The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

.NET Web apps: Separating public areas from private

Hello,

I'm considering how to securely separate the administration portion of a web application from its public face in ASP.NET. Does anyone have any suggestions for best practices in this area?

Should I just set up a subfolder named "admin" (or similar), disable anonymous access in IIS, and require SSL? Is it better to create a separate Web for the admin module?

I'll also create separate SQL Server accounts for each. There's probably more I can do, though.

Thanks guys.
Beerhunter
Thursday, August 24, 2006
 
 
One approach that I always thought was cool was if your admins don't need to use an internet kiosk or anything to admin the website..get rid of all admin features and make the admin portion a winforms app.

Not possible for all situations, but can prevent a ton of issues if the shoe fits.
D in PHX Send private email
Thursday, August 24, 2006
 
 
Hey D,

That is a cool idea, and I do see some potential plusses from a usability standpoint (and thus user satisfaction, a possible selling point).

I think there might not be enough, though, to make the extra coding and deployment/distribution efforts worthwhile. Especially for a 1.0 release. ;)
Beerhunter
Thursday, August 24, 2006
 
 
No prob!

Hope you find the beer...  :)
D in PHX Send private email
Thursday, August 24, 2006
 
 
All this stuff is built into ASP.NET, you do it via the web.config file.

http://www.google.com/search?q=authentication+authorization+ASP.NET
Duncan Smart
Thursday, August 24, 2006
 
 
I tend to create a separate web app for admin.  That way I can have differences like allowing impersonation in the admin one but not in the public one.
Jacob Send private email
Friday, August 25, 2006
 
 
+1 for the seperate admin web app.

You can do it in one and configure a bunch of stuff but I find it simpler just to do it seperately.
Mike S Send private email
Monday, August 28, 2006
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz