Solved

IIS: Multiple user recognition behid one IP

Posted on 2016-08-25
2
60 Views
Last Modified: 2016-08-29
Hi experts,

I need your help.

I have to deploy a website with content protected by two-factor authentication access. The solution bought for 2FA is Fortigate 50E with Fortitoken.

The process is as follows:
1.The user types the website address is the browser
2.Fortigate asks for username and password
3.Fortigate asks for token code
4.Browser displays the website.

The problem is that different content have to be displayed to different users so the user must be authenticated somehow. For best user experience this must be done without prompting again for credentials. So I must have user authenticated by fortigate with autologin to the website.

No matter if I use fortigate local user or windows local user with radius I cannot be sure who is the user behind the IP

I have Fortigate Logs, NPS Radius logs so I can match username and IP for autologin but I cannot recognize two users connecting from one IP.

Do you have any ideas about how to recognize the user requesting access to the IIS without prompting for credentials again?

Thanks in advance guys!
0
Comment
Question by:Peter Virovski
2 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 41769930
It sounds like you've set up the fortigate to require authentication before the website is ever accessed. If that is so, there is no way to accomplish all of your goals.

You would, instead, want to have fortigae allow access anonymously, then configure IIS to require authentication, either using fortigate as an external RADIUS server or using frigate APIs. The specifics would be application specific. The end result would be IIS having enough information (usually cookie driven) to differentiate users independent of their requesting IP address.
0
 

Author Closing Comment

by:Peter Virovski
ID: 41774653
Thank you Cliff, I'll see if changing the setup is applicable or will just ask for username again.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now