G
Griff
Hi
We are re-writing an old classic ASP system and I've been doing some reading
up of the new security features in ASP.NET and I'm not sure that they're
suitable for me...but perhaps I've got completely the wrong end of a the
stick. I'd be grateful of some guidance here.
To describe the existing application:
We have an eCommerce "business-2-business" application that we have written
and host for other companies (~400). So we host about 400 web sites. Each
company's website has its own dedicated database which contains information
about the products that they want to sell. It also contains end user
information. These end users are either registered via a web page or by
importing their details programmatically into the database. Overall, we
have well over 500,000 users registered over all our web sites.
The user information is pivotal to the company's business rules. For
example, a user has access to only a few of the delivery addresses on the
system. They have access to only a few of the products on the system. They
have access to only a few of the features (such as reporting) on the system.
Etc, etc. These "business" rules are all implemented within the relational
tables in the specific company's database.
The ASP.NET 2.0 features that I refer to appear to hold the user information
in a specific database structure. I *assume* that this structure is rigid
and will therefore not allow me to implement the business rules in the way
that I have suggested. Could anyone give me a quick answer as to whether
this is likely to meet my requirements?
Many thanks
Griff
We are re-writing an old classic ASP system and I've been doing some reading
up of the new security features in ASP.NET and I'm not sure that they're
suitable for me...but perhaps I've got completely the wrong end of a the
stick. I'd be grateful of some guidance here.
To describe the existing application:
We have an eCommerce "business-2-business" application that we have written
and host for other companies (~400). So we host about 400 web sites. Each
company's website has its own dedicated database which contains information
about the products that they want to sell. It also contains end user
information. These end users are either registered via a web page or by
importing their details programmatically into the database. Overall, we
have well over 500,000 users registered over all our web sites.
The user information is pivotal to the company's business rules. For
example, a user has access to only a few of the delivery addresses on the
system. They have access to only a few of the products on the system. They
have access to only a few of the features (such as reporting) on the system.
Etc, etc. These "business" rules are all implemented within the relational
tables in the specific company's database.
The ASP.NET 2.0 features that I refer to appear to hold the user information
in a specific database structure. I *assume* that this structure is rigid
and will therefore not allow me to implement the business rules in the way
that I have suggested. Could anyone give me a quick answer as to whether
this is likely to meet my requirements?
Many thanks
Griff