First, a preface: I'm new to Stack Overflow, recently reintroduced to programming, and very new to security, so please go easy on me. I'm hoping someone can point me in the right direction.
We are a large multi-site nonprofit organization with a small programming team supporting an obsolete Administration/Accounting software that was programmed in-house. In the last few years, part of our Human Resources module has been rewritten as an ASP.NET MVC web application (C#, Javascript, HTML) so that remote sites can install it and access employee information. The eventual plan is to move it all to RESTful Web Api, so I'm spending time on Pluralsight learning REST as well as the programming languages referenced above.
Where we've hit a snag is in security. Right now an authorized user in this web application has carte blanche access to data, so we can't make certain sensitive data available until we can employ authorization on a more granular level.
Our most pressing issue is document management. Documents on our old system are saved in a series of folders in .doc or .pdf format. Our web application needs to be able to authenticate a given user, access that same file structure and limit his/her access to only the folders he/she is authorized to view.
I've been searching stackoverflow and the internet, but haven't come across any clearcut information on how to proceed.
I would appreciate any input on strategies you may have used to tackle a similar problem. Thanks in advance for your help!
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire