asp.net mvc - URL Design for SSL-Secured SaaS Application -

-

i developing application using asp.net mvc platform, exposed service on web (the saas model). trying determine best way partition url namespace each user account. application need accessed securely via ssl, main concerns have been around coming url design works ssl certificates. here options have come with. in each example bob , jane 2 example user accounts:

option a: each account has unique subdomain under common domain name

e.g.

https://bob.example.com https://jane.example.com
  • this require wildcard ssl certificate (e.g. mapped *.example.com) each user can seamlessly access account via ssl. seamless mean without web browser warning user ssl certificate problems. drawback can think of wildcard certs seem considerably more expensive normal fixed domain certs. cost difference negligible in grand scheme of things, keeping in mind if else proves equal.

option b: each account has unique domain name

e.g.

https://bobs-domain.com https://domain-of-jane.com

  • in case, each user have ssl certificate tied domain names. 1 big drawback can think of our servers have maintain private keys users' certs, , have design system allowed users securely transmit private keys our servers. if had such system, feel of burden on users have acquire certificate submit private keys us.

  • alternatively, automatically issue , provision ssl certificate each user when sign up, can start accessing app via ssl without additional steps. require become issuer of ssl certificates, haven't looked yet... reseller other big company verisign specializes in sort of thing.

  • despite apparent pain of approach, option enable features may want provide in future, i.e. allowing user's have own branded version of app accessed via own company domain name.

option c: each account has unique subdirectory under common domain name

e.g.

https://example.com/bob https://example.com/jane

  • from perspective of ssl certificate maintenance, best option. need 1 fixed domain ssl cert (e.g. example.com) used users.

  • unfortunately url design not work other aspects of our current application architecture, around load balancing.

need feedback

my question is: option choose, , why? love hear real-world examples , experiences, other issues or concerns haven't presented appreciated.

i go a. solution not expensive, scales , not limit go custom domains, if decide later on.

wildcard certificates used quite expensive, today them around 200 usd annually @ godaddy or rapidssl, think pretty cheap. these certificates works in (almost) browser, doesn't come validation, verisign provides. don't know whether need this.

if go option b, have purchase certificate per user, wildcard certificate, certificate paid after few sign-ups , rest pure revenue.

aside solution simple implement, strength.


Comments

Post a Comment

Popular posts from this blog

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

asp.net - In javascript how to find the height and width -

-
i having .aspx , masterpage page. in masterpage loading aspx page . in aspx page design using generating table structure using code-behind server in javascript how find height , width . regards, kumar if you're looking table height , width, should it var tbl = document.getelementbyid('tbldemo'); alert(tbl.offsetwidth + '\n' + tbl.offsetheight);
Read more

c# - DataTable to EnumerableRowCollection -

-
i have datatable according client requirement can contain invalid date "00/00/1999",null,empty string.(typed datset) when collect them enumerables wish convert of invalid forms empty string. (i.e) enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || (how check date invalid date) ? string.empty : order.field<datetime>("orderdate") } how check whether date valid date or not? datetime.tryparse...like given current code: datetime date; enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || !datetime.tryparse(convert.tostring(order.field<datetime...
Read more