User & Roles

Discussion in 'ASP .Net Security' started by Terry Holland, Sep 24, 2008.

  1. I am developing an application that has a three tiered architecture -
    Presentation, Business Logic & Data Access Layer. The presentation will
    consist of a public facing web site and an internal intranet application.
    The BLL & DAL are vb.net assemblies.
    I am trying to design the application security and I would like some opinions.
    I have the following requirements.

    1) public will need to log in to website, and when they are logged in, each
    page that they visit will need to know who is accessing the page

    2) when domain users access the intranet application, they will need to log
    in to the application (hey will use their windows credentials to login, but
    they MUST login)

    3) all users will be grouped into Roles.

    4) authorisation will be based on Roles

    5) the presentation layer AND the BLL AND the DAL will need to know who the
    user is and what Roles the user is in.

    I have split the presentation layer into to two web apps; One for public
    APP_EXT and one for internal users APP_INT.

    I would like to be able to use inbuilt ASP Website Configuration tool to
    administer both of these webs. I would also like to use the standard login
    controls that ship with ASP.Net (2.0)

    Could someone give me some sound advice for what Im trying to achieve. It
    important to me that my BLL & DAL layers know who is attempting to execute
    functions and it should be invisible to these layers whether requests have
    come from APP_EXT or APP_INT, other than by interogating the Role that a User
    is in.

    I would really appreciate a working example that follows my architecture -
    perhaps someone could direct me to a good site for this.

    tia
     
    Terry Holland, Sep 24, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vic
    Replies:
    1
    Views:
    342
    Steve C. Orr [MVP, MCSD]
    Oct 29, 2003
  2. Guest

    User roles

    Guest, Dec 16, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    512
    Steve C. Orr [MVP, MCSD]
    Dec 17, 2003
  3. Mad Scientist Jr
    Replies:
    1
    Views:
    5,472
  4. Jéjé
    Replies:
    0
    Views:
    259
    Jéjé
    Sep 27, 2005
  5. Bob Sanders
    Replies:
    6
    Views:
    224
    Jacob Basham
    Nov 10, 2007
Loading...

Share This Page