Role-based access control to the existing ASP.NET application

Main Cover


The client has a leading platform in the US that drives Rx cost savings and improve medication compliance.

The platform empowered companies to provide their employees with a solution to reduce rising out-of-pocket costs. It could reduce their pharmacy costs by up to 26%.

The platform first imported a company’s existing data of their employees and the prescriptions they were on. Then it created “opportunities/switches” that helped inform companies and their employees that they could switch out their existing drug for a new drug of the same composition, but was much cheaper

The problem was that the web and mobile application of the client where they managed the companies, pharmacies, and list of users who had potential opportunities for savings had just one level of access – “Admin” for all users.

The users were onboarded using Microsoft Active Directory, so anyone who had been authenticated using Microsoft AD, had instant access to all data that was displayed in the back-end admin panel.
For example, a customer service representative who has been onboarded could also access the account settings of a company
Our client wanted separate role-based logins for all user types so that they could only see the data that was relevant to them.

The solution

Rather than going with the traditional approach of implementing a fully role-based access control module directly in the mobile and web application, we proposed leveraging the features available in Microsoft Active Directory for creating roles.

So, we created multiple roles in Microsoft Active Directory, and then defined the modules for each role in the database of the ASP.NET application.
This helped reduce the development time, and ultimately the cost, as we did not have to create everything from scratch or use a third-party library.

Technologies used


Role based access control for an ASP.NET application hosted on Microsoft Azure Cloud Services.
With this solution of using Microsoft Active Directory, we were able to cut down the development time and cost for the client by around 60-70 % of what they would have incurred had they gone for the traditional approach of creating Role based access control from Scratch.
We were also able to ensure that this implementation was more secure as it used Microsoft Azure Cloud Platforms’ security practices
Developed in 1 sprint


Projects we have worked on

Looking to build a digital product?
Let's build it together.

Contact us now

  • This field is for validation purposes and should be left unchanged.