I have some intranet pages that require authentication. Recently, we registered a subdomain so the pages can be accessed outside our network. Ex, ourserver.ourcompany.com.

Previously, we accessed the page like this http://servername/page.aspx. Now this won't work. This will give a not authorized error message. Why is this? I can access the page like this, http://ourserver.ourcompany.com/page.aspx. However, they will get a login dialog. Previously, I was able to look at User.Identity.Name and use that to authenticate without the use of a dialog.

I've played a bit with different settings and cannot get what I want.

This is what I want.

1. If they access the page from their office pc, automatically authenticate and allow access.
2. If they access the page from somewhere else have a login dialog popup.

Can someone help?


Thanks,

For internal and external usage with differend authentication shemes, the most common approach is to use two different URL's....

That'll by annoying having to maintain two copies of each page. However, that doesn't answer my question of how to setup the authentication. I still cannot figure out how to get the user name of the user.

I'm assuming typing in the registered domain name causes the request to go through our firewall which (I assume removes the user name from the request). Is there a way to stop this and keep the user name in the request?

Maybe, the best approach is to leave it how it is and figure out how to get it to work if internally we type the server name. As I said before, since we registered the subdomain, that gives an not authorised error. Previously, that worked and I was able to get the user name from User.Identity.Name.

Hmm, with what I know I could solve this by using two servers. One with a registered domain name and one without. However, I only have one server.

Also, the purpose of outside access is to allow employees to access data from home. So I would really like them to type the same address from both home and work.


Thanks,

If the client machine is signed into your domain, you can use Windows Authenticatio. If it is not, you cant. You must choose an alternative (typically Forms, but X.509 is also common - try to avoid custom, it is very difficult to implement properly).

Also I never said anything about having two copies of ANYTHING, much less of each page...

For the reading impared....


the most common approach is to use two different URL's....

If I am not wrong, there are are two important aspects here. Authentication and Authorization. When a user is not in a role, he/she cannot access the page even if he is authenticated. Being authenticated does not mean that the user is authorized. Ofcourse, you must be knowing it. So, if you configure the pages that are internal to be accessible only to the employees (or any authorized users), it solves your problem. This can be done using different roles. And you can check the users authorization by using the IsInRole() method. Since, you are having a problem with the internal pages, it is quite obvious that the pages authorization scope needs to be changed. This means that you can get IPs of the office computers and store the information in a database and everytime any user accesses it through the office machine, then authorize the person after checking the credentials. Else, if the IP is not found, redirect the user to the login page. Else if the user Logs on from the office computer, you can just impersonate the person and authorize the access to the page. Not sure about the login dialog pop-up...

Regards,
Bhushan.

Bhushan,

Your post is accurate, but it is my understanding that the problem is purely authenticating the users when they access the system from different secutiry contexts...

Once that is dealt with, then Authorization will come into play, but that it typically (not always) independant on the mechanism used to authenticate.

Hopefully this can be confirmed.

Ok, the page that was giving me the not authorized was a page I had setup sometime ago. Not that long ago we went to a fully qualified domain name. I had forgot about this page and that I would need to type the new domain name into the authorization code.

Once I made that change this page worked as before. I also made one other mistake. Anyway, I'm done to one issue.

http://servername/page.aspx
This url will work internally and not require a login since it's uses the credentials from their pc.

http://ourserver.ourcompany.com/page.aspx
This url will work internally and externally but will require a login whether the user is at the office pc or at an external location.

Is they a way to get the second url to not require a login when used internally?

Probably, not that big of a deal I can just put both links on our internal web pages.


Thanks

Create a brand new "page" allow ANYONE/ANYTHING to access that page.

When the bage gets a hit, look at the request to determine point of origin, and redirect to the appropriate "real" URL.

Yeah. The suggestion from TheCPUWizard seems to be the simple logical solution to the problem, given that OP is willing to accept it. By any chance, is there a chance of using impersonation? I mean, if the user is internally using the pages, you do not need the login at all! But this would not work if you are trying to have a user specific task. I am sure, there are ways, but at this point of time I cannot think of one. Will get back with one later...