As you may have guessed, or found by searching http://search.cpan.org, there’s a never-ending supply of modules to help you handle these chores.   You should first give very careful consideration to exactly how you need to handle these tasks in your web-application, then look for Perl modules to help you do it.   Nearly all of the work should already have been done for you, so the question is not “how to do it,” but “what to do.”   (Whew!)

In a corporate setting, you probably will find that LDAP (nee Microsoft OpenDirectory™) is probably already in use.   Therefore, you probably should use that for both authentication and authorization, working with the company’s security department to set-up the details.   (Another technology that you might see is Kerberos.)

For instance, you might be able to use Apache (or nginix, or IIS) directives, at the <VirtualHost> level, to restrict access to the entire site, based on LDAP-determined characteristics of the particular corporate logged-on user ... and to prohibit access by the general public.   This enables you the security department to centrally limit the site only to authorized users.   This also enables your software to query to determine who the user is, and what the security department has designated that he is to be allowed to do.   Once again, CPAN packages have done all the dirty-work for you.

I myself made the embarrassing mistake of creating a home-made, “open web user” authentication system for a company web site ... before being politely and graciously told that, in the (one and only) internal context where the site would be deployed, my efforts were unnecessary.     Apache would use LDAP to protect the site-at-large, and simple LDAP queries (made by Perl modules ...) would thence handle authorization.   (“Oh ...”)   :*{