We recently added multi-tenancy support to the social login system in our ASP.NET Zero project. ASP.NET Zero supports Facebook, Google, Microsoft, Twitter, OpenId Connect and WsFederation login options. Normally social logins do not support multi-tenancy by default. In this article, I will show you how to set these social login options per tenant.

First of all, What is Multi-Tenancy?

“Software Multitenancy refers to a software architecture in which a single instance of a software runs on a server and serves multiple tenants. A tenant is a group of users who share common access with specific privileges to the software instance. With a multitenant architecture, a software application is designed to provide every tenant a dedicated share of the instance including its data, configuration, user management, tenant individual functionality, and non-functional properties. Multitenancy contrasts with multi-instance architectures, where separate software instances operate on behalf of different tenants” (Wikipedia)

All social logins store settings in options. And uses IOptionMonitor to get current settings.

For example, Facebook stores login settings in FacebookOptions option. And uses IOptionsMonitor

public class FacebookHandler : OAuthHandler<FacebookOptions>
        public FacebookHandler(IOptionsMonitor<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
            : base(options, logger, encoder, clock)
        { }

(See: here)

That's why we should create a class that we can replace with IOptionsMonitor .

Since all of our social logins will need the same patter I will create an abstract class that inherits OptionMonitor, then I will inherit that abstract class for all of the social logins.

After that, we can create tenant-based option providers.


For Facebook, you should store AppId and AppSecret by the tenant.

Then we can create TenantBasedFacebookOptions

Here is the key point. Before you add Facebook authentication builder, you have to implement IOptionsMonitor with TenantBasedFacebookOptions as a singleton.


Then your project will support tenant-based social login settings. Your host and tenants can change their settings in runtime. Your application will work with current settings.




OpenID Connect


Thanks for reading. Please share your thoughts on this article in the comment section below. 😊

Read More:

  1. Real-Time Messaging In A Distributed Architecture Using ABP, SignalR & RabbitMQ
  2. ASP.NET Core 3.1 Webhook Implementation Using Pub/Sub
  3. Using Azure Key Vault with ASP.NET Core