Solved

Dual Security for the Site??

Posted on 2001-07-18
17
183 Views
Last Modified: 2008-02-01
Hi-
 I am working on a site which could be accessed internally by company employees and externally by clients.
 Here we want NT Authentication for internal users ie., no login page and login page for external users.
 Is it possible to have such a thing with IIS 4.0. If it is possible how can we implement that.
Thanks
Bhargava.
0
Comment
Question by:Bhargava
  • 7
  • 5
  • 5
17 Comments
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294524
Can't you use Basic Authentication for those external pages and give the NT permissions accordingly?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294586
Is the site located in the DMZ or on the Intranet located behind your FireWall?...

Where in your network structure is your site located?

What you will need to do is Require access through the firewall (VPN, Tunneling) for the externall customers and keep the site located behind your Firewall NOT in your DMZ.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294658
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294670
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294672
> Some pages are common for external users and users who need to be NT Authenticated.

Then you can set both to Anonymous Authentication AND Basic Authentication.

<%
  if len(request.servervariables("LOGON_USER")) > 0 then
     'someone is authenticated
  else
     'user is not authenticated
  end if
%>

That is how you can decipher between the two.  :)
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294695
VPN or Tunneling wont help if the site is on the DMZ.

ThunderChickens solution will work for your senario.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294751
I observed that if Anonymous Authentication is ON IIS will never ask for userid and password.
It same as just having Anonymous Authentication alone.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294765
In order for them to be authenticated, you can make a page, say "login.asp" and set it only to Basic Authentication.  When they go to that page, it will force the login dialog box.  Upon a successful login, anytime you have a page with both Anonymous Authentication AND Basic Authentication, Request.ServerVariables("LOGON_USER") will always have their user name in it.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:Bhargava
ID: 6294789
Here the situation is we want to avoid the login page for internal users.
Is there a way to find out if the request is from internal or external?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294814
You can do a Request.ServerVarables("REMOTE_ADDRESS") and check for their IP and see if their IP Address is in your subnet.  If NOt then send them to the login in page.
0
 
LVL 11

Accepted Solution

by:
thunderchicken earned 100 total points
ID: 6294815
Find out the IP Address is within your internal network, say all your computers are 154.145.X.X

Then get their IP address with ("REMOTE_ADDR")

<%
  if mid(Request.ServerVariables("REMOTE_ADDR"),1,7) = "154.145" then
     'they are internal
  else
     'they are not internal
  end if
%>

You can find this out by going to the command prompt and type "ping <computername>" then it will display their IP Address in a X.X.X.X format where X is a number between 0 and 255.
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294828
Nice example ThunderChicken
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295034
I will try with REMOTE_ADDR got some hope.
mean while,
 when I am using Windows NT challenge response it works fine with IE.
 with NN it pops up a dialog and always says Authorization failed Retry? (even when I pass the domain/user_name and password correctly.
 why is this happening?

Thanks.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6295298
NT Challenge Response wont work with Netscape.  It's known and there isn't much you can do about it.  I think it's another Netscape vs. IE battle thing.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295390
Thanks  thunderchicken  and raizon.
who should get the points?

Thanks
Bhargava
0
 
LVL 5

Expert Comment

by:raizon
ID: 6295396
ThunderChicken should get the points.  He provided the solution.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295609
Thanks a lot.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now