Build a multi-tenant CRM RESTful API service on ServiceStack

We’re going to progressively build a simple multi-tenant CRM RESTful API service with support for both individual and team accounts.

Create the SuperCRM project

Let’s create the SuperCRM project using the ASPSecurityKit’s API template for ServiceStack. We’ll use the DotNet New command to initialize the project with ServiceStack template:

  1. Open command prompt and execute the following command to install the ASK’s templates package:
dotnet new -i ASPSecurityKit.Templates
  1. Create the project using the ServiceStack template in the specified folder:
dotnet new askss -n SuperCRM -o "D:\My Projects\SuperCRM"


If you see an error message "The post action ac1156f7-bb77-4db8-b28f-24eebcca1e54 is not supported." after 'dotnet restore' succeeds, just ignore it. As of this writing, we see this error message with .NET 6 (preview); it's incorrectly processing the Display Manual Instructions action.

You can now open the project in Visual Studio from D:\My Projects\SuperCRM\SuperCRM.csproj.

What’s inside the project?


The ASPSecurityKit.ServiceStack NuGet package is the ASPSecurityKit (ASK) security framework. It provides the Zero Trust based security pipeline that subjects every incoming request into your ServiceStack web app to a series of identity and access checks such as cross-site scripting (XSS), authentication (variety of schemes such as HMAC, cookie), multi-factor auth, IP-firewall, user verification, activity-based data-aware authorization (ADA), suspension.

Essential source package

Solution explorer showing files in ask essential package

ASK’s primary goal is to give you complete freedom as to how should the implementation of security models, repositories and data access be. Therefore, it operates on the interface-based design, wherein even the models/DTOs like IUser are represented with an interface. This approach gives you a number of benefits over the lock-down approach such as to be able to treat a data model or a service model as your user entity. You can put validation and other attributes on the model properties. You don’t need to copy data back and forth between the framework and your app models.

The flexibility is good, you may say, but you do need to write an implementation and wire up before you can use ASK. Well, you don’t! To save you time, an ASK Essential source package installs an implementation of these interfaces, as source code, right into your project.

The ServiceStack template comes with this source code pre-installed. It contains repositories, models, EntityFramework migrations, dependency injection and other helper utilities.


ASK also has Starter and Premium source packages for ServiceStack, which additionally come with full source implementation of commonly needed security workflows in every multi-tenant web app, such as account management (register/login/account settings, account recovery and verification), two-factor authentication, IP firewall, user management, administration, security event notifications, production grade error handling.
This saves you significant time and you can jump straight into developing the business features of the project.