Build a multi-tenant CRM RESTful API service on ASP.NET Core Web API

We’re going to progressively build a simple multi-tenant CRM RESTful API service with support for both individual and team accounts.

Create the SuperCRM project

Let’s create the SuperCRM project using the ASPSecurityKit’s API template for ASP.NET Core. We’ll use the DotNet New command to initialize the project with API template:

  1. Open command prompt and execute the following command to install the ASK’s templates package:
dotnet new -i ASPSecurityKit.Templates
  1. Create the project using the API template in the specified folder:
dotnet new askapi -n SuperCRM -o "D:\My Projects\SuperCRM"

Note

If you see an error message "The post action ac1156f7-bb77-4db8-b28f-24eebcca1e54 is not supported." after 'dotnet restore' succeeds, just ignore it. As of this writing, we see this error message with .NET 6 (preview); it's incorrectly processing the Display Manual Instructions action.

You can now open the project in Visual Studio from D:\My Projects\SuperCRM\SuperCRM.csproj.

What’s inside the project?

ASPSecurityKit.NetCore Nuget package

The ASPSecurityKit.NetCore NuGet package is the ASPSecurityKit (ASK) security framework. It provides the Zero Trust based security pipeline that subjects every incoming request into your API web app to a series of identity and access checks such as cross-site scripting (XSS), authentication (variety of schemes such as HMAC, cookie), multi-factor auth, IP-firewall, user verification, activity-based data-aware authorization (ADA), suspension.

Essential source package

Solution explorer showing files in ask essential package

ASK’s primary goal is to give you complete freedom as to how should the implementation of security models, repositories and data access be. Therefore, it operates on the interface-based design, wherein even the models/DTOs like IUser are represented with an interface. This approach gives you a number of benefits over the lock-down approach (that other frameworks like ASP.NET follows) such as to be able to treat a data model or a service model as your user entity. You can put validation and other attributes on the model properties. You don’t need to copy data back and forth between the framework and your app models.

The flexibility is good, you may say, but you do need to write an implementation and wire up before you can use ASK. Well, you don’t! To save you time, an ASK Essential source package installs an implementation of these interfaces, as source code, right into your project.

The API template comes with this source code pre-installed. It contains repositories, models, EntityFramework migrations, dependency injection and other helper utilities.

Tip

ASK also has Starter and Premium source packages for Web API, which additionally come with full source implementation of commonly needed security workflows in every multi-tenant web app, such as account management (register/login/account settings, account recovery and verification), two-factor authentication, IP firewall, user management, administration, security event notifications, production grade error handling.
This saves you significant time and you can jump straight into developing the business features of the project.