Anonymized case study. Client name and identifying metrics are withheld. Patterns reflect representative senior .NET programs.
Executive summary
A growing SaaS product used a shared database with TenantId discriminators. A security review found several raw SQL paths and report jobs that bypassed EF filters.
The challenge
Legacy reports used ADO.NET. Background jobs sometimes ran without tenant context. Enterprise prospects required RLS evidence.
Technical approach
Tenant resolution middleware, EF global filters on all mapped entities, audit of raw SQL, SQL Server RLS policies per tenant principal, integration tests that assert isolation, and phased enablement with canary tenants.
Outcomes
Penetration test closed critical findings. Enterprise sales used RLS documentation in security packets. Support stopped chasing phantom data in wrong tenant UI.
Discuss a program like this
Share your constraints and stack—we will outline fit and what proof we can share on a discovery call.