Multi Tenanting the application gets down my application speed in asp.net mvc

Question

0.00/5 (No votes)

See more:

I have an ASP.NET MVC application for accounting in which I want to use a single application a different database in respect to each user.

What I have done for this-

I have created an common database which handle each users's login detail and users database connection string and one another database for all the rest work.

I store connection string in catch with user's user id and each time when call an action I get this catch in the constructor and replace default connection string parameter with this.

This process is working fine but 2 things I have found which are;

This is very unprofessional
This gets down the speed of my application(I mean if i use single application for each user with static connection string and no catch for connection string the application works pretty cool and faster but when i use this process speed gets too slower like speed decreased to 200%).
Here Is the Code for which i used to save the Connection string in Cookie

C#

var userCookie = new HttpCookie("ConnectionString", sxs.clinicConnectionString);
                    userCookie.Expires.AddDays(365);
                    HttpContext.Response.SetCookie(userCookie);

Connection string in web.config which i use.

HTML

<add name="AppConnection"
      connectionString="Data Source=Server-Name;
                      Initial Catalog=#hss#;
                      User ID=username; Password='password'; MultipleActiveResultSets=true;"
                        providerName="System.Data.SqlClient"/>

Now Finally i use this code in Controller's Constructor to replace the database name in web.config connection string so i can get the database access for the respected user.

C#

string ConnectionString = System.Web.HttpContext.Current.Request.Cookies["ConnectionString"].Value.ToString();
        var conString = System.Configuration.ConfigurationManager.ConnectionStrings["AppConnection"];
        string conssss = conString.ConnectionString.ToString();
        string fx = conssss.Replace("#hss#", ConnectionString.ToString());
        context = new AppContext(fx);

I also cookied the username and queried In all constructor to get database name from the Master Database. But the main point is it's slowing down my application speed. using both approaches my application speed went worst... So how can i improve that. Before Tenanting or using single database and single application also for each respective user the application speed was great

Posted 1-Jun-15 23:33pm

Rameshwar Trivedi

Add a Solution

Comments

F-ES Sitecore 2-Jun-15 5:56am

I can't see how this is going to slow down your site unless you have hundreds and hundreds of different concurrent users. As you have a different connection string per user you'll not get as much leverage from connection pooling as when you had a single connection.

What I can say, however, is that this is terrible for security. If you did this in the UK (where I am) you would actually be breaking the law.

Rameshwar Trivedi 3-Jun-15 9:00am

You mean Multi Tenanting application is Law breaking in UK. I mean it is because i have used cookie.
I mean how it can be terrible for security.I can't understand that. Yeah I know cookie can be thifed but this is what all Website even like (GMail,Facebook,Amazon etc) uses.

Its all depends on the user?

Please if you clear that point. I will be very thankful to you.

F-ES Sitecore 3-Jun-15 9:26am

What I mean is that you are storing the database name in a cookie. If I know (or am able to guess) someone else's database name then I just update my cookie and can see their accounts information. Such lax security would not be deemed sufficient protection for your users and you'd be considered in breach of our Data Protection Act.

The difference with gmail etc is that the cookie doesn't just contain your email address or some other piece of single, guessable information. You'd literally need that logged in user's cookie as it contains session information too that the cookie isn't valid without. With your code I don't need access to anyone's cookies, I just need to know their database name.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)