Securing a program over the internet ? (a good challenge here)

Soldato
Joined
12 May 2005
Posts
12,631
Hey -

If anyone can give me a hand here you get a nice box of virtual cookies :p

This problem is driving me a little insane. Basically I work for a company that wants to put a training course online, so that users can access the website and then do their training - rather than us needing to snd them a CD and books / whatever.

Originall it was made for the intranet, so basically doesn't require logins and whatever, which is obviously not exactly a good thing on the world wide web!

Now the setup is fairly simply put together.

We have a server in the US which I have been given full remote desktop access to (in other words, I am a full admin, can install stuff and whatever else). This server is running Windows 2003 - with IIS installed. The server has 5 IP addresses allocated to it via our web host, and has 1 domain name (a standard www.myweburl.com address).

Under IIS, this basically leads us to 1 website set up for that, and another 1 which has the online training program, now here are the issues:

Problem 1 When we type in the url in to the browser, NO passwords we enter do nothing. Under IIS, directory security, access controls, I have turned on "integrated windows authentication" but NO passwords will work when I try to login, even the admin passwords.

Problem 2 If I type in the IP/URL with port 8080 specified (so in other words 22.22.22.22:8080\appname then the login screen doesn't appear.

Because this is actually an application, and not a webpage - using say HTML, I can't just plop a PHP login page in there, and I have to be honest I really am not so great with windows IIS and stuff. But because I work for a smaller company I kind of got asked to do it.

Now does anyone have an ideas ? Active Directory is not installed, btw - I wanted to get advice now before I start randomly doing things in a "hit and hope" way.

MAJOR thanks for anyone that read this, this problem really is driving me mad.
 
Just to clarify a few things:
Can you give a bit more information on this application? Is it something integrated into the server box/IIS, or is it an exe you're pointing to? Also, as you are referencing 8080 did you specify this port for the website under IIS? Usually 8080 is taken up by media server (if installed).
What passwords are you trying? Have you set up accounts on the server with the user/password you are trying? Without AD installed, it will be looking for those accounts on the server itself.
If you are wanting to secure the entire website, unless you give a generic login to all users - or are willing to create accounts for them on the server, the best way would be to hook it upto a db and user server side code to authenticate/lock access (.net, php, asp etc) - but this depends on the format of the site (is it contained within the app you mentioned earlier?)
 
Sure no problem at all :)

The application is integrated into IIS, and basically using a virtual directory. The application is written in Java I believe, and uses Jakarta's TOmcat to serve the pages.

No I didn't specify the port 8080, it should be just using port 80 according to the website.

Passwords I am trying are a variety - including admin accounts, al dont seem to want to have mercy on me :(

I don't really want anything else on the site - literally just this will be fine. WE have other site for contents, this is just for hosting the application.

I am not sure it is possible to use PHP since the pages are generated via the program itself ?
 
Could give SSLExplorer a go if you wanted somthing more simple - allows you to share samba shares, applications, vnc, remote desktop and intranet websites, ties into AD too. :)
 
Back
Top Bottom