Solved

Need advice on website authenticating thousands of users

Posted on 2014-09-15
9
144 Views
Last Modified: 2014-10-18
I need to setup some type of authentication system (non FTP) for approximately 2000 customers with which they will have access to one of two pricing folders.  My thoughts are that I don't want to have to manually type all their information in.  Thus, I'm thinking I'll have them register on a webpage and then have that information stored in a database, then forwarded to someone I designate.  Then that person approves or denies that registration, and if approved, they will be assigned their specific folder containing catalogs/pricing/images, etc. (between A or B) to view contents.  Both folders will house different content.

I'd like some advice on how to accomplish with the highest level of importance placed on security.  However, I'd like there to be minimum effort for my employees regarding registration, storage, access, customer service, etc.  I think once a registration is setup and access is assigned, that should be pretty much the end of the story short of updating the folders' contents.

What's the best and most efficient way to accomplish this?  I'd like to stick to some type of Windows based solution on the back end as we have difficulty with getting support for Linux in our local area, and we are operating in a Windows environment.  Since this is most likely going to be webpage based, I'd like to avoid any type of WordPress or Joomla that will have to be managed or updated frequently due to constant vulnerabilities and attacks.  Hoping to just keep this simple with maximum security from registration all the way to customer file access.  

I'm considering buying a seperate box just to house and run this and set it up in the DMZ outside our main network.  I can configure the edge devices to whatever is needed for promoting the highest security.    Any and all thoughts would be appreciated.

Needless to say, I don't want an expensive solution.  I have resources (man hours) to get this done, but would prefer a solution that doesn't require expensive licensing, hardware, or subscriptions.

If I'm pointed in the completely wrong direction, I'd like to know that as well.  The above are just my ideas off the cuff.

Thanks!
0
Comment
Question by:Steven Webster
  • 3
  • 2
  • 2
9 Comments
 
LVL 21

Expert Comment

by:Randy Poole
ID: 40323295
Do you have access to a SQL Database and Server with IIS 7+ on it?  Also do the clients only need download access or upload as well?
0
 

Author Comment

by:Steven Webster
ID: 40323341
Yes, we have access to a SQL database and have a server with IIS 7 on it.  The clients only download content, no uploading will be permitted.
0
 
LVL 21

Accepted Solution

by:
Randy Poole earned 500 total points
ID: 40323371
I would make a simple database consisting of the signup/authentication information.  Then they get directed to  .NET or php once they are authenticated which displays the files/folders and allows them to download as needed or expand on it so they can download a zip of whichever folder they want.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Steven Webster
ID: 40324021
I'm guessing this is something I cannot setup easily?  I know very little about SQL and even less about .NET/PHP.  I'm guessing I need hire someone to write the SQL database and someone else to write the .NET/PHP site.  I don't have any developers as resources.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40326188
If I understood correctly, all this people are going to have access to the same information, if so, I will suggest to create a page requesting for Username and Password and if the password is valid then show another page with the possible available files for download so they can select the files they want to download and they will download it in their own time.  All this can be done by PHP, HTML or ASP, just remember to keep the download links hidden from the browser to force the user to always use the logon page.

To make it look nice your customers should be directed or send to something like:  https://customers.yourcompany.com or https://yourcompany.com/customers/

The only thing here is they will all have the same username and password.
0
 

Author Comment

by:Steven Webster
ID: 40326226
Thanks for the comment, unfortunately we will need to track which customers log in when.  This is part of a bunch of issues this project hopes to fix including timing of pricing.  We allow for a small time frame for our customers to purchase with a current price quoted in the documentation.  With prices changing a lot, some of them are complaining that they are getting the quotes and purchasing them with incorrect pricing.  To ensure accurate, up-to-date pricing, we require that the customer acquire the latest pricing guide before they place an order.  To eliminate any excuses, I want them to have their own login where we can track who logs in when, for how long, and whether or not they made an access request for a file and if it was transmitted successfully.  Our sales reps end up stuck in the middle as they were the ones previously filling pricing requests.  We had been honoring the customers' word, but it's become too much of a hassle at this point and hopefully this project will use technology to unload the burdensome process of our sales team providing pricing.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40326294
I have implemented the previous option for a company that also sells, they are a mayor wholesaler for US and Canada.

There is nothing you can put on your system to find out when they came to download, how log they stay and if the prices they have are the correct.

For the company to function properly, your site (front-end) should always have the latest file (file size, date and name can be included on the download page) and the file should include a dead line for the included prices, your new prices should go up at least 2 days before the dead line of the previous one.  The sales department should have tools to send their customers something like alerts of starting and dead lines sales dates/promotions.

The other way around to avoid always going with "the customer is always right" or honor old prices, price list can be send in promotional campaigns to buyers' email.

If you still one to try to put something in more complicated in place go check this tool: http://www.filemanager.net/site.php?page=Home
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now