Solved

Dual Security for the Site??

Posted on 2001-07-18
17
186 Views
Last Modified: 2008-02-01
Hi-
 I am working on a site which could be accessed internally by company employees and externally by clients.
 Here we want NT Authentication for internal users ie., no login page and login page for external users.
 Is it possible to have such a thing with IIS 4.0. If it is possible how can we implement that.
Thanks
Bhargava.
0
Comment
Question by:Bhargava
  • 7
  • 5
  • 5
17 Comments
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294524
Can't you use Basic Authentication for those external pages and give the NT permissions accordingly?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294586
Is the site located in the DMZ or on the Intranet located behind your FireWall?...

Where in your network structure is your site located?

What you will need to do is Require access through the firewall (VPN, Tunneling) for the externall customers and keep the site located behind your Firewall NOT in your DMZ.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294658
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 2

Author Comment

by:Bhargava
ID: 6294670
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294672
> Some pages are common for external users and users who need to be NT Authenticated.

Then you can set both to Anonymous Authentication AND Basic Authentication.

<%
  if len(request.servervariables("LOGON_USER")) > 0 then
     'someone is authenticated
  else
     'user is not authenticated
  end if
%>

That is how you can decipher between the two.  :)
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294695
VPN or Tunneling wont help if the site is on the DMZ.

ThunderChickens solution will work for your senario.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294751
I observed that if Anonymous Authentication is ON IIS will never ask for userid and password.
It same as just having Anonymous Authentication alone.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294765
In order for them to be authenticated, you can make a page, say "login.asp" and set it only to Basic Authentication.  When they go to that page, it will force the login dialog box.  Upon a successful login, anytime you have a page with both Anonymous Authentication AND Basic Authentication, Request.ServerVariables("LOGON_USER") will always have their user name in it.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294789
Here the situation is we want to avoid the login page for internal users.
Is there a way to find out if the request is from internal or external?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294814
You can do a Request.ServerVarables("REMOTE_ADDRESS") and check for their IP and see if their IP Address is in your subnet.  If NOt then send them to the login in page.
0
 
LVL 11

Accepted Solution

by:
thunderchicken earned 100 total points
ID: 6294815
Find out the IP Address is within your internal network, say all your computers are 154.145.X.X

Then get their IP address with ("REMOTE_ADDR")

<%
  if mid(Request.ServerVariables("REMOTE_ADDR"),1,7) = "154.145" then
     'they are internal
  else
     'they are not internal
  end if
%>

You can find this out by going to the command prompt and type "ping <computername>" then it will display their IP Address in a X.X.X.X format where X is a number between 0 and 255.
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294828
Nice example ThunderChicken
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295034
I will try with REMOTE_ADDR got some hope.
mean while,
 when I am using Windows NT challenge response it works fine with IE.
 with NN it pops up a dialog and always says Authorization failed Retry? (even when I pass the domain/user_name and password correctly.
 why is this happening?

Thanks.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6295298
NT Challenge Response wont work with Netscape.  It's known and there isn't much you can do about it.  I think it's another Netscape vs. IE battle thing.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295390
Thanks  thunderchicken  and raizon.
who should get the points?

Thanks
Bhargava
0
 
LVL 5

Expert Comment

by:raizon
ID: 6295396
ThunderChicken should get the points.  He provided the solution.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295609
Thanks a lot.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
If-Then-Else ASP problem 6 67
ASP server side get value 15 39
Html form and modal / img src -problem 3 31
VBScript on Html 15 48
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question