Can you host multiple tenants on a single ASP.NET application instance over SSL?

Question

I have an ASP.NET application that will host multiple tenants (Software-as-a-Service style). Each tenant will have their own domain name (www.mydomain.com, www.yourdomain.com) and their own SSL certificate.

Is there a way to host the application such that all of the tenants are on the same application instance?

• I know you can have multiple IIS web sites pointing to the same shared location, but that won't work - it's not the same instance. That's different instances of the same application.
• I also know you can use SSL host header mapping with wildcard certificates, but that won't work because all of the tenants would need to be subdomains of the same primary domain - yourdomain.commondomain.com, mydomain.commondomain.com. For the solution to be valid, everyone needs to have their own domain name, not be subdomains. (Ideally each tenant could opt to use an EV cert, too, and you can't have wildcard EV certs.)

Answer 1

You constrained to only IIS - or could putting soft/hard proxies or content-switching hardware also be an option?

Thinking that you could terminate the SSL at a proxy or content-switch - then transform the request into your own internal url.

e.g. foo.com/x and bar.com/y get translated into myapp/x and myapp/y respectively under the hood - passing the original hostname in the request headers.

Answer 2

The problem is that classic SSL requires the certificate to be presented before the web browser has indicated which host it wants to use. You can therefore only configure one certificate per IP/port combination.

There is an extension to TLS called Server Name Indication which allows the browser to indicate which logical server it wants to talk to, but it does not yet have widespread support - it's not yet supported by IIS.

Wildcards work because the certificate itself says that it is valid for all servers under that domain.