I want to restrict my intranet users in such a way that I provide them userId & password of websites (such as LinkedIn, Facebook, Gmail, Twitter etc) only these logins should be allowed.
If any user tries to use another userID then it should block all such users to access above mentioned websites.
I am not sure how this should be achieved. But here I am trying to develop a web application using Asp.net that will Log-In to websites with default credentials & save the session cookies in browser then user will be redirected to relative website, which will have user session in cookies. Also I'll block Login page of websites for rest of users/systems on CC Proxy.
Please guide me in right direction.
Thanks
I think DNS will be a bad option for you, it will be easy to bypass and you could not redirect specific web page.
I think the answer to your question will be proxy, with proxy you will be able to supervise thier web actions completely.
They will still be able to bypass it but I believe it will be hard enough
Related
We have an external SharePoint site that needs to be accessible to our intranet users and a select few users over the internet. The SharePoint site is on a separate domain from our intranet, but that separate domain trusts the intranet, so internal user's credentials work with the SharePoint site. As long as I have the trust settings in their browser, they will be automatically authenticated on the site.
The problem is external users. They also have accounts, but on our external network. By default they will receive a challenge/response pop up from the browser, and since they are not technically logged into the network they have to enter their credentials. I would like to be able to present them with a nice form instead of the challenge/response box. But I do not want to force internal users to have to type anything at all.
Is there a way to simply replace the pop up with a redirection to a form I can control? Everyone has to be authenticated, and in the end it is all windows authentication, I just want to control what people type into, but preserve single-sign on.
I know you can probably do this with multiple entry points into the application etc, but i was hoping to keep it simple.
I believe what you want is "Forms Authentication" in IIS. It should work the same way that you described, but allows you to specify a page to redirect to. I don't know the details, but you could try reading up on it here:
http://technet.microsoft.com/en-us/library/cc771077(v=ws.10).aspx
Its not an original question. There is already a batch of articles describing this problem and solution for it. They all are dated back to times of .Net Framework 1.1 and IIS 6.0 and are not really helping with all the membership and role providers stuff we have nowadays. But lets get closer to the problem.
The problem is short.
You have an intranet site using Windows authentication and it works just fine. All you want is to give access to this site to users from their homes and to users who don`t have Windows based workstation.
Duplicate the whole site would be cumbersome because all the application except Login part would work well just if appropriate information would be saved in cookie on Login step.
You are welcome with any suggestions.
You don't say if internal users are authenticated or not, so, as it's an intranet I'm going to assume they are, via integrated authentication.
The simplest way would be to leave it as is, and turn on digest authentication if you are in a domain environment in addition to integrated authentication - this would prompt users not on the intranet with a username/password popup and they can login with their domain credentials.
If you don't have a domain - then how is it an intranet site? How are users authenticated? If you're in a workgroup scenario, where users have login details on their own box, and login details on the intranet server (in which case moving to AD would be better all round - no need to keep the passwords in sync, or deactivate user accounts in multiple places when people leave) then mixing Integrated authentication with Basic Authentication would do the same thing - however if you're going to use Basic Authentication then you will need to add an SSL certificate to the site to stop usernames and passswords being sniffed - Basic Authentication sends them in plain text.
Well, what you could consider is if you can use Active Directory, there is a provider to use the AD store for security, that would work for both.
HTH.
First let me explain the problem:
I have a little portal that any user from the internet can access.This portal is responsible only for the user authentication against a DB.If user is validated than the portal shows a list of links where they redirect to multiple web sites(this sites are in various coding languages like PHP,ASP.net and Java). If the user input the url off a web site directly on the browser, the user can access the website.I want the multiple sites can only be viewed if the page request came from the portal and not directly inputed n browser.
I have local server with IIS 6, and the portal and websites are in this server.
Can anyone help?
Thanks in advance.
Gabe
If possible , host those applications as Virtual Directories under your authentication application and restrict access to only authenticated users, this shall solve the problem.
I don't know if you are able to do this, but you could try this with an ISA/Forefront server.
You can configure this to do the redirecting for you if someone enters the website url. This way users will need to authenticate themselves and you can let ISA or FF handle the authentication part.
This is implemented a lot for OWA, but can also be used for other purposes (I've done this for several SharePoint solutions).
Of course you do need an extra server, licences and all that stuff.
Don't know how you can pull something like this with only IIS. Perhaps with some IIS Modules, but I haven't got any experience with that kind of stuff, so don't know for sure.
I have a sharepoint webpart where I have links to go to different web sites to which login is required. Therefore, I think i need to log the users on before redirect them into deep pages in that site, therefore I think i need to set up a cookie to that web site when the web part is loaded (by using the user credentials of the user's active directory information).
How can I achieve this requirement with out opening up a new browser window? (Though I have used a client side script, it pops up a new browser window)
Any help is highly appreciable...
Thanks
If you are referring to "different web sites" as sites having completely different URL's, then it's probably not possible without SSO system.
The reason is that it's impossible to read/write cookies from other domain in web environment, i.e. pre-login the users like you are saying.
If all the sites are inside same domain, like mycompany.com for example, and different sites are in abc.mycompany.com or mycompany.com/subsite, then yes, you can set the cookie. See top section here http://www.15seconds.com/issue/971108.htm
A simple way to implement SSO is by implementing method described later on in same article.
in the "Requesting Cookie from Another Domain". This is not a very secure method though, but can be done if you restrict it properly to specific slave domains. And obviously all the slave sites have to be modified, as with any SSO implementation.
We have a scenario whereby we are hosting an ASP.NET MVC web site on behalf of someone else.
The customer in this case wants us to restrict access to the web site, to those users who have logged in to their main portal. They should then only be able to get to our web site via a link from that portal.
At this point I'm not yet sure what technology or authentication mechanism the 3rd party are using but just wanted to clarify what the possible options might be.
If we call our hosted site B, and their portal web site A,as I see it we could:
Check the referrer for all requests to B, unless they've come from A they can't get in
Check for a specific cookie (assuming A uses cookies)
I'm sure there are other options, anyone any ideas?
Check the referrer for all requests to B, unless they've come from A they can't get in
Can be faked, but most normal users won't do it.
Check for a specific cookie (assuming A uses cookies)
Ask them to embed in their portal some code portion from your site. This way visiting their portal will resulting in you setting a cookie for your domain. Then you can easily read it later.
One more thing to mention. If you're talking about public sites, then it will suffice for a search engine to somehow discover these hidden urls once, after which the game is over. It will index the pages and keep a cache of it. You may want to consider including some noindex/nocache meta tags in these pages.
But seriously, if you wish to have it done properly and secure, you're going to need some form of shared user authentication that that portal and your site both support.
The solutions you have posted are not secure.
In case this is an enterprise application with real requirements for security, you may want to look at some single sign-on solutions.
List of single sign-on implementations