I've an ASP.Internet application which will host multiple tenants (Software-as-a-Service style). Each tenant may have their very own domain title (world wide web.mydomain.com, world wide web.yourdomain.com) as well as their own SSL certificate.

It is possible to method to host the applying so that all the tenants are on a single application instance?

  • I understand you could have multiple IIS internet sites pointing towards the same shared location, but that will not work - it's different instance. That's different instances of the identical application.
  • I additionally know you should use SSL host header mapping with wildcard certificates, but that will not work because all the tenants will have to be subdomains of the identical primary domain - yourdomain.commondomain.com, mydomain.commondomain.com. For the reply to be valid, everybody will need their very own domain title, 't be subdomains. (Ideally each tenant could choose to make use of an EV cert, too, and also you can't have wildcard EV certs.)

The issue is that classic SSL necessitates the certificate to become presented prior to the internet browser has indicated which host it really wants to use. You are able to therefore only configure one certificate per IP/port combination.

There's extra time to TLS known as Server Title Indication which enables the browser to point which logical server it wants to speak to, however it does not have common support - it's not based on IIS.

Wildcards work since the certificate itself states that it's valid for those servers under that domain.

You restricted to simply IIS - or could putting soft/hard proxies or content-switching hardware be also a choice?

Thinking you could terminate the SSL in a proxy or content-switch - then transform the request to your own internal url.

e.g. foo.com/x and bar.com/y get converted into myapp/x and myapp/y correspondingly underneath the hood - passing the initial hostname within the request headers.