Question about locking down a local site

25 Mar 2004
Evening Ocuk'ers.

I am developing a local site for us to use at work to monitor our Exchange servers.

Is it possible to lock the site down so that only certain 'named' users can access it? To give you a bit more info the following is true:

1) Users are logging on locally with DOMAIN1\Username to their client machines.

2) The site is on DOMAIN2, which has no trust with DOMAIN1.

3) The site runs on IIS7 on Server 2008. The application pool it runs under is the .Net 4 application pool user I believe, can check this if needed.

4) The site is designed in Visual Studio, and is using .Net Framework 4 and C# ASP.NET for the coding languages.

5) The site is only available on the local Intranet.

6) All users will be accessing the site from the same Umbrella IP address so can't lock down by IP, though obviously client IP addresses are static (i.e. 10.44.1.XXX etc) and don't really change.

There is nothing truly problematic on the site, and it generally just reads data from a SQL DB. But I would prefer to make it so that only the technical staff can access it if possible.

What I would like to do is set some kind of access list, i.e if user = DOMAIN1\Ben then they can access the site, but if username = DOMAIN1\Tom they can't.

Is this possible anyway without forcing the users to login each time? I want ease of use for the end users (and myself) without giving access to just anyone in the organisation.
9 Aug 2008
Yes it's possible. Many ways to do it.

* It could be a webpage log in page.
* It could be a http log in
* It could be only accessed from a certain IP e.t.c

Personally I would do a log in page myself. A nice and clean one so that only certain users can have access to it.
Top Bottom