Need advice on website authenticating thousands of users
Posted on 2014-09-15
I need to setup some type of authentication system (non FTP) for approximately 2000 customers with which they will have access to one of two pricing folders. My thoughts are that I don't want to have to manually type all their information in. Thus, I'm thinking I'll have them register on a webpage and then have that information stored in a database, then forwarded to someone I designate. Then that person approves or denies that registration, and if approved, they will be assigned their specific folder containing catalogs/pricing/images, etc. (between A or B) to view contents. Both folders will house different content.
I'd like some advice on how to accomplish with the highest level of importance placed on security. However, I'd like there to be minimum effort for my employees regarding registration, storage, access, customer service, etc. I think once a registration is setup and access is assigned, that should be pretty much the end of the story short of updating the folders' contents.
What's the best and most efficient way to accomplish this? I'd like to stick to some type of Windows based solution on the back end as we have difficulty with getting support for Linux in our local area, and we are operating in a Windows environment. Since this is most likely going to be webpage based, I'd like to avoid any type of WordPress or Joomla that will have to be managed or updated frequently due to constant vulnerabilities and attacks. Hoping to just keep this simple with maximum security from registration all the way to customer file access.
I'm considering buying a seperate box just to house and run this and set it up in the DMZ outside our main network. I can configure the edge devices to whatever is needed for promoting the highest security. Any and all thoughts would be appreciated.
Needless to say, I don't want an expensive solution. I have resources (man hours) to get this done, but would prefer a solution that doesn't require expensive licensing, hardware, or subscriptions.
If I'm pointed in the completely wrong direction, I'd like to know that as well. The above are just my ideas off the cuff.