User & Roles


Terry Holland

I am developing an application that has a three tiered architecture -
Presentation, Business Logic & Data Access Layer. The presentation will
consist of a public facing web site and an internal intranet application.
The BLL & DAL are assemblies.
I am trying to design the application security and I would like some opinions.
I have the following requirements.

1) public will need to log in to website, and when they are logged in, each
page that they visit will need to know who is accessing the page

2) when domain users access the intranet application, they will need to log
in to the application (hey will use their windows credentials to login, but
they MUST login)

3) all users will be grouped into Roles.

4) authorisation will be based on Roles

5) the presentation layer AND the BLL AND the DAL will need to know who the
user is and what Roles the user is in.

I have split the presentation layer into to two web apps; One for public
APP_EXT and one for internal users APP_INT.

I would like to be able to use inbuilt ASP Website Configuration tool to
administer both of these webs. I would also like to use the standard login
controls that ship with ASP.Net (2.0)

Could someone give me some sound advice for what Im trying to achieve. It
important to me that my BLL & DAL layers know who is attempting to execute
functions and it should be invisible to these layers whether requests have
come from APP_EXT or APP_INT, other than by interogating the Role that a User
is in.

I would really appreciate a working example that follows my architecture -
perhaps someone could direct me to a good site for this.



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question