Click here to Skip to main content
15,902,198 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:

We are developing an application which needs to be secured and accessible to all employees in the office and certain employees outside the office but also want to restrict them on certain conditions as per the need. I know this can be achieved by allowing security through ip address, role based security, etc. But I would like someone to put great light on it in order to understand it in full length.

1 solution

For a general view on ASP.NET authentication and authorization, this is a really good one: ASP.NET authentication and authorization[^]

- In this scenario ip based security is not an option for several reasons.
- If all users are from an NT domain (ActiveDirectory), than you can simply assign AD users and security groups to IIS applications and folders. But this approach is merely good for some static access restriction, like "other than these can not get there at all".
- If you need some sort of dynamic right authentication and authorization in the application, and this is most likely the case in a company, the ASP.NET answer to it is MembershipProvider and RoleProvider. You can still use NTLM/Kerberos if all all domain users, but you can use form authentication as well. And that has a really good support by default. Read this article:[^]
- If you need more, you can make your own MembershipProvider and RoleProvider, that can go from simple ones[^] to really complex ones[^] depending on your need.
Share this answer
winners6 2-Jan-13 8:08am    
Zonltan, our employees would be based at across the country and accessing that web application but we only want to allow certain IPs of our chosen employees to get access to our web application and rest who are based at our local office should automatically get the access until they are in the office and outside the office the local employees also should not get access.
Zoltán Zörgő 2-Jan-13 8:17am    
And ho do you want to ensure, that
- the PC is used by only that employee
- that IP is not faked by anyone else
- remote PCs will have static IP, if you are not on a common CAN

Believe me, IP based security is no security if somebody is willing to harm.
winners6 2-Jan-13 8:24am    
You are right, I mean mac id, instead I used IP. I know that mac id can also be changed by many tricks, but common man does not know how to do it. He would not even know what security we have applied. yes Ip based security is of no use in that case. what are the other options available to me?
Zoltán Zörgő 2-Jan-13 8:36am    
No, MAC is just as easy to change as IP, even easier. And in reality it is not unique. And it is not passing the routers.
What options you have? The ones I have mentioned in my answer and this one too: Client Certificates. See this overview: >

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900