Solved

Dual Security for the Site??

Posted on 2001-07-18
17
185 Views
Last Modified: 2008-02-01
Hi-
 I am working on a site which could be accessed internally by company employees and externally by clients.
 Here we want NT Authentication for internal users ie., no login page and login page for external users.
 Is it possible to have such a thing with IIS 4.0. If it is possible how can we implement that.
Thanks
Bhargava.
0
Comment
Question by:Bhargava
  • 7
  • 5
  • 5
17 Comments
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294524
Can't you use Basic Authentication for those external pages and give the NT permissions accordingly?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294586
Is the site located in the DMZ or on the Intranet located behind your FireWall?...

Where in your network structure is your site located?

What you will need to do is Require access through the firewall (VPN, Tunneling) for the externall customers and keep the site located behind your Firewall NOT in your DMZ.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294658
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Author Comment

by:Bhargava
ID: 6294670
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294672
> Some pages are common for external users and users who need to be NT Authenticated.

Then you can set both to Anonymous Authentication AND Basic Authentication.

<%
  if len(request.servervariables("LOGON_USER")) > 0 then
     'someone is authenticated
  else
     'user is not authenticated
  end if
%>

That is how you can decipher between the two.  :)
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294695
VPN or Tunneling wont help if the site is on the DMZ.

ThunderChickens solution will work for your senario.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294751
I observed that if Anonymous Authentication is ON IIS will never ask for userid and password.
It same as just having Anonymous Authentication alone.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294765
In order for them to be authenticated, you can make a page, say "login.asp" and set it only to Basic Authentication.  When they go to that page, it will force the login dialog box.  Upon a successful login, anytime you have a page with both Anonymous Authentication AND Basic Authentication, Request.ServerVariables("LOGON_USER") will always have their user name in it.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294789
Here the situation is we want to avoid the login page for internal users.
Is there a way to find out if the request is from internal or external?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294814
You can do a Request.ServerVarables("REMOTE_ADDRESS") and check for their IP and see if their IP Address is in your subnet.  If NOt then send them to the login in page.
0
 
LVL 11

Accepted Solution

by:
thunderchicken earned 100 total points
ID: 6294815
Find out the IP Address is within your internal network, say all your computers are 154.145.X.X

Then get their IP address with ("REMOTE_ADDR")

<%
  if mid(Request.ServerVariables("REMOTE_ADDR"),1,7) = "154.145" then
     'they are internal
  else
     'they are not internal
  end if
%>

You can find this out by going to the command prompt and type "ping <computername>" then it will display their IP Address in a X.X.X.X format where X is a number between 0 and 255.
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294828
Nice example ThunderChicken
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295034
I will try with REMOTE_ADDR got some hope.
mean while,
 when I am using Windows NT challenge response it works fine with IE.
 with NN it pops up a dialog and always says Authorization failed Retry? (even when I pass the domain/user_name and password correctly.
 why is this happening?

Thanks.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6295298
NT Challenge Response wont work with Netscape.  It's known and there isn't much you can do about it.  I think it's another Netscape vs. IE battle thing.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295390
Thanks  thunderchicken  and raizon.
who should get the points?

Thanks
Bhargava
0
 
LVL 5

Expert Comment

by:raizon
ID: 6295396
ThunderChicken should get the points.  He provided the solution.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295609
Thanks a lot.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question