Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
Hi,
 
We are developing an application which needs to be secured and accessible to all employees in the office and certain employees outside the office but also want to restrict them on certain conditions as per the need. I know this can be achieved by allowing security through ip address, role based security, etc. But I would like someone to put great light on it in order to understand it in full length.
Posted 2-Jan-13 2:48am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

For a general view on ASP.NET authentication and authorization, this is a really good one: ASP.NET authentication and authorization[^]
 
- In this scenario ip based security is not an option for several reasons.
- If all users are from an NT domain (ActiveDirectory), than you can simply assign AD users and security groups to IIS applications and folders. But this approach is merely good for some static access restriction, like "other than these can not get there at all".
- If you need some sort of dynamic right authentication and authorization in the application, and this is most likely the case in a company, the ASP.NET answer to it is MembershipProvider and RoleProvider. You can still use NTLM/Kerberos if all all domain users, but you can use form authentication as well. And that has a really good support by default. Read this article: http://www.4guysfromrolla.com/articles/120705-1.aspx[^]
- If you need more, you can make your own MembershipProvider and RoleProvider, that can go from simple ones[^] to really complex ones[^] depending on your need.
  Permalink  
v2
Comments
winners6 at 2-Jan-13 8:08am
   
Zonltan, our employees would be based at across the country and accessing that web application but we only want to allow certain IPs of our chosen employees to get access to our web application and rest who are based at our local office should automatically get the access until they are in the office and outside the office the local employees also should not get access.
Zoltán Zörgő at 2-Jan-13 8:17am
   
And ho do you want to ensure, that
- the PC is used by only that employee
- that IP is not faked by anyone else
- remote PCs will have static IP, if you are not on a common CAN
 
Believe me, IP based security is no security if somebody is willing to harm.
winners6 at 2-Jan-13 8:24am
   
You are right, I mean mac id, instead I used IP. I know that mac id can also be changed by many tricks, but common man does not know how to do it. He would not even know what security we have applied. yes Ip based security is of no use in that case. what are the other options available to me?
Zoltán Zörgő at 2-Jan-13 8:36am
   
No, MAC is just as easy to change as IP, even easier. And in reality it is not unique. And it is not passing the routers.
What options you have? The ones I have mentioned in my answer and this one too: Client Certificates. See this overview: >http://ondrej.wordpress.com/2010/01/24/iis-7-and-client-certificates/

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 DamithSL 495
1 Maciej Los 258
2 OriginalGriff 229
3 BillWoodruff 170
4 Zoltán Zörgő 165
0 OriginalGriff 7,934
1 DamithSL 6,084
2 Sergey Alexandrovich Kryukov 5,449
3 Maciej Los 5,174
4 Kornfeld Eliyahu Peter 4,539


Advertise | Privacy | Mobile
Web04 | 2.8.141223.1 | Last Updated 2 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100