Click here to Skip to main content
Search within:



Next

how to create intranet or ip based asp.net application in c#?
Sign Up to vote bad
good
See more: ASP.NET
Hi,
 
We are developing an application which needs to be secured and accessible to all employees in the office and certain employees outside the office but also want to restrict them on certain conditions as per the need. I know this can be achieved by allowing security through ip address, role based security, etc. But I would like someone to put great light on it in order to understand it in full length.
Posted 2 Jan '13 - 1:48
winners6269
Add a Solution


1 solution

For a general view on ASP.NET authentication and authorization, this is a really good one: ASP.NET authentication and authorization[^]
 
- In this scenario ip based security is not an option for several reasons.
- If all users are from an NT domain (ActiveDirectory), than you can simply assign AD users and security groups to IIS applications and folders. But this approach is merely good for some static access restriction, like "other than these can not get there at all".
- If you need some sort of dynamic right authentication and authorization in the application, and this is most likely the case in a company, the ASP.NET answer to it is MembershipProvider and RoleProvider. You can still use NTLM/Kerberos if all all domain users, but you can use form authentication as well. And that has a really good support by default. Read this article: http://www.4guysfromrolla.com/articles/120705-1.aspx[^]
- If you need more, you can make your own MembershipProvider and RoleProvider, that can go from simple ones[^] to really complex ones[^] depending on your need.
  Permalink  
Posted 2 Jan '13 - 2:00
Zoltán Zörgő39.7K
Edited 2 Jan '13 - 2:01
v2
Comments
winners6 - 2 Jan '13 - 8:08
Zonltan, our employees would be based at across the country and accessing that web application but we only want to allow certain IPs of our chosen employees to get access to our web application and rest who are based at our local office should automatically get the access until they are in the office and outside the office the local employees also should not get access.
Zoltán Zörgő - 2 Jan '13 - 8:17
And ho do you want to ensure, that - the PC is used by only that employee - that IP is not faked by anyone else - remote PCs will have static IP, if you are not on a common CAN Believe me, IP based security is no security if somebody is willing to harm.
winners6 - 2 Jan '13 - 8:24
You are right, I mean mac id, instead I used IP. I know that mac id can also be changed by many tricks, but common man does not know how to do it. He would not even know what security we have applied. yes Ip based security is of no use in that case. what are the other options available to me?
Zoltán Zörgő - 2 Jan '13 - 8:36
No, MAC is just as easy to change as IP, even easier. And in reality it is not unique. And it is not passing the routers. What options you have? The ones I have mentioned in my answer and this one too: Client Certificates. See this overview: >http://ondrej.wordpress.com/2010/01/24/iis-7-and-client-certificates/
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Your Filters
Interested
Ignored
     
0 OriginalGriff 243
1 Rohan Leuva 220
2 Sergey Alexandrovich Kryukov 208
3 Abhinav S 168
4 Mahesh Bailwal 165
0 Sergey Alexandrovich Kryukov 8,494
1 OriginalGriff 6,799
2 CPallini 3,603
3 Rohan Leuva 2,923
4 Maciej Los 2,234


Advertise | Privacy | Mobile
Web01 | 2.6.130516.1 | Last Updated 2 Jan 2013
Copyright © CodeProject, 1999-2013
All Rights Reserved. Terms of Use
Layout: fixed | fluid