?
Solved

Dual Security for the Site??

Posted on 2001-07-18
17
Medium Priority
?
189 Views
Last Modified: 2008-02-01
Hi-
 I am working on a site which could be accessed internally by company employees and externally by clients.
 Here we want NT Authentication for internal users ie., no login page and login page for external users.
 Is it possible to have such a thing with IIS 4.0. If it is possible how can we implement that.
Thanks
Bhargava.
0
Comment
Question by:Bhargava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 5
17 Comments
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294524
Can't you use Basic Authentication for those external pages and give the NT permissions accordingly?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294586
Is the site located in the DMZ or on the Intranet located behind your FireWall?...

Where in your network structure is your site located?

What you will need to do is Require access through the firewall (VPN, Tunneling) for the externall customers and keep the site located behind your Firewall NOT in your DMZ.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294658
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:Bhargava
ID: 6294670
thunderchicken:
 There are some admin pages which are in a seperate dir. and have NT Authentication.
 Some pages are common for external users and users who need to be NT Authenticated.
 I mean we do not want to show the login page for internal users.

raizon:
 Site is on DMZ. I need more info on VPN and Tunneling. How will that help in this scenario.

Thanks
Bhargava
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294672
> Some pages are common for external users and users who need to be NT Authenticated.

Then you can set both to Anonymous Authentication AND Basic Authentication.

<%
  if len(request.servervariables("LOGON_USER")) > 0 then
     'someone is authenticated
  else
     'user is not authenticated
  end if
%>

That is how you can decipher between the two.  :)
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294695
VPN or Tunneling wont help if the site is on the DMZ.

ThunderChickens solution will work for your senario.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294751
I observed that if Anonymous Authentication is ON IIS will never ask for userid and password.
It same as just having Anonymous Authentication alone.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6294765
In order for them to be authenticated, you can make a page, say "login.asp" and set it only to Basic Authentication.  When they go to that page, it will force the login dialog box.  Upon a successful login, anytime you have a page with both Anonymous Authentication AND Basic Authentication, Request.ServerVariables("LOGON_USER") will always have their user name in it.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6294789
Here the situation is we want to avoid the login page for internal users.
Is there a way to find out if the request is from internal or external?
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294814
You can do a Request.ServerVarables("REMOTE_ADDRESS") and check for their IP and see if their IP Address is in your subnet.  If NOt then send them to the login in page.
0
 
LVL 11

Accepted Solution

by:
thunderchicken earned 400 total points
ID: 6294815
Find out the IP Address is within your internal network, say all your computers are 154.145.X.X

Then get their IP address with ("REMOTE_ADDR")

<%
  if mid(Request.ServerVariables("REMOTE_ADDR"),1,7) = "154.145" then
     'they are internal
  else
     'they are not internal
  end if
%>

You can find this out by going to the command prompt and type "ping <computername>" then it will display their IP Address in a X.X.X.X format where X is a number between 0 and 255.
0
 
LVL 5

Expert Comment

by:raizon
ID: 6294828
Nice example ThunderChicken
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295034
I will try with REMOTE_ADDR got some hope.
mean while,
 when I am using Windows NT challenge response it works fine with IE.
 with NN it pops up a dialog and always says Authorization failed Retry? (even when I pass the domain/user_name and password correctly.
 why is this happening?

Thanks.
0
 
LVL 11

Expert Comment

by:thunderchicken
ID: 6295298
NT Challenge Response wont work with Netscape.  It's known and there isn't much you can do about it.  I think it's another Netscape vs. IE battle thing.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295390
Thanks  thunderchicken  and raizon.
who should get the points?

Thanks
Bhargava
0
 
LVL 5

Expert Comment

by:raizon
ID: 6295396
ThunderChicken should get the points.  He provided the solution.
0
 
LVL 2

Author Comment

by:Bhargava
ID: 6295609
Thanks a lot.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question