Securing a program over the internet ? (a good challenge here)

Soldato
Joined
12 May 2005
Posts
12,631
Hey -

If anyone can give me a hand here you get a nice box of virtual cookies :p

This problem is driving me a little insane. Basically I work for a company that wants to put a training course online, so that users can access the website and then do their training - rather than us needing to snd them a CD and books / whatever.

Originall it was made for the intranet, so basically doesn't require logins and whatever, which is obviously not exactly a good thing on the world wide web!

Now the setup is fairly simply put together.

We have a server in the US which I have been given full remote desktop access to (in other words, I am a full admin, can install stuff and whatever else). This server is running Windows 2003 - with IIS installed. The server has 5 IP addresses allocated to it via our web host, and has 1 domain name (a standard www.myweburl.com address).

Under IIS, this basically leads us to 1 website set up for that, and another 1 which has the online training program, now here are the issues:

Problem 1 When we type in the url in to the browser, NO passwords we enter do nothing. Under IIS, directory security, access controls, I have turned on "integrated windows authentication" but NO passwords will work when I try to login, even the admin passwords.

Problem 2 If I type in the IP/URL with port 8080 specified (so in other words 22.22.22.22:8080\appname then the login screen doesn't appear.

Because this is actually an application, and not a webpage - using say HTML, I can't just plop a PHP login page in there, and I have to be honest I really am not so great with windows IIS and stuff. But because I work for a smaller company I kind of got asked to do it.

Now does anyone have an ideas ? Active Directory is not installed, btw - I wanted to get advice now before I start randomly doing things in a "hit and hope" way.

MAJOR thanks for anyone that read this, this problem really is driving me mad.
 
Sure no problem at all :)

The application is integrated into IIS, and basically using a virtual directory. The application is written in Java I believe, and uses Jakarta's TOmcat to serve the pages.

No I didn't specify the port 8080, it should be just using port 80 according to the website.

Passwords I am trying are a variety - including admin accounts, al dont seem to want to have mercy on me :(

I don't really want anything else on the site - literally just this will be fine. WE have other site for contents, this is just for hosting the application.

I am not sure it is possible to use PHP since the pages are generated via the program itself ?
 
Back
Top Bottom