views:

142

answers:

2

The site I'm working on is mid-sized, 3 developers, a few thousand users, and is very critical to the small business running it. So what I'm getting at is, this is not a Fortune 500 company, but is a serious enterprise needing to implement role-based security in a time/budget efficent way that is still pretty simple to use and has a high-degree of security.

The site will praimrily be custom coded, but we want to efficiently leverage components wherever we can. There will be about 6 roles (buyer, seller, admin, partner, etc.), most will be external users so we anticipate a form where they enter uername, pw, etc. We'll most likely store user info in a SQL Server table.

I'd like your thoughts on the best technology to use for role-based security, hopefully based on your real-world experience.

+2  A: 

This is your best bet. I also suggest you look into the provider model as a whole.

Randolpho
A: 

Give a look to the SqlRoleProvider, I've used it successfully with the Sql and ActiveDirectory Membership Providers.

CMS