tags:

views:

265

answers:

3
Q: 

Web application Development - Subdomain

Hi everyone,

I'm currently at the very early design stage of building a web app that will be used by companies. Each company will have many departments and each department many staff. Each department will manage its own application with staff logging onto the application.

There is the possibility that staff across different organisations will have the same staff id. For that reason, I'm thinking of going with subdomains. Each company will have its own subdomain. I've googled a bit about using subdomains and have seen a number of positives, however not too many negatives except for the SEO implications (which do not interest me really.. this app will require direct contact with each organisation.. it's very specialised)

Can anybody think of any other disadvantages to going with subdomains? Can anyone think of a better way of doing things?

Regards, Fiona

A: 

using sub domains is a good idea, the only concern i have is regarding the authentication of the users. I am a .net guy so i am bringing up this query, i am not sure if you are using asp.net for your development. In case you are using asp.net for developing this website and you are using the asp.net membership, profiles and roles for authentication and authorization, you would end up having security problems. Because a user after logging into http://abc.site.com would have access to the site http://xyz.site.com also. This is the default way the asp.net membership thing works. So you would need to keep this in mind.

Rest i think the sub domain philosophy is good enough.

Bootcamp  2009-11-05 15:49:42
Thanks Bootcamp.. The app won't be built with .net.. at the moment what technology it is built with hasn't been decided but its pretty safe to say it will be with some open source technology.
Fiona  2009-11-05 15:59:22
A: 

Your login information will presumably be in a database table somewhere. You will either need separate databases for each company and will need to identify which database to use. Or you will have all users in one table, with some sort of company id - and you will need to determine which company id to add to your login query.

You can make either of these determinations based on subdomain, or on a company-specific login page, or directory, or you can ask them to pick which company they want to log in to (which would be pretty ugly).

Subdomains should work fine. You'll have to do DNS setup every time you add a company, or work out some apache magic. You may need SSL certificates for each subdomain (I think - I'm not well versed on those). Other than that, I don't see any big disadvantages or advantages as far as code or architecture go. Marketing may have a stronger case for one over the other.

You'll still want to use other methods of making sure that users don't have access to other companies' data, especially if other subdomains are guessable.

We also have a multiple-company application, but decided to make all logins unique. This makes it a little easier for us to identify users uniquely at the expense of occasionally having to explain why some username is not available even though that user's company isn't using it.

Scott Saunders  2009-11-05 15:56:25
Hi Scott, picking which company they wish to log in to is not an option. So that leaves us with subdomain or sub directory. If i go with the subdomain route, as each will have their own db, that elimiates the security issue of users having access to another company's data, unless two staff ID have the same passwords (which i would think is highly improbable). Or do you see other security issues here? Also if I go subdirectory route, then I would have to enforce login uniqueness. Which isn't an option. Thanks again. Fiona
Fiona  2009-11-05 16:10:00
If you have a separate DBs for each company, then you just need to figure out which DB to use. You can do that by determining which subdomain they're on, or by which directory/login page they login from. In PHP or Java, either determination can be as little as one or two lines of code. So I think either could work without too much difference. Once you've picked a DB, there shouldn't be any more security issues - just make sure all queries go to the right one. :)
Scott Saunders  2009-11-05 16:17:00
A: 

Subdomains might work just fine with asp.net membership. Because the was the tables are created for the membership provider there is a aspnet_applications table which has fields for te application name and description. In the aspnet_memberhip table, each user has a field for applicationID. If the application name is the subdomain then you could possibly limit which user can gain access to which application. XYZ subdomian would be one application with it's own ID, and ABC application would be another one.

Interesting domain problem. Good luck and share your results after it's creation.

Chris  2009-11-05 16:00:54

related questions

Apache/Django subdomains problem
Website that allows user subdomains - what subdomains should I block people from using?
.Htaccess & Wildcard Subdomains — Can't get other variables to work!
Sharing $_SESSION varaibles across subdomains using PHP
Regex (PHP) to Check Subdomain Email Format
dynamic sub-domain creation with PHP in a linux based server
How do you create subdomains using PHP? Is is possible on shared hosting?
How do I create an admin subdomain to manage subdomains in Rails
mod_rewrite: hierarchical sub-domains into hierarchical sub-directories
Single Sign On with SubDomains
Creating Subdomains Programmatically
Django to use different settings.py file based on subdomains
Django: how to store subdomain-based authentication usernames?
How to get personalized sub-domains for users and make them work?
Recommendation for handling navigation through subdomains
PHP setcookie() for domain but NOT subdomains
Why are some websites spread across www2, www3 sub-domains whilst others manage scaling without it?
SubDomains for blogs
Routing image requests to separate subdomains
will the use of multiple subdomains speed up my website?
Create Subdomains on the fly with .htaccess (PHP)
Wildcard Subdomain Setup on Windows 2003
subdomains w/o TLD
Best way for allowing subdomain session cookies using Tomcat