Solved

IIS: Multiple user recognition behid one IP

Posted on 2016-08-25
2
89 Views
Last Modified: 2016-08-29
Hi experts,

I need your help.

I have to deploy a website with content protected by two-factor authentication access. The solution bought for 2FA is Fortigate 50E with Fortitoken.

The process is as follows:
1.The user types the website address is the browser
2.Fortigate asks for username and password
3.Fortigate asks for token code
4.Browser displays the website.

The problem is that different content have to be displayed to different users so the user must be authenticated somehow. For best user experience this must be done without prompting again for credentials. So I must have user authenticated by fortigate with autologin to the website.

No matter if I use fortigate local user or windows local user with radius I cannot be sure who is the user behind the IP

I have Fortigate Logs, NPS Radius logs so I can match username and IP for autologin but I cannot recognize two users connecting from one IP.

Do you have any ideas about how to recognize the user requesting access to the IIS without prompting for credentials again?

Thanks in advance guys!
0
Comment
Question by:Peter Virovski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 41769930
It sounds like you've set up the fortigate to require authentication before the website is ever accessed. If that is so, there is no way to accomplish all of your goals.

You would, instead, want to have fortigae allow access anonymously, then configure IIS to require authentication, either using fortigate as an external RADIUS server or using frigate APIs. The specifics would be application specific. The end result would be IIS having enough information (usually cookie driven) to differentiate users independent of their requesting IP address.
0
 

Author Closing Comment

by:Peter Virovski
ID: 41774653
Thank you Cliff, I'll see if changing the setup is applicable or will just ask for username again.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question