I have an application in which we want to provide the functionality using which user can add/update/delete the columns of different tables. My approach is to create a different database for each client so that their changes specific to tables will remain in their database.

Since each client will have their own database, I wonder how can I manage authentication and authorization? Do I need to create a different database for that as well? Will it affect the performance of the application?

Edit: The approach that I am planning to use for authentication and authorization is to create an additional field called "Account" on the login page. This account name will guide the program to connect it to correct database. And each database will have it's own users to authenticate.

The answer to your question is of course (and unfortunately) Yes and No. :)

This is known as multi-tenant data architecture.

Having separate databases can definitely be a great design option however so can using one database shared with all of your clients/customers and you will need to consider many factors before choosing.

Each design has pluses and minuses.

Here are your 3 essential choices

1) Each customer shares the same database and database tables.

2) Each customer shares the same database but they get their own schema inside the database so they each get their own set of tables.

3)Each customer gets their own database.

One major benefit (that I really like) to the separate database approach is data security. What I mean by this is that every customer gets their own database and because of this they will edit/update/delete just their database. Because of this, there is no risk in end users overriding other users data either due to programmatic error on your part or due to a security breach in your application.

When all users are in the same database you could accidentally pull and expose another customers data. Or, worse, you could expose a primary key to a record on screen and forget to secure it appropriately and a power user could override this key very easily to a key that belongs to another customer thus exposing another clients data.

However, lets say that all of your customers are actually subsidieries of 1 large company and you need to roll up financials every day/week/month/year etc. If this is the case, then having a database for every client could be a reporting nightmare and having everyone in a single database sharing tables would just make life so much easier. When it comes time to report on your daily sales for instance, its easier to just sum up a column then go to 10,000 databases and sum them up. :)

So the answer definitely depends on your applicaton and what it will be doing.

I work on a large enterprise system where we have tens of thousands of clients in the same database and in order to support this we took very great care to secure all of our data very carefully.

I also work on a side project in my spare time which supports a database per customer multi-tenant architecture.

So, consider what your application will do, how you will backup your data, do you need to roll up data etc and this will help you decide.

Heres a grea article on MSDN for this: https://msdn.microsoft.com/en-us/library/aa479086.aspx

Regarding your question about authentication.

Yes, having a separate database for authentication is a great design. When a customer authenticates, you will authenticate them off of your authentication database and they will receive the connectionstring to their database as part of this authentication. Then all data from that point comes from that clients database.

Hope this was helpful. Good luck!