When you want to create a professional website, you usually need a structure easily editable and you want to secure access based on user groups.
To avoid unpleasant surprises, here is an ASP.NET web site model included a class Factory for centralized management of connections to the database and a class User to store the connected user information.
So, each web page must instantiate a Factory object. If it’s the first time (from the login page), you must use the second constructor, with login and password, to authenticate the user (i.e.: identified in the database – see the User.Authenticate method). After this first time, you can use the first constructor with a reference to Page only… the user name is retrieved from the page context.
In class User, you only need to create the desired groups and assign access rights in method Authenticate. When you need to know the user’s permissions, you can access the Factory.User.IsMemberOf method.
Another important point is the management of the navigation menu which automatically integrates all user securities, via the web.sitemap file.
You can easily add a new item in the menu and specify the target page (url) and users who have access (roles).
In ASP.NET, the integration of security and the menu goes through the web.config file that specifies the SiteMap (for menu) the user authentication to use (i.e.: Forms).
A final point is to bypass the security for images and styles directories (even if the user is not authenticated). This is set in the web.config and the section configuration / location.
Currently, all websites include a database. The following model extends the previous structure by completing a Factory.GetCommand() method to retrieve a reference to a class to manage all “standards” SQL queries and a property Factory.Entities to manage the database using Entity Framework.