Authorization in Web Applications

Every web application must have a strong Authentication and Authorization mechanisms. In this blog, would like to share my thoughts about separating the authorization aspect from the application.

• Does separating the authorization from the web applications makes it easier to maintain?
• Dealing with what to show and what not to in the web pages requires a subject matter expertise on how it was implemented then?
• Does it make the application faster?

Here is my thought…

Including authorization in web applications depends on what kind of application it is

• If it is primarily designed to enable the solution what an enterprise is offering on web with a large user base and the targeted users are end-users and the agents who support the end-users. It is good to maintain two different applications – one for the end-users and the other is for the agents who support back-end operations. Every time we role out a new feature, we don’t have to really worry about different authorizations that we need to support, which is very hard to maintain and require subject matter expertise.
• If it is an enterprise based application, it is always good to include authorization in the application to support multiple roles and access to different features based on the roles. As this application is designed to target different kinds of users, including authorization will have good control on enabling the features.

Hope this helps!