My web app is getting bigger and more complex as the time goes. I am thinking of separating processes into an app server, thus the web server is now just a UI layer for users.
However, that left me wondered about the user authentication. Currently everything requires users to be authenticated through login before they can proceed doing anything in the system. If I separated the processes into an app server, do I need to authenticate the users in the app server as well? What is the best practice for it?
I am thinking of no authentication in the app server since the web server already handled that; in other words no authenticated users could trigger anything, but then, is this a standard practice?
For you information, i am developing in ASP.NET.