Please see my comment to the question.
Now, how do you think: what is the multi-tier architecture for? Let's follow the simple logic: you mentioned both SQL server and ASP.NET in your question tags. It means that you can have your database server, HTTP server and customers on at least three different tiers. The
multi-tier architecture allows you to isolate the user from direct access to the database server(s). Even if you, by some reason, keep the database server, the database, and the HTTP server on the same physical host, they should be different tiers.
That way, on the user tier, the users should have access even to their own data not directly through the database server, but through your ASP.NET site. All the data is handled internally in the code behind on server-side host. Everything would be standard here: authentication, different permissions for different account, and special administration accounts where you can have access to user permissions and all related attributes, including expiration days.
—SA