User & Roles
- From: Terry Holland <MSDNNospam248@xxxxxxxxxxxxx>
- Date: Wed, 24 Sep 2008 14:24:00 -0700
I am developing an application that has a three tiered architecture -
Presentation, Business Logic & Data Access Layer. The presentation will
consist of a public facing web site and an internal intranet application.
The BLL & DAL are vb.net assemblies.
I am trying to design the application security and I would like some opinions.
I have the following requirements.
1) public will need to log in to website, and when they are logged in, each
page that they visit will need to know who is accessing the page
2) when domain users access the intranet application, they will need to log
in to the application (hey will use their windows credentials to login, but
they MUST login)
3) all users will be grouped into Roles.
4) authorisation will be based on Roles
5) the presentation layer AND the BLL AND the DAL will need to know who the
user is and what Roles the user is in.
I have split the presentation layer into to two web apps; One for public
APP_EXT and one for internal users APP_INT.
I would like to be able to use inbuilt ASP Website Configuration tool to
administer both of these webs. I would also like to use the standard login
controls that ship with ASP.Net (2.0)
Could someone give me some sound advice for what Im trying to achieve. It
important to me that my BLL & DAL layers know who is attempting to execute
functions and it should be invisible to these layers whether requests have
come from APP_EXT or APP_INT, other than by interogating the Role that a User
I would really appreciate a working example that follows my architecture -
perhaps someone could direct me to a good site for this.
- Prev by Date: Browser History
- Next by Date: XML in web.config
- Previous by thread: Browser History
- Next by thread: XML in web.config