Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Need advice on website authenticating thousands of users

Posted on 2014-09-15
Medium Priority
Last Modified: 2014-10-18
I need to setup some type of authentication system (non FTP) for approximately 2000 customers with which they will have access to one of two pricing folders.  My thoughts are that I don't want to have to manually type all their information in.  Thus, I'm thinking I'll have them register on a webpage and then have that information stored in a database, then forwarded to someone I designate.  Then that person approves or denies that registration, and if approved, they will be assigned their specific folder containing catalogs/pricing/images, etc. (between A or B) to view contents.  Both folders will house different content.

I'd like some advice on how to accomplish with the highest level of importance placed on security.  However, I'd like there to be minimum effort for my employees regarding registration, storage, access, customer service, etc.  I think once a registration is setup and access is assigned, that should be pretty much the end of the story short of updating the folders' contents.

What's the best and most efficient way to accomplish this?  I'd like to stick to some type of Windows based solution on the back end as we have difficulty with getting support for Linux in our local area, and we are operating in a Windows environment.  Since this is most likely going to be webpage based, I'd like to avoid any type of WordPress or Joomla that will have to be managed or updated frequently due to constant vulnerabilities and attacks.  Hoping to just keep this simple with maximum security from registration all the way to customer file access.  

I'm considering buying a seperate box just to house and run this and set it up in the DMZ outside our main network.  I can configure the edge devices to whatever is needed for promoting the highest security.    Any and all thoughts would be appreciated.

Needless to say, I don't want an expensive solution.  I have resources (man hours) to get this done, but would prefer a solution that doesn't require expensive licensing, hardware, or subscriptions.

If I'm pointed in the completely wrong direction, I'd like to know that as well.  The above are just my ideas off the cuff.

Question by:Steven Webster
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 21

Expert Comment

by:Randy Poole
ID: 40323295
Do you have access to a SQL Database and Server with IIS 7+ on it?  Also do the clients only need download access or upload as well?

Author Comment

by:Steven Webster
ID: 40323341
Yes, we have access to a SQL database and have a server with IIS 7 on it.  The clients only download content, no uploading will be permitted.
LVL 21

Accepted Solution

Randy Poole earned 2000 total points
ID: 40323371
I would make a simple database consisting of the signup/authentication information.  Then they get directed to  .NET or php once they are authenticated which displays the files/folders and allows them to download as needed or expand on it so they can download a zip of whichever folder they want.
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.


Author Comment

by:Steven Webster
ID: 40324021
I'm guessing this is something I cannot setup easily?  I know very little about SQL and even less about .NET/PHP.  I'm guessing I need hire someone to write the SQL database and someone else to write the .NET/PHP site.  I don't have any developers as resources.
LVL 11

Expert Comment

ID: 40326188
If I understood correctly, all this people are going to have access to the same information, if so, I will suggest to create a page requesting for Username and Password and if the password is valid then show another page with the possible available files for download so they can select the files they want to download and they will download it in their own time.  All this can be done by PHP, HTML or ASP, just remember to keep the download links hidden from the browser to force the user to always use the logon page.

To make it look nice your customers should be directed or send to something like: or

The only thing here is they will all have the same username and password.

Author Comment

by:Steven Webster
ID: 40326226
Thanks for the comment, unfortunately we will need to track which customers log in when.  This is part of a bunch of issues this project hopes to fix including timing of pricing.  We allow for a small time frame for our customers to purchase with a current price quoted in the documentation.  With prices changing a lot, some of them are complaining that they are getting the quotes and purchasing them with incorrect pricing.  To ensure accurate, up-to-date pricing, we require that the customer acquire the latest pricing guide before they place an order.  To eliminate any excuses, I want them to have their own login where we can track who logs in when, for how long, and whether or not they made an access request for a file and if it was transmitted successfully.  Our sales reps end up stuck in the middle as they were the ones previously filling pricing requests.  We had been honoring the customers' word, but it's become too much of a hassle at this point and hopefully this project will use technology to unload the burdensome process of our sales team providing pricing.
LVL 11

Expert Comment

ID: 40326294
I have implemented the previous option for a company that also sells, they are a mayor wholesaler for US and Canada.

There is nothing you can put on your system to find out when they came to download, how log they stay and if the prices they have are the correct.

For the company to function properly, your site (front-end) should always have the latest file (file size, date and name can be included on the download page) and the file should include a dead line for the included prices, your new prices should go up at least 2 days before the dead line of the previous one.  The sales department should have tools to send their customers something like alerts of starting and dead lines sales dates/promotions.

The other way around to avoid always going with "the customer is always right" or honor old prices, price list can be send in promotional campaigns to buyers' email.

If you still one to try to put something in more complicated in place go check this tool:

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question