User & Roles

I am developing an application that has a three tiered architecture -
Presentation, Business Logic & Data Access Layer. The presentation will
consist of a public facing web site and an internal intranet application.
The BLL & DAL are assemblies.
I am trying to design the application security and I would like some opinions.
I have the following requirements.

1) public will need to log in to website, and when they are logged in, each
page that they visit will need to know who is accessing the page

2) when domain users access the intranet application, they will need to log
in to the application (hey will use their windows credentials to login, but
they MUST login)

3) all users will be grouped into Roles.

4) authorisation will be based on Roles

5) the presentation layer AND the BLL AND the DAL will need to know who the
user is and what Roles the user is in.

I have split the presentation layer into to two web apps; One for public
APP_EXT and one for internal users APP_INT.

I would like to be able to use inbuilt ASP Website Configuration tool to
administer both of these webs. I would also like to use the standard login
controls that ship with ASP.Net (2.0)

Could someone give me some sound advice for what Im trying to achieve. It
important to me that my BLL & DAL layers know who is attempting to execute
functions and it should be invisible to these layers whether requests have
come from APP_EXT or APP_INT, other than by interogating the Role that a User
is in.

I would really appreciate a working example that follows my architecture -
perhaps someone could direct me to a good site for this.


Relevant Pages

  • Re: How do I deploy and configure distributed app
    ... You need to put them into some kind of distribution mechanism, in the past there has been several to choose from including: ... I have a UI Layer, a Business Logic Layer, a Data Access Layer connecting to s SQL server layer. ...
  • Re: Strongly Typed Dataset should be in DataAccess Layer or Business Layer
    ... In your case the strongly typed dataset. ... layer and data access layer, ... be in data access layer. ... public static int Insert(string productName, int categoryID, decimal ...
  • Common Problem, I think...
    ... property types, but in our 4-tier app, we have a Data access layer that passes dataset across tiers to the Application layer, which populates the Business object's properties. ... the SQLDataReader.GetSqlInt32 and similar methods to covert a normal integer to the SqlInt32 type before I could store a value in the SqlInt32 property, apparently the CTYPE will not work. ...
  • Re: Help! How many layers in my app?
    ... layer = something logical separated but still has to run on ... So you have either a 3 tier web app: ... data access layer = .cs with some database interface a la DAAB ...