdentity(opts =>
{
builder.Configuration.GetSection("PrimusIdentity").Bind(opts);
// Map tenant context from token claims
opts.TenantResolver = claims => new TenantContext
{
TenantId = claims.Get("tid") ?? claims.Get("tenant_id") ?? "default"
};
});
var app = builder.Build();
app.UseAuthentication();
app.UsePrimusTenantIsolation();
app.UseAuthorization();
app.MapControllers();
app.Run();
Step 3: Configure appsettings.json
{
"PrimusIdentity": {
"Issuers": [
{
"Name": "AzureAD",
"Type": "AzureAD",
"Authority": "https://login.microsoftonline.com/YOUR-TENANT-ID/v2.0",
"Issuer": "https://login.microsoftonline.com/YOUR-TENANT-ID/v2.0",
"Audiences": [ "api://your-client-id" ]
}
]
}
}
How to get configuration values
- Use the same
PrimusIdentityissuer configuration you already use for authentication. - The tenant resolver runs against token claims. Common claim names are
tid,tenant_id, ororg_id.
Step 4: Configure endpoint
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
[ApiController]
[Route("api/data")]
public class DataController : ControllerBase
{
[HttpGet]
[Authorize]
public IActionResult GetData()
{
var tenantId = HttpContext.GetTenantId();
return Ok(new { tenantId, message = $"Data for tenant {tenantId}" });
}
}
Step 5: Test the endpoint
curl -H "Authorization: Bearer <JWT_WITH_TENANT_CLAIM>" \
http://localhost:5000/api/data
You should see the resolved tenant in the response.