[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Need to Identify Users Domain in an ASP.net Webpage...

    I have an asp.net webpage that is used for my company both internally and externally. Users have usernames/passwords that are stored in tables in our sql database but not all users exist in active directory. Because of this, the website is using anonymous authentication and identity impersonate is set to true.
     I am needing to determine whether the user is internal or external and the way I was hoping to do so was to determine what domain their pc is on (with something like Request.LogonUserIdentity.Name). After lots of searching and trying, it looks to me that unless I change both my website and IIS to use basic authentication or higher (digest, windows, etc.), then that information is not available to me (meaning Request.LogonUserIdentity.Name will return nothing or server information instead of client information). It also seems to me that if I change to basic, digest, or windows authentication, then all users of my website have to exist in active directory, which is not possible in my situation.
     I then thought I might be able to get some sort of browser information (like homepage) with request.browser... to try and differentiate our internal pcs (since we set their homepage to our intranet), but it seems this is also not possible.
     So, I am wondering if there are any other ways for me to differentiate between a computer that is internal (on our domain) and a computer that is external (not on our domain). Any ideas would be appreciated.
0
footpaul
Asked:
footpaul
  • 5
  • 3
4 Solutions
 
serchlopCommented:
Maybe you can use the Request.ServerVariables (server_variable) with Request.ServerVariables("remote_addr")

This would give the internal IP for your LAN network segment and the public Internet IP address for a request from internet.

You can try it.
0
 
footpaulAuthor Commented:
When I try Request.ServerVariables("remote_addr").ToString, it returns 127.0.0.1 which from searching around, looks like the default loopback ip address and I get that whether the machine is internal or external.
0
 
madginoCommented:
Maybe this will help, basically you setup a site with windows authentication and redirect external users with a custom IIS 401 error page to a site with forms authentication:

http://msdn.microsoft.com/en-us/library/ms972958.aspx
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
footpaulAuthor Commented:
That would still require changing from anonymous authentication which I am hoping to avoid if possible.
0
 
madginoCommented:
Obviously this is not possible, if you have anonymous authentication it means that the browser will do no authentication at all and the current user will be 'anonymous' all the time.

Still do you have the same user that can be both external and internal? If not can't you have a flag in db for each user to tell if it's external or not?
0
 
footpaulAuthor Commented:
That's what I was afraid of. I guess I am just trying to verify that my only option to accomplish this would be to use a higher level of authentication. I have users who may have both internal and external logins, and what I am trying to accomplish is if they are logging in internally (i.e. on a pc on the company doamin), they have to login with the internal login and cannot login with their external login. There is no way to get the computer name or domain name using javascript is there?
0
 
footpaulAuthor Commented:
I found a way using javascript with activex objects to get the computername/username (although I haven't yet been able to get the domain name). It will require adding my site to the trusted sites in IE and changing 1 activex option but since we are only concerned with the pc's on our domain, we should be able to set these settings for our pc's. I'll attach the javascript code in case it's of any use to anyone else.
addLoadEvent(function () 
{
    var wshshell=new ActiveXObject("wscript.shell");
    var username = wshshell.ExpandEnvironmentStrings("%computername%");
    document.getElementById('lblComputerName').innerHTML = username;
}

Open in new window

0
 
footpaulAuthor Commented:
While madgino's suggestions were a possible solution, they also involved changing settings I stated I did not wish to change. In the end, I found another way around my issue and posted my own solution.
0
 
madginoCommented:
It's fine by me, thanks for the points
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now