I have a wesite running that can be access both from internet or intranet.
There are two directory's in the website, now I want to limited acces to one
of the directory's to people in my intranet. How can I do this?
Thanks for any response,
R.Demandt
How do you plan to distinguish whether a user is from the Intranet or
Internet. Enable authentication? Check their possibly fake IP address?
Etc.
Many ways to do what you ask, so it depends on what you actually want.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Jan 27, 4:54 am, R.Demandt
wrote:
> I have a wesite running that can be access both from internet or intranet.
> There are two directory's in the website, now I want to limited acces to one
> of the directory's to people in my intranet. How can I do this?
>
> Thanks for any response,
> R.Demandt
Could I look if the computer trying to access is a domain member? Or if he is
part of or local network? And how can I configure this?
"David Wang" wrote:
> How do you plan to distinguish whether a user is from the Intranet or
> Internet. Enable authentication? Check their possibly fake IP address?
> Etc.
>
> Many ways to do what you ask, so it depends on what you actually want.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Jan 27, 4:54 am, R.Demandt
> wrote:
> > I have a wesite running that can be access both from internet or intranet.
> > There are two directory's in the website, now I want to limited acces to one
> > of the directory's to people in my intranet. How can I do this?
> >
> > Thanks for any response,
> > R.Demandt
>
>
HTTP, which is the only communicate protocol you are relying upon
between the client and server, has no such concepts to answer what you
are asking for - so IIS has no built-in configuration to just "make it
happen".
However, I'm not saying it's impossible - you just have to determine a
way to answer the question I asked - how do you plan to distinguish
between an Internet and Intranet user, considering that there is no
built-in nor publicly specified support to do this.
For example, suppose you can look if the computer trying to access is
a domain member. How do you prevent a non-domain user from forging
network packets so that they look like a domain member? Likewise, how
can you tell if he is part of your local network if the external user
can forge his network packet to look like he is part of your local
network?
And if you cannot distinguish this clearly, you cannot limit access.
A simple solution could be that you make two websites in IIS, one for
public Internet and the other for Intranet. And you make one of those
directories a virtual directory and only make its mapping in the
Intranet site and not the Internet site. In other words, you make the
origin of the network traffic be the distinguishing feature of what is
Internet vs Intranet.
If this server is dual-homed such that it is connected to both
Intranet and Internet via different network interfaces, then you
simply bind the correct website to the correct network interface.
If this server is internal and getting forwarded Internet requests,
then make sure those two traffic go to different network interface and
tease apart the traffic with your two websites.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Jan 28, 12:37 am, R.Demandt
wrote:
> Could I look if the computer trying to access is a domain member? Or if he is
> part of or local network? And how can I configure this?
>
>
>
> "David Wang" wrote:
> > How do you plan to distinguish whether a user is from the Intranet or
> > Internet. Enable authentication? Check their possibly fake IP address?
> > Etc.
>
> > Many ways to do what you ask, so it depends on what you actually want.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> > On Jan 27, 4:54 am, R.Demandt
> > wrote:
> > > I have a wesite running that can be access both from internet or intranet.
> > > There are two directory's in the website, now I want to limited acces to one
> > > of the directory's to people in my intranet. How can I do this?
>
> > > Thanks for any response,
> > > R.Demandt- Hide quoted text -- Show quoted text -
Hi,
An option:
Configure restrictions by IP address. Whilst David has mentioned that it's
possible to "spoof" an IP address, it generally doesn't allow you much in
this case since the user with the "spoofed" IP address will probably never
get the response (since it will be routed somewhere else by the gateway).
Your edge firewall or router should be able to deal with this - it should
disallow packets that appear to come from an internal network when they
arrive on the external interface
Cheers
Ken
"R.Demandt"
news:4918EAF4-5781-4281-A21F-9D8EF6722E1E@microsoft.com...
> Could I look if the computer trying to access is a domain member? Or if he
> is
> part of or local network? And how can I configure this?
>
> "David Wang" wrote:
>
>> How do you plan to distinguish whether a user is from the Intranet or
>> Internet. Enable authentication? Check their possibly fake IP address?
>> Etc.
>>
>> Many ways to do what you ask, so it depends on what you actually want.
>>
>>
>> //David
>> http://w3-4u.blogspot.com
>> http://blogs.msdn.com/David.Wang
>> //
>>
>>
>>
>> On Jan 27, 4:54 am, R.Demandt
>> wrote:
>> > I have a wesite running that can be access both from internet or
>> > intranet.
>> > There are two directory's in the website, now I want to limited acces
>> > to one
>> > of the directory's to people in my intranet. How can I do this?
>> >
>> > Thanks for any response,
>> > R.Demandt
>>
>>