• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 130
  • Last Modified:

IIS: Multiple user recognition behid one IP

Hi experts,

I need your help.

I have to deploy a website with content protected by two-factor authentication access. The solution bought for 2FA is Fortigate 50E with Fortitoken.

The process is as follows:
1.The user types the website address is the browser
2.Fortigate asks for username and password
3.Fortigate asks for token code
4.Browser displays the website.

The problem is that different content have to be displayed to different users so the user must be authenticated somehow. For best user experience this must be done without prompting again for credentials. So I must have user authenticated by fortigate with autologin to the website.

No matter if I use fortigate local user or windows local user with radius I cannot be sure who is the user behind the IP

I have Fortigate Logs, NPS Radius logs so I can match username and IP for autologin but I cannot recognize two users connecting from one IP.

Do you have any ideas about how to recognize the user requesting access to the IIS without prompting for credentials again?

Thanks in advance guys!
0
Peter Virovski
Asked:
Peter Virovski
1 Solution
 
Cliff GaliherCommented:
It sounds like you've set up the fortigate to require authentication before the website is ever accessed. If that is so, there is no way to accomplish all of your goals.

You would, instead, want to have fortigae allow access anonymously, then configure IIS to require authentication, either using fortigate as an external RADIUS server or using frigate APIs. The specifics would be application specific. The end result would be IIS having enough information (usually cookie driven) to differentiate users independent of their requesting IP address.
0
 
Peter VirovskiAuthor Commented:
Thank you Cliff, I'll see if changing the setup is applicable or will just ask for username again.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now