×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Citrix secure gateway enable/disable users

Citrix secure gateway enable/disable users

Citrix secure gateway enable/disable users

(OP)
We are a school and have a Citrix secure gateway server to allow staff to work from home. Students have found the URL (I suspect they were told by a member of staff) and are logging in from home, at the moment we don't want them to be able to do this especially during the day as it uses up licences.

Is there a way to prevent certain users accessing a Citrix secure gateway server? I can't ban them from the Citrix system altogether as then they can't logon from the thin client devices in school.

I'd appreciate any thoughts.

We're using Citrix PS (Xenapp) 4.5 with FP1

Thanks.
 

RE: Citrix secure gateway enable/disable users

If you look at the Citrix Access Management console, I think you would see that all users coming in from the CSG have a client name starting with "WI". You can create a policy in Citrix to deny access to users with a client name starting with "WI". I do this to restrict my external users to a single session - they were double-clicking on the published app icons and automatically getting two sessions going.

RE: Citrix secure gateway enable/disable users

(OP)
I don't think that will work here as our web interface server is set to not generate a name but to collect the clientname of the device. We use this so we know the location of the thin client device for mapping printers and so on.
I suppose we could have more than one web interface server one for local users and one for remote users to get around this.

Thanks.

RE: Citrix secure gateway enable/disable users

I haven't thought this through completely, but could you create 2 sets of published apps, one for students and one for staff and only show the staff apps on the WI?

RE: Citrix secure gateway enable/disable users

(OP)
As far as I know when I give a user permissions to an app it just appears on the web interface page. I'll have a look to see if there's a way to stop apps appearing on the web interface page. I don't know much about it yet.

Thanks.

RE: Citrix secure gateway enable/disable users

1 make a database on an SQL express server
2. paste the next part in C:\Inetpub\wwwroot\Citrix\AccessPlatform\app_data\auth\serverscripts\login.aspxf after the private PageAction loginAuthenticateExplicit(ExplicitAuth expAuth) Function

i'm not sure but i think i have the code from http://www.thomaskoetzing.de/

//***** START MODIFIED PART
// --------------------------------------------------------------------------------

string strConnString = "Data Source=<sqlsever>;Initial Catalog=CitrixSG;Persist Security Info=True;User ID=<sqlaccount>;Password=<password>";

System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection();
conn.ConnectionString = strConnString;

bool boolAllowed = false;
string strUsername = String.Empty;
string clientIP = String.Empty;


// Retrieve the username of the current logged in user
strUsername = user;

// Work around to get real client IP address (http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=64&Itemid=103)
if (!(Request.ServerVariables["HTTP_X_FORWARDED_FOR"] == null) && (Request.ServerVariables["REMOTE_ADDR"] == "127.0.0.1"))
{
    clientIP = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
}
else
{
    clientIP = Request.ServerVariables["REMOTE_ADDR"];
}


try
{
    conn.Open();
    string strSQL = string.Format("SELECT COUNT(username) FROM WI_Include WHERE username='{0}'", strUsername);
    System.Data.SqlClient.SqlCommand sqlCmd = new System.Data.SqlClient.SqlCommand(strSQL, conn);

    int numRows = (int)sqlCmd.ExecuteScalar();

    // If the user is not allowed to log in, log the access attempt in the database
    if(numRows < 1)
    {
        boolAllowed = false;
        string strSQLDenied = string.Format("INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES ('{0}', '{1}', '{2}', '{3}')", strUsername, DateTime.Now.ToString(), clientIP, "no");
        System.Data.SqlClient.SqlCommand sqlCmdDenied = new System.Data.SqlClient.SqlCommand(strSQLDenied, conn);
        sqlCmdDenied.ExecuteNonQuery();
    }
    else
    {
        boolAllowed = true;
        string strSQLAllowed = string.Format("INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES ('{0}', '{1}', '{2}', '{3}')", strUsername, DateTime.Now.ToString(), clientIP, "yes");
        System.Data.SqlClient.SqlCommand sqlCmdAllowed = new System.Data.SqlClient.SqlCommand(strSQLAllowed, conn);
        sqlCmdAllowed.ExecuteNonQuery();
    }
}

catch
{
}


finally
{
    conn.Close();
}


if(!boolAllowed)
{
    Server.Transfer("../auth/errorPage.html");
}




// --------------------------------------------------------------------------------
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close