Re: Intranet / IIS?

George Ter-Saakov wrote:

Unfortunately it's not possible to do with one page. (there is a workaround
though).
Problem is that if page is not protected (anonymous disabled) then IIS will
not authenticate anyone.
If it's protected then IIS will attempt to authenticate everyone.

Hi George, thanks for your reply. I'm not really bothered about it
being for a single page, it would make more sense that the entire site
was protected. I had always assumed that the IIS/Windows way of
securing things would be better than developing my own login etc, plus
if the user is already logged in on the network/domain it kinda make
sense to use that (for this project at least). Is this the same as
"Forms" security/login in .net? I'm maybe getting confused between
all the options...

The spec of what I would be looking for would be:

a) external visitors to the network are challenged to login (ideally
in a Windows type of popup)
b) users of the network get in because they are "on" the network
etc...I would then pickup perhaps the Logon_User session variable to
display their NT name (SharePoint stylee)...

Make login.aspx not protected (anonymous enabled) and check for the IP
address if it's from within the network then redirect to login1.aspx which
is protected and IIS will NT authenticate person.

I see, but it would presumably require me to test as you mentioned for
the IP address, and I'd be looking for a 192.168 etc etc kinda range,
I'm guessing with the right tools someone could "spoof" their IP
address to appear as if they had a local IP address on my network?
Whilst they'd not get passed the firewall to do anything on the
servers, my web app might be compromised?

I'm surely not the first person thats wanted to do something like
this? I'm thinking of my 123-reg.co.uk account (domain name
registration thingy)...when I browse their site there's a link to
login (obviously they do have content that would be available to
people without accounts also - which I'd maybe not have for my
Intranet) - I click on login and I'm presented with the Windows
dialogue thingy to login, I enter my details and I'm in - sounds very
similar to what you've suggested, with regards to the two pages, one
area protected, one area not - but they're obviously not checking for
a local user.

Any more thoughts?

.

Relevant Pages

  • Re: Was told by DSL tech support that
    ... Network Setup Wizard"? ... PPPoE does not in itself require a login and password. ... PBI/SBC/AT&T wants the user to authenticate. ...
    (alt.internet.wireless)
  • Re: Directory.CreateDirectory - Could not find a part of the path
    ... > identity of the iis request thread. ... > if iis is setup with windows authenication, ... > access any network resource. ... >> impersonate to true and turning off anonymous login and using integrated ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Intranet / IIS?
    ... address to appear as if they had a local IP address on my network? ... Problem is that if page is not protected then IIS ... If it's protected then IIS will attempt to authenticate everyone. ... securing things would be better than developing my own login etc, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Clear login cache
    ... The server is connected to the network, the first time I login, it ... authenticate to the AD and cache the login. ...
    (microsoft.public.windows.server.general)
  • Digest Authentication Prompting Twice
    ... I have created a brand new intranet website using IIS 6.0 on a Win2003 ... authenticate all of the users that access this site against our domain's ... if I do not change any of the login information and just hit ...
    (microsoft.public.inetserver.iis.security)
Loading