Dual Security for the Site??

Hi-
 I am working on a site which could be accessed internally by company employees and externally by clients.
 Here we want NT Authentication for internal users ie., no login page and login page for external users.
 Is it possible to have such a thing with IIS 4.0. If it is possible how can we implement that.
Thanks
Bhargava.
LVL 2
BhargavaAsked:
Who is Participating?
 
thunderchickenConnect With a Mentor Commented:
Find out the IP Address is within your internal network, say all your computers are 154.145.X.X

Then get their IP address with ("REMOTE_ADDR")

<%
  if mid(Request.ServerVariables("REMOTE_ADDR"),1,7) = "154.145" then
     'they are internal
  else
     'they are not internal
  end if
%>

You can find this out by going to the command prompt and type "ping <computername>" then it will display their IP Address in a X.X.X.X format where X is a number between 0 and 255.
0
 
thunderchickenCommented:
Can't you use Basic Authentication for those external pages and give the NT permissions accordingly?
0
 
raizonCommented:
Is the site located in the DMZ or on the Intranet located behind your FireWall?...

Where in your network structure is your site located?

What you will need to do is Require access through the firewall (VPN, Tunneling) for the externall customers and keep the site located behind your Firewall NOT in your DMZ.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
BhargavaAuthor Commented:
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
BhargavaAuthor Commented:
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
thunderchickenCommented:
> Some pages are common for external users and users who need to be NT Authenticated.

Then you can set both to Anonymous Authentication AND Basic Authentication.

<%
  if len(request.servervariables("LOGON_USER")) > 0 then
     'someone is authenticated
  else
     'user is not authenticated
  end if
%>

That is how you can decipher between the two.  :)
0
 
raizonCommented:
VPN or Tunneling wont help if the site is on the DMZ.

ThunderChickens solution will work for your senario.
0
 
BhargavaAuthor Commented:
I observed that if Anonymous Authentication is ON IIS will never ask for userid and password.
It same as just having Anonymous Authentication alone.
0
 
thunderchickenCommented:
In order for them to be authenticated, you can make a page, say "login.asp" and set it only to Basic Authentication.  When they go to that page, it will force the login dialog box.  Upon a successful login, anytime you have a page with both Anonymous Authentication AND Basic Authentication, Request.ServerVariables("LOGON_USER") will always have their user name in it.
0
 
BhargavaAuthor Commented:
Here the situation is we want to avoid the login page for internal users.
Is there a way to find out if the request is from internal or external?
0
 
raizonCommented:
You can do a Request.ServerVarables("REMOTE_ADDRESS") and check for their IP and see if their IP Address is in your subnet.  If NOt then send them to the login in page.
0
 
raizonCommented:
Nice example ThunderChicken
0
 
BhargavaAuthor Commented:
I will try with REMOTE_ADDR got some hope.
mean while,
 when I am using Windows NT challenge response it works fine with IE.
 with NN it pops up a dialog and always says Authorization failed Retry? (even when I pass the domain/user_name and password correctly.
 why is this happening?

Thanks.
0
 
thunderchickenCommented:
NT Challenge Response wont work with Netscape.  It's known and there isn't much you can do about it.  I think it's another Netscape vs. IE battle thing.
0
 
BhargavaAuthor Commented:
Thanks  thunderchicken  and raizon.
who should get the points?

Thanks
Bhargava
0
 
raizonCommented:
ThunderChicken should get the points.  He provided the solution.
0
 
BhargavaAuthor Commented:
Thanks a lot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.