Hello,
I installled nfuse on an IIS 5.0 sever. Is it possible to only allow access based on hardware. For example, when a user owns a portable from the company and has his own private pc, we only want him to be able to access the login page with his company portable. When accessing the site with his pc, access to the website (nfuse login page) is denied.
We could work with certificates, but it's expensive and not full proof, certificates could easily be copied from one PC to another.
Maybe we could implement a login script and do some tests on the clients'name and IP-address and then check this with a central file on a server to see if this machine is allowed or not. Problem: we must know if the user is connected via the internet or via the LAN. This program will demonstrate what I want.
LOGIN SCRIPT
RESOLVE IP ADDRESS
CHECK Client name
IF IP ADDRESS = PUBLIC IP (internet ip) then
IF client name = client name central file then
ALLOW ACCESS to logon
else DENY ACCESS to logon
END IF
ELSE
ALLOW ACCESS to logon
(if user is on LAN he must be able to log on at all times)
END IF
Problem is that a users's public IP address could be NAT, so the server doesn't see the real IP in the login script and therefore the script cannot test and determine if a user is connected via LAN or internet. Is it possible to implement something in the website to pass the public IP so it can be used in the login script
Anybody ideas?
Thanks
Wim
I installled nfuse on an IIS 5.0 sever. Is it possible to only allow access based on hardware. For example, when a user owns a portable from the company and has his own private pc, we only want him to be able to access the login page with his company portable. When accessing the site with his pc, access to the website (nfuse login page) is denied.
We could work with certificates, but it's expensive and not full proof, certificates could easily be copied from one PC to another.
Maybe we could implement a login script and do some tests on the clients'name and IP-address and then check this with a central file on a server to see if this machine is allowed or not. Problem: we must know if the user is connected via the internet or via the LAN. This program will demonstrate what I want.
LOGIN SCRIPT
RESOLVE IP ADDRESS
CHECK Client name
IF IP ADDRESS = PUBLIC IP (internet ip) then
IF client name = client name central file then
ALLOW ACCESS to logon
else DENY ACCESS to logon
END IF
ELSE
ALLOW ACCESS to logon
(if user is on LAN he must be able to log on at all times)
END IF
Problem is that a users's public IP address could be NAT, so the server doesn't see the real IP in the login script and therefore the script cannot test and determine if a user is connected via LAN or internet. Is it possible to implement something in the website to pass the public IP so it can be used in the login script
Anybody ideas?
Thanks
Wim