I just got back into town.
Yes you can redirect them. My method is somewhat crude, but I have it to where each person who visits the website and registers is assigned a random usercode that is there's only.
Also I have a field in my db that stores access levels.
When a user logs in, I have a few variables stored in a cookie on their hardrive once they are approved. The sites then read these variables and show the information depending on what "status" or in your case customer they are.
One possible way would be to have it store their user id in a cookie, then redirect to their information from purely reading that and that only.
Once they have the user id, then it reads the rest of their info and you can display it accordingly.
Also you can put these files in the ssl layer of your server to make them secure.
My method is pretty easy, and there is a probably a more secure way out there...like setting the cookie variables to expire after a certain time..which is pretty easy...
you could just bypass the cookie part and have the asp code read the server sessions variables in real time. There is a trend towards this approach as it keeps it all server side.
is a very basic website that shows all of the above steps in a very simple way...you can then expand upon them and maniuplate the code to your liking.
Its kinda easy if you are familiar with programming. Make sure the db is in a place where no one can view or dl it...server company and since you are talking active directory you can probably set that...
also use .inc (include files) for a lot of the sensitive code..these are hard to find..as when the asp page is accessed you can't view these files at all unless they are known...put these files in the ssl layer...
etc...