473,382 Members | 1,348 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > restricting access to website from public

Join Bytes to post your question to a community of 473,382 software developers and data experts.

Restricting access to website from public

Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff to
access only. My director hopes to make the 2nd part to be something like an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.
Jul 22 '05 #1
7 2023
one workaround for dynamic ips would be to issue client ssl certificates and
then identify your "intranet" users through their ssl certs... in iis6 you
can map client-certificates to windows accounts. but this of course needs
additional requirements on the hoster's side...

another "easy" way is to set up a vpn. this implies having your own server
tho, but lets you very easily create an intranet and access it securely from
anywhere and even with dynamic ips.

- thomas
"wrytat" <wr****@discussions.microsoft.com> wrote in message
news:77**********************************@microsof t.com...
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff
to
access only. My director hopes to make the 2nd part to be something like
an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a
web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on
a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed
by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be
a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.

Jul 22 '05 #2
Thanks. Does that mean my company has to buy a SSL cert? How to identify
users through SSL certs using ASP.NET codes? Is there any articles online? Or
can you help? Sorry for being annoying.

"Thomas" wrote:
one workaround for dynamic ips would be to issue client ssl certificates and
then identify your "intranet" users through their ssl certs... in iis6 you
can map client-certificates to windows accounts. but this of course needs
additional requirements on the hoster's side...

another "easy" way is to set up a vpn. this implies having your own server
tho, but lets you very easily create an intranet and access it securely from
anywhere and even with dynamic ips.

- thomas
"wrytat" <wr****@discussions.microsoft.com> wrote in message
news:77**********************************@microsof t.com...
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff
to
access only. My director hopes to make the 2nd part to be something like
an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a
web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on
a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed
by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be
a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.


Jul 22 '05 #3
And also what about the web application + windows application suggestion? Is
it not possible? Or is it bad implementation? Or too complicated? Sorry.

"Thomas" wrote:
one workaround for dynamic ips would be to issue client ssl certificates and
then identify your "intranet" users through their ssl certs... in iis6 you
can map client-certificates to windows accounts. but this of course needs
additional requirements on the hoster's side...

another "easy" way is to set up a vpn. this implies having your own server
tho, but lets you very easily create an intranet and access it securely from
anywhere and even with dynamic ips.

- thomas
"wrytat" <wr****@discussions.microsoft.com> wrote in message
news:77**********************************@microsof t.com...
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff
to
access only. My director hopes to make the 2nd part to be something like
an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a
web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on
a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed
by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be
a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.


Jul 22 '05 #4
I've read up about SSL, and configuring a web application to require client
certificates. So this is how I understand it. Please correct me if I'm wrong.

1. Firstly, I need to go to a certificate authority's web site to apply for
the certificates. The authority will request a CSR file. So, if I'm putting
my web application on an ISP's web server, my ISP will have to generate the
CSR file for me?

2. I'll receive my server certificate from the authority. My ISP will have
to install the certificate on the web server I'm putting the web application
on.

3. My ISP will also have to configure the IIS Settings of the folder where I
put the 2nd part (the "intranet" part) of my application, so that client
certificate authentication is enabled.

4. I've to install the client certificate on my company's computer's web
browser.

What I don't understand is the last step: Installing the client certificate.
Will I get a client certificate from the certificate authority or what? Where
shall I get it? And also, is this client certificate unique? If not, if
someone else's computer also has this client certifcate installed, won't he
be able to access to my website?
"Thomas" wrote:
one workaround for dynamic ips would be to issue client ssl certificates and
then identify your "intranet" users through their ssl certs... in iis6 you
can map client-certificates to windows accounts. but this of course needs
additional requirements on the hoster's side...

another "easy" way is to set up a vpn. this implies having your own server
tho, but lets you very easily create an intranet and access it securely from
anywhere and even with dynamic ips.

- thomas
"wrytat" <wr****@discussions.microsoft.com> wrote in message
news:77**********************************@microsof t.com...
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff
to
access only. My director hopes to make the 2nd part to be something like
an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a
web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on
a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed
by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be
a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.


Jul 22 '05 #5
It should be very easy to implement if you use a database and code to check
who logs in. You can then redirect the user to either part 1 or part 2 of
your web app. Of course you should put some checking code on top of each
page that only allows for certain users.

Happy coding.
Shen

"wrytat" <wr****@discussions.microsoft.com> wrote in message
news:77**********************************@microsof t.com...
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff
to
access only. My director hopes to make the 2nd part to be something like
an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a
web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on
a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed
by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be
a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.

Jul 22 '05 #6
Yes, I understand what you mean. That was actually what I intended to do
initially. But my director was thinking that it's not secure enough as some
hackers (or whoever) might somehow get access to these pages after hacking
the database to find out the password. So he wants to make it such that only
our computer can access to these pages.

"Sean" wrote:
It should be very easy to implement if you use a database and code to check
who logs in. You can then redirect the user to either part 1 or part 2 of
your web app. Of course you should put some checking code on top of each
page that only allows for certain users.

Happy coding.
Shen

"wrytat" <wr****@discussions.microsoft.com> wrote in message
news:77**********************************@microsof t.com...
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.

I'm creating a web application for my company now. This application has 2
parts. 1 part for the customers to access. The 2nd part is for our staff
to
access only. My director hopes to make the 2nd part to be something like
an
intranet, such that only our company's computers (maybe only 1 or 2 in the
company) can login to this part of the application.

1. My company's intending to put the application on shared server with a
web
host. Windows Authentication is NOT allowed.

2. My company doesn't have a static IP address.

3. My manager suggested using Network Card number (which I don't really
quite understand. Is there a way to get the Network Card number that's on
a
client PC?).

How??

Some ISP told us that they can provide a firewall management feature such
that it will restrict access to the website from anyone that is not coming
from my company's network. This requires Static IP.

Another told me that IIS Manager has the security feature that restrict
access based on IP address. This requires Static IP again.

Is it possible to implement the 2nd part (the part that is to be accessed
by
my company's PC) as a windows application instead? Then we only put the
windows application on one computer. So, 1st part (for the public) will be
a
web application, 2nd part (for my company) is a windows application, both
accessing the same database server from an ISP. Will the ISP allow the
windows application to access its database server? I've no experience in
making a windows application at all, is it the same as making a web
application? Please advise.

Do my company really have to get a Static IP? Any comments or other
suggestions please? Thank you.


Jul 22 '05 #7
On Thu, 31 Mar 2005 17:23:01 -0800, wrytat
<wr****@discussions.microsoft.com> wrote:
Hi! I'm very new to ASP.NET and really need some good advice from experts
here.


Then you really want to post in the ASP.NET groups, those with dotnet
in the name. This one is for classic ASP code.

Jeff
Jul 22 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Restricting Application to Public (Making an "intranet")
by: wrytat | last post by:
Hi! I'm very new to ASP.NET and really need some good advice from experts here. I'm creating a web application for my company now. This application has 2 parts. 1 part for the customers to...
ASP / Active Server Pages
4
Restricting access to a class' field to only one other class
by: Dennis C. Drumm | last post by:
Is there a way with C# to allow one class access to a method or field of another class, without making that method or field visible to all other classes, as would be the case when making the method...
C# / C Sharp
4
Restricting access of class variable to another single class?
by: Danny Tuppeny | last post by:
Hi all, The next few paragraphs put my question in context, but feel free to skip down to the end if you don't care *why* I need the answer! :) **************************************** ***...
.NET Framework
0
Storing emails templates on the server restricting access
by: WebMatrix | last post by:
Hello, What's the best way to keep email templates as html files on the server, so ASP.NET application can get file access to it, while restricting web users from accessing it through their...
ASP.NET
1
Forms authentication - restricting certain pages
by: Paul Aspinall | last post by:
Hi I want to have most of my website available to users without any authentication (ie. they can freely browse). However, if they go to a restricted part, they should be redirected to a login...
ASP.NET
2
Restricting instantiation of the object in heap only for the particular case
by: WittyGuy | last post by:
Hi My class looks something like this: class Base { public: Base () {} ~Base () {} // No virtual dtor in the base class private: };
C / C++
8
Restricting the length of a text field, trim if needed, all on page load.
by: sneddo | last post by:
Ok I am trying to do the above, I have got a script that will restrict the length but it requires the user to enter the field and hit a key, before it will work. This would normaly be find, but...
Javascript
2
restricting access to folders on server
by: runway27 | last post by:
i am using apache server and presently when i try accessing any folders of my website i am able to browse the files ex = www.website.com/images which is a serious security risk as i am building a...
PHP
4
Interfaces, restricting access
by: Christopher | last post by:
I am surprised this hasn't come up for me more in the past, but the situation is: I need to have an interface that is usable for all I need to have an interface that is only usable for some I...
C / C++
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!