Authenticate web access based on IP address in IIS5

Hello All,

We have a little dilema here that I'm sure many others have faced but have
not found a tech document that explains a possible solution yet. I'm still
looking through the forums.

We have several sites on an IIS server, and this server has http/https open
to the internet. Normally to get to these pages, our users would connect to
our VPN and would access these sites via links from another internal web
server. No problem there.

However, we also have visitors (who have intranet logins but not VPN) who
also need to access the sites on the IIS server.

The problem is that we don't want the sites on the IIS server to be
accessible from anyone on the internet unless they are authenticated. But,
we don't want users on our VPN to have to authenticate.

So in a nutshell, can we have IIS prompt a web visitor for a username and
login if they are not coming from a trusted IP address? Users coming in
from the internet (and not on the VPN) would have to enter their credentials,
with SSL required.

Thanks for any advice!

Maurice

Re: Authenticate web access based on IP address in IIS5

Hi,

You can configure IIS from which IP address it can be accessed -- but if the
IP address is not on the list it will deny access and will not give you an
option to authenticate (e.g. give you logon prompt).

However -- you could do this programatically using e.g. .asp...

I hope this help,

--
Mike
Microsoft MVP - Windows Security

"Maurice" wrote in message
news:2CBEA59A-9B21-4B16-AC32-1C5AA82AD142@microsoft.com...
> Hello All,
>
> We have a little dilema here that I'm sure many others have faced but have
> not found a tech document that explains a possible solution yet. I'm
> still
> looking through the forums.
>
> We have several sites on an IIS server, and this server has http/https
> open
> to the internet. Normally to get to these pages, our users would connect
> to
> our VPN and would access these sites via links from another internal web
> server. No problem there.
>
> However, we also have visitors (who have intranet logins but not VPN) who
> also need to access the sites on the IIS server.
>
> The problem is that we don't want the sites on the IIS server to be
> accessible from anyone on the internet unless they are authenticated.
> But,
> we don't want users on our VPN to have to authenticate.
>
> So in a nutshell, can we have IIS prompt a web visitor for a username and
> login if they are not coming from a trusted IP address? Users coming
> in
> from the internet (and not on the VPN) would have to enter their
> credentials,
> with SSL required.
>
> Thanks for any advice!
>
> Maurice
>

RE: Authenticate web access based on IP address in IIS5

The othe roption (which would add a slight management overhead) would be to
have two websites pointing at the same content. One for external access, one
for Internal access.

Paul Walsh

"Maurice" wrote:

> Hello All,
>
> We have a little dilema here that I'm sure many others have faced but have
> not found a tech document that explains a possible solution yet. I'm still
> looking through the forums.
>
> We have several sites on an IIS server, and this server has http/https open
> to the internet. Normally to get to these pages, our users would connect to
> our VPN and would access these sites via links from another internal web
> server. No problem there.
>
> However, we also have visitors (who have intranet logins but not VPN) who
> also need to access the sites on the IIS server.
>
> The problem is that we don't want the sites on the IIS server to be
> accessible from anyone on the internet unless they are authenticated. But,
> we don't want users on our VPN to have to authenticate.
>
> So in a nutshell, can we have IIS prompt a web visitor for a username and
> login if they are not coming from a trusted IP address? Users coming in
> from the internet (and not on the VPN) would have to enter their credentials,
> with SSL required.
>
> Thanks for any advice!
>
> Maurice
>