asp.net security: Design Issue (Employee and Client) -- asp.net security

Design Issue (Employee and Client)

fingermark NO[at]SPAM gmail.com
2/19/2006 9:02:07 PM

asp.net security:

I am trying to design a login system, but I am running in to a couple
of design issues. All tips are welcome.

There are two principals that need to access the system: employees and
clients. Clients login at clients.example.com. Employees login at
employees.example.com.

First design issue:
1. Description: Currently, I have a Persons table (this contains the
username, password, email, ... of the users). I have a Employees table
that has a foreign key to the Persons table (to PersonID). I have a
Client table that has a foreign key to Persons table (to PersonID).

Issue: Is having the login information for employees and clients in
one table a bad idea? I see no reason why, but I'm just a little
concerned.

2. Description and issue: Once the user is logged in, how can I
prevent clients from accessing employee pages and vice versa? Would I
do this through user profiles? Or would I do this with roles, like
Employee role and Client role. Employees are going to be given roles
anyways, like Billing, Customer Service, Administrator, ...

Thanks

Re: Design Issue (Employee and Client)

fingermark NO[at]SPAM gmail.com
2/19/2006 9:34:10 PM

Maybe I should have specified some things. I am using ASP.NET 2.0 and
am creating my own MembershipProvider implementation.

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the asp.net security group.