Improve company productivity with a Business Account.Sign Up

x
?
Solved

IIS: Multiple user recognition behid one IP

Posted on 2016-08-25
2
Medium Priority
?
139 Views
Last Modified: 2016-08-29
Hi experts,

I need your help.

I have to deploy a website with content protected by two-factor authentication access. The solution bought for 2FA is Fortigate 50E with Fortitoken.

The process is as follows:
1.The user types the website address is the browser
2.Fortigate asks for username and password
3.Fortigate asks for token code
4.Browser displays the website.

The problem is that different content have to be displayed to different users so the user must be authenticated somehow. For best user experience this must be done without prompting again for credentials. So I must have user authenticated by fortigate with autologin to the website.

No matter if I use fortigate local user or windows local user with radius I cannot be sure who is the user behind the IP

I have Fortigate Logs, NPS Radius logs so I can match username and IP for autologin but I cannot recognize two users connecting from one IP.

Do you have any ideas about how to recognize the user requesting access to the IIS without prompting for credentials again?

Thanks in advance guys!
0
Comment
Question by:Peter Virovski
2 Comments
 
LVL 61

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 41769930
It sounds like you've set up the fortigate to require authentication before the website is ever accessed. If that is so, there is no way to accomplish all of your goals.

You would, instead, want to have fortigae allow access anonymously, then configure IIS to require authentication, either using fortigate as an external RADIUS server or using frigate APIs. The specifics would be application specific. The end result would be IIS having enough information (usually cookie driven) to differentiate users independent of their requesting IP address.
0
 

Author Closing Comment

by:Peter Virovski
ID: 41774653
Thank you Cliff, I'll see if changing the setup is applicable or will just ask for username again.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Following on from our article on "The Murky World of Consent and opt in", we thought we would issue some helpful guidance, not only on consent itself but knowing what information you are capturing, what you are doing with this data and how you can p…
In short, I will be giving a guide on how to install UNMS on a virtual machine in hyper-v and change the default port for security (you don’t need to have a server, since Windows 10 supports hyper-v)
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question