How can I get information about the users network when he tries to authenticate towards my IIS?

…衆ロ難τιáo~ 提交于 2020-03-26 19:15:31

问题


I want users, when they are in the workplace (e.g. on the LAN), to authenticate themselves with their regular username and password. Auto-login is disabled.

However - logging in from outside the LAN should trigger a 2-level authentication (like SMS, mail or similar). How can we get information about the users network when they try to log in to the application from outside the LAN?

NB - it does not matter if you have AD user and pwd. If you are on the outside you have to trigger the 2 level auth.

NB2 - we do not want any client-side scripts running, so this must be something coming with the initial request

Technology: IIS 7, ISA 2006, .Net 4, MS Sql 2008 server.

Question also asked here: https://serverfault.com/questions/354183/what-2-level-authentication-mechanism-is-available-that-can-differentiate-if-the

Information why ISA server remove the information I need: http://www.redline-software.com/eng/support/articles/isaserver/security/x-forwarded-isa-track.php


回答1:


If it's reasonable, don't expose your web server to anything outside of your LAN -- require VPN access.

If that isn't reasonable, you should be able to use the REMOTE_ADDR variable to determine the source of the request. Whitelist your LAN as single-factor and require everything else to be multi-factor. Depending on the scenario, the server variables will be similar to either

Context.Request.ServerVariables ["REMOTE_ADDR"]

or

Request.UserHostAddress()

If you have a proxy in the way, make the proxy tag the originating IP source in the headers and read the request headers to determine the external IP.



来源:https://stackoverflow.com/questions/8927299/how-can-i-get-information-about-the-users-network-when-he-tries-to-authenticate

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!