how to know if a request come from internal user (employee) orexternal user (vendor)

  • Thread starter Thread starter Chris
  • Start date Start date
C

Chris

Hi,

I have an extranet site (asp.net), we want that if an employee click
on the link, it will automatically get them in. But if an external
user does it, they will be redirected to a login page.

is it possible? how to know if a request come from internal user
(employee) or external user (vendor).

Thanks

Chris
 
Chris said:
Hi,

I have an extranet site (asp.net), we want that if an employee click
on the link, it will automatically get them in. But if an external
user does it, they will be redirected to a login page.

is it possible? how to know if a request come from internal user
(employee) or external user (vendor).
Click to expand...

The server has no way to sense the vibes of the person whose
interactions with a computer caused it to send the server a request to
determine his status with respect to the company.

You can find out the *IP address* of the device from which the request
is coming to see if it's an intranet or Internet address. That's

Request.ServerVariables["LOCAL_ADDR"]

But since employees can and probably will access the site from outside
your intranet, and since unauthorized visitors of exactly the sort you
want to keep out of your site can sneak into your office and then gain
access from inside your intranet when no one's looking, this doesn't
really help you.

If you are absolutely certain that no non-employee will EVER access this
site from inside your office, and your employees are content to log in
when they are outside the office, then you may be all right. But if you
care about security, you won't count on it.
 
Chris said:
Hi,

I have an extranet site (asp.net), we want that if an employee click
on the link, it will automatically get them in. But if an external
user does it, they will be redirected to a login page.

is it possible? how to know if a request come from internal user
(employee) or external user (vendor).

Thanks

Chris
Click to expand...
I think you can do that with membership provider, although you'll need to
write some code to extend the provider a bit.
If you set it to use activedirectory then handle those with no (valid)
active directory by making them log in.
I couldn't find a specific example but you should be more motivated in your
googling.
http://msdn.microsoft.com/en-us/library/ms998345.aspx
 
Chrsi,

One person would be the usual haveing talk to network persons redirect
on class C or internal address. redirected with a javascripting.

Haveing good days

Shusta
 
Back
Top