I am working on a requirement, wherein I would need to implement FBA Claims in Multi Tenant scenario. Every tenant has a different user DB (aspnetdb is separate for every tenant). I also understand that Authentication in SharePoint happens at the level of a Web Application and not at individual Site Collection or Tenant (group of site collections grouped by a Subscription ID). Initially, I set up the FBA with config entries in Central Admin, STS and the Web Application config files for SQL Connection String, Custom Membership and Role Providers. But I kept the DB name in the connection string as a token which will be replaced dynamically from code using string.format expression. Now I created a Custom SQL Membership Provider and I overrode the Initialize method, in which, I accessed the _sqlConnectionString Non Public Instance member through reflection and wanted to assign the Connection string, based on the Tenant Alias which I was to get from the URL. Now, the first challenge was, the HttpContext.Current was null. Hence I couldn't get the Request URL, from where I was planning to get the Tenant Name and hence the right DB. To overcome this, I also tried to get the connection string directly in the Validate User method, but again, the HttpContext.Current was null in this case also. Then I wanted to directly try to use a hardcoded DB name in my string.format expression. Though this worked, my token creation code returned a null token using SPSecurityContext.SecurityTokenForFormsAuthentication. Long story short, I have a few questions here.

1. How can we get the Request URL in Custom Membership Provider, so that we can use dynamic connection string?

2. How can we ensure we can still generate the SecurityToken using STS in case of dynamic connection string?

3. How to implement FBA Claims in case of Multi Tenancy, wherein each Tenant has a different user db?

Any help will be highly appreciated.