Bento Pedroso Construções needed to have some of its employees exchange information with the headquarters computers, while at the construction sites.
This exchange should obviously be restricted to BPC employees. That can be enforced simply with a user name and password to access BPC's central system.
Part of the HTTP* protocol offers this function (see RFCs 1945, 2616 and 2617). However the basic authentication offered by the protocol isn't safe, and digest authentication wasn't supported by all browsers* at the time (we're talking 1997) and requires several packet exchanges between the browser and the server making the process slower.
On the other hand, the computers used by the BPC's employees should be considered unsafe, so passwords should exist on those computers for as little time as possible.
Therefore, we suggested server-side password validation (with proper privacy safeguards) and the generation of a "ticket" (a number) that was provided to the browser. The browser in turn repeated back this "ticket" in later requests. The server made sure the "ticket" was only valid for the computer it was issued to, and for a short period of time.
This form of validation is very similar to Kerberos* currently also used in Windows 2000 and above server systems.
Intranet in ASP
Years later we were again contacted by the same company for another Web project. This time the intention was to develop a remote invoice management system (remotely creating and reading invoices) and a supplier-available construction materials search engine, both using ASP technology. The data for both systems was kept on an Oracle database.
The project was performed as a consulting service, in the client's premises and in cooperation with its technical team which provided valuable expertise in Oracle. This team would occasionally help us in SQL query optimization with proprietary Oracle code.
The ASP invoice system would validate users, allow for the validated creation of invoices in three steps, generated invoice totals without any loss of cents and generated correct sequential numbering even though the system could be used by several people at once. It also listed and allowed for the search of previously created invoices and it showed them in a pre-determined format ready for printing.
The construction materials search system allowed only for search and listing, since the creation of those items was performed by a Windows application developed by BPC staff.