Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

security_asp thread: I hope this helps -uthentication with Intranet - Tony Santauro

Message #1 by "Santauro" <santauro@a...> on Thu, 11 Jul 2002 11:46:02 +1000
Dear Chris,

A couple of possibilities come to mind.....
1) Assign a static IP address to the intranet client computer in question
(as apposed to using the DHC Server to assign Dynamic IP addresses with the
network) and in the login ASP script which would normally provide a
username/password type challenge/response authentication, check the Request
Objects Server Variable "REMOTE_ADDR", and automatically compare with the
list of accepted IP addresses within the datastore.
I would imagine the script to follow these lines.

<html>
<head>
<title>loginPage</title>
</head>
<body>
<%
' BEFORE CHALLENGING THE USER, DETERMINE THE CLIENT IP ADDRESS AND COMPARE
WITH ACCEPTED IP ADDRESSES
clientIP = Request.ServerVariables("REMOTE_ADDR")

------ADO connection and record object Instantiation here ----

sql = "SELECT * FROM security WHERE testIP = " & clientIP & ";"

If NOT objRs.EOF then
	response.redirect("whereYouWantValidUserToGo.asp")
end If

' ELSE DISPLAY FORM
%>
<form name="loginForm" action="validateForm.asp" method="POST">

	<input type="text" name="username" value="" size="10" maxsize="10">
	<input type="password" name="password" value="" size="10" maxsize="10">
</form>
</body>
</html>

---------
I hope this helps, please tell me how you go. The second solution may be to
use cookies, but I don't like to use them, as they are easily deleted via
the 'delete offline content' option in the browser tools option menu.

regards,
Tony Santauro
Santauro Solutions santauro@a...
-----------------------------------

-----Original Message-----
From: Chris Wastchak [mailto:cwastchak@j...]
Sent: Wednesday, 10 July 2002 4:22 PM
To: Security_asp
Subject: [security_asp] NT Authentication with Intranet


I am designing an Intranet system and I am using the NT Challenge/Response
technique to authenticate users.  I am wondering if there is a way,
through NT or through ASP, to automatically authenticate the users to the
Intranet, without having to prompt for authentication, if they are already
logged into the server.  For example, if I log into the network when I get
to the office in the morning and then go to the Intranet site, while still
logged into the server, I do not want to have to authenticate.  However,
if I am at my house and try to access the Intranet via the Internet I want
it to prompt me for a username and password.  Is this possible?

Chris Wastchak
Information Technology Specialist
Community Action Inc.
105 Grace Way
Punxsutawney, PA 15767
cwastchak@j...

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy