This is the scenario:
-Hosted web application.
-Application trust level is full trust, because of external components.
-Customer should be able to customize some web pages.
I thought about using an html template that they can modify. But it is not flexible enough. For example if there is logic things get messy and difficult: if user is logged in render this way, if we are in that page render this part differently, etc, etc. I end up creating a new scripting language, customers won’t like it.
I would like to use an aspx page that they can modify. The problem is that they can write any code in the aspx page, access the file system, etc.
Questions:
-Is there a way in ASP.NET to restrict certain directory or web page permissions (i.e. code access security per page or per directory)?
-Any other suggestions for implementing secure customizable web pages?