Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Forms Authentication (using IP and login page)

Posted on 2009-05-13
10
Medium Priority
?
377 Views
Last Modified: 2012-08-13
I have asked this question before, but maybe not as clear as I should have, I'm going to try again with hopes someone has done this before.

Scenario:
I have a website that has 2 different protected areas. Access to these areas (folders) could happen 2 different ways. 1. IP authentication or 2. logging in with username and password.

I built a custom membership and custom role provider. I can get the users role whether they come in through the login form or via IP and give them access to the proper folders.

The problem occurs when they hop between the 2 folders.  The user could be at work and gain access to a folder via the work IP address, but then go over to the other protected area and have to login with their personal username and password (the IP role comes from the company record in the table and the username and password role comes from the users record)

So the problem is when they hop back and forth. For example user goes to folder 1 and is prompted to login. A forms authentication cookie is established and the role is gathered and I allow them access to the page. Now the user (already authenticated) goes over to the other folder where they have an IP subscription from their work record, but because their previous authentication doesn't have the correct role (only have their personal role) they get kicked over to the login page. They don't have a username and password because they have IP access.

Any ideas? Am I explaining this right?
0
Comment
Question by:flukester
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24463810
Hi flukester,

I'm confused.  Do you want them to be able to hop or not?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24464584
can't you detect their status and allow and warn them that they are logged in as roleA and give them a logout link?
0
 
LVL 1

Expert Comment

by:mdiehly64
ID: 24467244
How do you track, as they move between pages in a certain area, whether or not they have access to that area?

It seems you may need another layer of abstraction that controls authentication and access.  Each time a user tries to access a content area, this layer checks to see if they have access to that area, whether they authenticated via IP or username/password.  This layer would control the flow of each movement throughout the site and could be placed as an include in the top of each page.  The actual code would only exist in one place.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:flukester
ID: 24467895
Jason, yes I want them to be able to hop around, but they currently can't. Basically I need to have 2 authentication cookies, 1 if they come in via IP and one if they login and have both cookies active at the same time. The problem occurs if they first go to a username/password section and get authenticated that way, how am I supposed to check the IP if they are already authenticated. I can't do it on page load b/c I end up in a never ending loop.

mplungian, I could give them their status, but these customers don't know what role(s) they are or should be.

mdiehly64, I don't track via code on a page. Using the built in forms authentication piece it's all tracked via cookie. They get access based on their role(s) which is based off their username when they login or their IP if they come in that way.  I like your idea, just not sure how to implement it? Any ideas.

I can post code tomorrow when I get back to the office.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24470768
I agree with mdiehly64...you need another layer here.

Set a cookie or session whenever someone successfully authenticates via one method or the other and then have both scripts check for the presence of that cookie.  If it exists, bypass the normal login.
0
 

Accepted Solution

by:
flukester earned 0 total points
ID: 24477810
Does this make sense to you guys. I think I have it working. In the page load event I call a checkIP procedure if the user is not authenticated or if they don't have an IP cookie.

The checkIP procedure will authenticate the user and create an IP cookie.

Then if they go to a login/password area I create another cookie to delete the IP cookie. That way if/when they go back to the IP area the checkIP procedure is run again because of the logic in the page load.

See any holes with this setup?
0

Featured Post

How to Create Failover DNS Record Sets in Route 53

Route 53 has the ability to easily configure DNS record sets specifically for failover scenarios. These failover record sets can be configured to failover to full-blown deployments in other regions or to a static HTML page that informs your customers of the issue.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question