|
Request Filtering -- Macmariman --
Hi all, I have to expose different functionalities within an application that's located in a Web Server in the DMZ based on wheather the request comes from the LAN or the Internet. Some functionalities won't be available for internet users. The question is how can I achieve this and which are the different approches to the problem. I wouldn't like to filter using IP addresses individually. Thanks! |
|
-- NickChan --
how do u 'seperate the functionalities' ? is it by different .asmx page? 1.asmx (public) = anonymous security 2.asmx (LAN) = non anonymous to access 2.asmx, u have to pass networkcredentials something like new system.net.networkcredentials(username,password) it could be the windows user/pass for the webserver, or some complex network user/pass thing. |
|
-- Macmariman --
Nick Chan wrote: how do u 'seperate the functionalities' ? is it by different .asmx page? 1.asmx (public) = anonymous security 2.asmx (LAN) = non anonymous to access 2.asmx, u have to pass networkcredentials something like new system.net.networkcredentials(username,password) it could be the windows user/pass for the webserver, or some complex network user/pass thing. Hi, thank you very much for the reply Nick. I'm using different user controls .ascx to separate the functionalities, but I already have authentication implemented via web forms. What I need is a way to determine programatically if the user request comes from the LAN or Internet. |
|
-- BradleyPeter --
I assume your Web server has an internal IP address and is behind a proxy firewall that redirects external requests. If that is the case, you could use the request path to only allow certain functions for request paths representing internal IP addresses (192.168.xx.xx, or whatever). Having said that, I'm not entirely sure about the logic behind what you're trying to do. If people are authorized to do something when they're on the LAN, why can't they do it when they log in from home or wherever? Your authentication/authorization routines should determine what users can do. For example, we make users log in via Active Directory in order to carry out functions reserved for internal users (whether they happen to be on the LAN when they log in, or not), and within that we use AD groups to determine what functionality internal users can access. HTH Peter -----Original Message----- From: DotNetDevelopment Request Filtering Hi all, I have to expose different functionalities within an application that's located in a Web Server in the DMZ based on wheather the request comes from the LAN or the Internet. Some functionalities won't be available for internet users. The question is how can I achieve this and which are the different approches to the problem. I wouldn't like to filter using IP addresses individually. Thanks! |