Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Intranet / IIS?

Reply
Thread Tools

Intranet / IIS?

 
 
Rob Meade
Guest
Posts: n/a
 
      07-16-2007
Hi all,

This is a bit off topic I suspect, but I was hoping that most of you would
know the answer...

I want to have my IIS prompt for username/password credentials when a user
browses to the site externally, ie, not on my own network, but if they are
on the network (they would have already logged onto the domain) then they
should not be challenged.

I've been changing the security options but I seem to either get everyone
challenge (on and off of the lan) or no one challenged if I turn on
anonymous access...

Anyone got any URL's for configuring this or can offer some advice? I've
never tried this before as I've always allowed anonymous access and used the
server for development purposes only, now I want to build my own little
Intranet application (.net 2 - just to try and touch on relevance for this
group )...

Any help appreciated..

Regards

Rob


 
Reply With Quote
 
 
 
 
George Ter-Saakov
Guest
Posts: n/a
 
      07-16-2007
Unfortunately it's not possible to do with one page. (there is a workaround
though).
Problem is that if page is not protected (anonymous disabled) then IIS will
not authenticate anyone.
If it's protected then IIS will attempt to authenticate everyone.
------------------------------------------------
The workaround I came up with :

Make login.aspx not protected (anonymous enabled) and check for the IP
address if it's from within the network then redirect to login1.aspx which
is protected and IIS will NT authenticate person.


George.






"Rob Meade" <(E-Mail Removed)> wrote in message
news:uL%(E-Mail Removed)...
> Hi all,
>
> This is a bit off topic I suspect, but I was hoping that most of you would
> know the answer...
>
> I want to have my IIS prompt for username/password credentials when a user
> browses to the site externally, ie, not on my own network, but if they are
> on the network (they would have already logged onto the domain) then they
> should not be challenged.
>
> I've been changing the security options but I seem to either get everyone
> challenge (on and off of the lan) or no one challenged if I turn on
> anonymous access...
>
> Anyone got any URL's for configuring this or can offer some advice? I've
> never tried this before as I've always allowed anonymous access and used
> the server for development purposes only, now I want to build my own
> little Intranet application (.net 2 - just to try and touch on relevance
> for this group )...
>
> Any help appreciated..
>
> Regards
>
> Rob
>



 
Reply With Quote
 
 
 
 
Rob
Guest
Posts: n/a
 
      07-16-2007
George Ter-Saakov wrote:

> Unfortunately it's not possible to do with one page. (there is a workaround
> though).
> Problem is that if page is not protected (anonymous disabled) then IIS will
> not authenticate anyone.
> If it's protected then IIS will attempt to authenticate everyone.


Hi George, thanks for your reply. I'm not really bothered about it
being for a single page, it would make more sense that the entire site
was protected. I had always assumed that the IIS/Windows way of
securing things would be better than developing my own login etc, plus
if the user is already logged in on the network/domain it kinda make
sense to use that (for this project at least). Is this the same as
"Forms" security/login in .net? I'm maybe getting confused between
all the options...

The spec of what I would be looking for would be:

a) external visitors to the network are challenged to login (ideally
in a Windows type of popup)
b) users of the network get in because they are "on" the network
etc...I would then pickup perhaps the Logon_User session variable to
display their NT name (SharePoint stylee)...

> Make login.aspx not protected (anonymous enabled) and check for the IP
> address if it's from within the network then redirect to login1.aspx which
> is protected and IIS will NT authenticate person.


I see, but it would presumably require me to test as you mentioned for
the IP address, and I'd be looking for a 192.168 etc etc kinda range,
I'm guessing with the right tools someone could "spoof" their IP
address to appear as if they had a local IP address on my network?
Whilst they'd not get passed the firewall to do anything on the
servers, my web app might be compromised?

I'm surely not the first person thats wanted to do something like
this? I'm thinking of my 123-reg.co.uk account (domain name
registration thingy)...when I browse their site there's a link to
login (obviously they do have content that would be available to
people without accounts also - which I'd maybe not have for my
Intranet) - I click on login and I'm presented with the Windows
dialogue thingy to login, I enter my details and I'm in - sounds very
similar to what you've suggested, with regards to the two pages, one
area protected, one area not - but they're obviously not checking for
a local user.

Any more thoughts?

 
Reply With Quote
 
George Ter-Saakov
Guest
Posts: n/a
 
      07-19-2007
> I'm guessing with the right tools someone could "spoof" their IP
> address to appear as if they had a local IP address on my network?


Well, I do not see any problem with spoofing. It's not like you a letting
them in. They still have to pass NT Authentication.
So even if they guy smart enough to spoof IP he would fail NT Authentication
and go nowere.

George


"Rob" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> George Ter-Saakov wrote:
>
>> Unfortunately it's not possible to do with one page. (there is a
>> workaround
>> though).
>> Problem is that if page is not protected (anonymous disabled) then IIS
>> will
>> not authenticate anyone.
>> If it's protected then IIS will attempt to authenticate everyone.

>
> Hi George, thanks for your reply. I'm not really bothered about it
> being for a single page, it would make more sense that the entire site
> was protected. I had always assumed that the IIS/Windows way of
> securing things would be better than developing my own login etc, plus
> if the user is already logged in on the network/domain it kinda make
> sense to use that (for this project at least). Is this the same as
> "Forms" security/login in .net? I'm maybe getting confused between
> all the options...
>
> The spec of what I would be looking for would be:
>
> a) external visitors to the network are challenged to login (ideally
> in a Windows type of popup)
> b) users of the network get in because they are "on" the network
> etc...I would then pickup perhaps the Logon_User session variable to
> display their NT name (SharePoint stylee)...
>
>> Make login.aspx not protected (anonymous enabled) and check for the IP
>> address if it's from within the network then redirect to login1.aspx
>> which
>> is protected and IIS will NT authenticate person.

>
> I see, but it would presumably require me to test as you mentioned for
> the IP address, and I'd be looking for a 192.168 etc etc kinda range,
> I'm guessing with the right tools someone could "spoof" their IP
> address to appear as if they had a local IP address on my network?
> Whilst they'd not get passed the firewall to do anything on the
> servers, my web app might be compromised?
>
> I'm surely not the first person thats wanted to do something like
> this? I'm thinking of my 123-reg.co.uk account (domain name
> registration thingy)...when I browse their site there's a link to
> login (obviously they do have content that would be available to
> people without accounts also - which I'd maybe not have for my
> Intranet) - I click on login and I'm presented with the Windows
> dialogue thingy to login, I enter my details and I'm in - sounds very
> similar to what you've suggested, with regards to the two pages, one
> area protected, one area not - but they're obviously not checking for
> a local user.
>
> Any more thoughts?
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Client can't access Remote Intranet DonteK Cisco 3 04-07-2006 09:25 PM
How can I failover an intranet connection to the internet lenny Cisco 7 02-07-2005 05:50 AM
Intranet training anonymous Microsoft Certification 2 09-18-2004 10:59 PM
Broadband and Cisco intranet Walter Roberson Cisco 2 07-07-2004 10:09 PM
Intranet reachable wireless Gerhard Nowak Wireless Networking 0 06-25-2004 07:37 PM



Advertisments