my questions is i need to implement the security model [authentication , authorization , users , roles and modules] for ERP System.
because we have so many applications/Systems/Modules [around 14 ] we need to publish online for different users with different privileges .
what is the best practice to implement this ,
i read alot about the old asp.net membership and role mangment and the new asp.net identity and the claim based authorization
but still confused how to implement this in large scale ERP system .
I do not need to play with the config files and location path for denying and allowing users to folders every time i have new application or new user ;
i need to do all of this from DB .
note : we use Oracle Database for back end, and the front End is implemented with asp.net Web Forms .
Thanks for your help