Solved

Need advice on website authenticating thousands of users

Posted on 2014-09-15
9
155 Views
Last Modified: 2014-10-18
I need to setup some type of authentication system (non FTP) for approximately 2000 customers with which they will have access to one of two pricing folders.  My thoughts are that I don't want to have to manually type all their information in.  Thus, I'm thinking I'll have them register on a webpage and then have that information stored in a database, then forwarded to someone I designate.  Then that person approves or denies that registration, and if approved, they will be assigned their specific folder containing catalogs/pricing/images, etc. (between A or B) to view contents.  Both folders will house different content.

I'd like some advice on how to accomplish with the highest level of importance placed on security.  However, I'd like there to be minimum effort for my employees regarding registration, storage, access, customer service, etc.  I think once a registration is setup and access is assigned, that should be pretty much the end of the story short of updating the folders' contents.

What's the best and most efficient way to accomplish this?  I'd like to stick to some type of Windows based solution on the back end as we have difficulty with getting support for Linux in our local area, and we are operating in a Windows environment.  Since this is most likely going to be webpage based, I'd like to avoid any type of WordPress or Joomla that will have to be managed or updated frequently due to constant vulnerabilities and attacks.  Hoping to just keep this simple with maximum security from registration all the way to customer file access.  

I'm considering buying a seperate box just to house and run this and set it up in the DMZ outside our main network.  I can configure the edge devices to whatever is needed for promoting the highest security.    Any and all thoughts would be appreciated.

Needless to say, I don't want an expensive solution.  I have resources (man hours) to get this done, but would prefer a solution that doesn't require expensive licensing, hardware, or subscriptions.

If I'm pointed in the completely wrong direction, I'd like to know that as well.  The above are just my ideas off the cuff.

Thanks!
0
Comment
Question by:Steven Webster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
9 Comments
 
LVL 21

Expert Comment

by:Randy Poole
ID: 40323295
Do you have access to a SQL Database and Server with IIS 7+ on it?  Also do the clients only need download access or upload as well?
0
 

Author Comment

by:Steven Webster
ID: 40323341
Yes, we have access to a SQL database and have a server with IIS 7 on it.  The clients only download content, no uploading will be permitted.
0
 
LVL 21

Accepted Solution

by:
Randy Poole earned 500 total points
ID: 40323371
I would make a simple database consisting of the signup/authentication information.  Then they get directed to  .NET or php once they are authenticated which displays the files/folders and allows them to download as needed or expand on it so they can download a zip of whichever folder they want.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Steven Webster
ID: 40324021
I'm guessing this is something I cannot setup easily?  I know very little about SQL and even less about .NET/PHP.  I'm guessing I need hire someone to write the SQL database and someone else to write the .NET/PHP site.  I don't have any developers as resources.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40326188
If I understood correctly, all this people are going to have access to the same information, if so, I will suggest to create a page requesting for Username and Password and if the password is valid then show another page with the possible available files for download so they can select the files they want to download and they will download it in their own time.  All this can be done by PHP, HTML or ASP, just remember to keep the download links hidden from the browser to force the user to always use the logon page.

To make it look nice your customers should be directed or send to something like:  https://customers.yourcompany.com or https://yourcompany.com/customers/

The only thing here is they will all have the same username and password.
0
 

Author Comment

by:Steven Webster
ID: 40326226
Thanks for the comment, unfortunately we will need to track which customers log in when.  This is part of a bunch of issues this project hopes to fix including timing of pricing.  We allow for a small time frame for our customers to purchase with a current price quoted in the documentation.  With prices changing a lot, some of them are complaining that they are getting the quotes and purchasing them with incorrect pricing.  To ensure accurate, up-to-date pricing, we require that the customer acquire the latest pricing guide before they place an order.  To eliminate any excuses, I want them to have their own login where we can track who logs in when, for how long, and whether or not they made an access request for a file and if it was transmitted successfully.  Our sales reps end up stuck in the middle as they were the ones previously filling pricing requests.  We had been honoring the customers' word, but it's become too much of a hassle at this point and hopefully this project will use technology to unload the burdensome process of our sales team providing pricing.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40326294
I have implemented the previous option for a company that also sells, they are a mayor wholesaler for US and Canada.

There is nothing you can put on your system to find out when they came to download, how log they stay and if the prices they have are the correct.

For the company to function properly, your site (front-end) should always have the latest file (file size, date and name can be included on the download page) and the file should include a dead line for the included prices, your new prices should go up at least 2 days before the dead line of the previous one.  The sales department should have tools to send their customers something like alerts of starting and dead lines sales dates/promotions.

The other way around to avoid always going with "the customer is always right" or honor old prices, price list can be send in promotional campaigns to buyers' email.

If you still one to try to put something in more complicated in place go check this tool: http://www.filemanager.net/site.php?page=Home
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Syntax: How to force case sensitive query? 2 56
Exchange 2013 weird behavior 7 71
How to structure query with count aggregate 4 43
Star schema daily updates 2 35
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question