Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Authentication forwarden to another IIS server.

Posted on 2003-11-20
9
185 Views
Last Modified: 2010-04-20
Hello, I've got an Apache Webserver where people are authenticated with PHP, MYSql. When a user is valid it can download files from another public IIS server. Access is denied when authentication is not valid on webserver 1.

I want people to download directly from the second server, because of the traffic.  In short, I grant people access to a server when they're authenticated on another.

Has anybody some suggestions how I could achieve this? Im prettty familiar with Apache, PHP, MySQL and stuff, but  I'm not so familiar with IIS.

Thanks for any help or suggestions.
0
Comment
Question by:Tommienbp
  • 4
  • 3
9 Comments
 
LVL 9

Expert Comment

by:fz2hqs
ID: 9786884
Sounds pretty bespoke so suspect there is nothing off the shelf. An idea:

Have all downloads go through some sort of asp / php page that page should do some negotiating with the apache server. Maybe your apache server would serve the link

http://iisserver.com/download.asp?userid=MYUSERID?file=MYFILE.DAT?IP=123.123.123.123

maybe some other parameters, you use the userid and ip to make a request to some sort of webservice on the Apache box - or better still directly to the MySQL database to confirm the bits are correct, then and only then you serve the data file. The ideal way of doing this on IIS is via an ISAPI  DLL however you will need to know something like C, VB or Delphi
0
 

Author Comment

by:Tommienbp
ID: 9786913
Hey fz2hqs thanks for your reply, but I think that would be too complicated.

Is there a way I could grant just one IP (the one of the apache server) access to the IIS Server? Then it would be easy. I could PHP get the files to the apache server and put them there somewhere for the authenticated user.

Only problem is the traffic for the apache server. I'd rather have them downloaded directly from the IIS Server.
0
 
LVL 9

Expert Comment

by:fz2hqs
ID: 9786956
You say it yourself that you are stuck in a catch 22 scenario. On one hand you want PHP on the apache server to manage everything, but you want to avoid the overhead of it being served.

A sanity check - Step back though and look at this another way, you are clearly worried about the Apache server gettin processor or memory bound which is why you are offloading this. This overhead really isn't that great, if you are worried about bandwidth then stop - it makes no odds what server it comes from, doubtless both have 10/100Mbps cards and are going to be bound by the restriction of the size of your link

0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:Tommienbp
ID: 9787151
It is more the extra costs of more bandwidth at my provider.
0
 
LVL 9

Expert Comment

by:fz2hqs
ID: 9787412
Then it makes no difference which server it comes from surely?
0
 

Author Comment

by:Tommienbp
ID: 9787500
Well, the other one is not mine. :) (p.s. I'm dutch ;) )
0
 
LVL 9

Accepted Solution

by:
fz2hqs earned 125 total points
ID: 9787888
I see - I assumed the two servers where physically in the same place.

Bar some clever coding I can not see a quick win for you. You could download or buy a cheap ISAPI filter that you can put on teh IIS Server that will make URL's unguessable i.e.

http://www.server.com/downloads/applications/client/install.exe
..might translate to..
http://www.server.com/asdjo893yh2h3ukh8ehfwa

It is not the exact solution you want, but will offer some amount of protection
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question