How can I restrict access to my web application to only certain PC's

I have an ASP.NET application on a windows server 2003 using IIS 6.0 I have clients that only want certain employees to have access outside of their office. It is a web based application that is not on the clients server, it is on mine. I started down the path of using Certificates, but I can only find good information regarding intranet based or internal network restrictions using Certificates. I would prefer a solutions like this as I don't want to try to manage a list of IP addresses to restrict or allow access to as since most if not all of my clients will not have static IP Addresses. I welcome any Ideas that are not too cumbersome to manage and not too expensive. Thank you, Keith
jonesy_33Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
Certificates will be almost as unwieldy as IPs.  Your best bet might be to implement a login and keep a list of users/passwords with access.
0
jonesy_33Author Commented:
I do have a login but that will not keep users from logging in from outside of the office and where it gets more convoluted is my clients want some users to be able to access the application from home and others not to be able to login to the application from home.
0
Paul MacDonaldDirector, Information SystemsCommented:
You can capture the gateway IP from the work network and use that to filter users that have permissions to log in from home.  That way you only have to keep track of one IP address, but you'll need a flag in your user table that indicates a person is allowed to log in from home.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

jonesy_33Author Commented:
I would still have to require my clients to have a static IP. I am more interested in a solution like the certificates where they have to have a certificate on their pc to access the applicatio logo page
0
Paul MacDonaldDirector, Information SystemsCommented:
The only IP you would need to track is the external IP of the main office (unless there's more than one).  I'd bet that IP rarely changes.  Anyone coming from that IP just logs in.  Anyone not coming from that IP has to be flagged as being allowed to log in from home.
The problem with certificates is you have to have an infrastructure to maintain them.  I'm just sayin'.
Good luck, whatever you decide to do.
0
jonesy_33Author Commented:
Could it be done using dynamic dns? Then I wouldn't have to worry about the dhcp. If so do you have any examples?
0
WaKkO_Commented:
You can restrict the website with username password authentication.  You can integrate an authentication module in your website or enable HTTP Authentication in IIS:

http://support.microsoft.com/kb/324274
0
jonesy_33Author Commented:
Wakko, how is that going to help me restrict certian users logging into my application from home? We already require username and password to get into the application, but that doesn't restrict users from being able to access it from any browser they want to. I need to restrict a subset of users to only accessing the application from the office and a different subset to access it from any browser.
0
yasserdCommented:
Certificate are good. Check this guide it should help you:
http://www.iisadmin.co.uk/?p=11
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jonesy_33Author Commented:
yasserd,

I agree the the certificates are my solution, but I am a novice at implementing them do you have any other articles regarding issuing the client certificates? I can create a certificate using Certificate Authority on my 2003 server, but I have yet to be able to get it to work. If you know of any step by step articles on creating server cert and client cert I would really appreciate it. I found a few good articles on creating certificates for an internal network solution, but my clients will not be in my domain so I would need a guide on how to create the certificates for any web user.

0
jonesy_33Author Commented:
Yasserd,

I worked through the guide from the link that you sent me and it worked out. Thank you
0
yasserdCommented:
You're welcome Keith. Glad I could help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.