堆栈内存溢出
  简体   繁体   English

当他尝试向我的IIS进行身份验证时,如何获得有关用户网络的信息?

[英]How can I get information about the users network when he tries to authenticate towards my IIS?

 原文  2012-01-19 13:59:31       security/ authentication/ iis-7/ passwords

问题描述

I want users, when they are in the workplace (eg on the LAN), to authenticate themselves with their regular username and password. 我希望用户在工作场所(例如,在LAN上)使用其常规用户名和密码进行身份验证。 Auto-login is disabled. 自动登录已禁用。

However - logging in from outside the LAN should trigger a 2-level authentication (like SMS, mail or similar). 但是,从LAN外部登录应该触发2级身份验证(例如SMS,邮件或类似身份验证)。 How can we get information about the users network when they try to log in to the application from outside the LAN? 当用户尝试从LAN外部登录应用程序时,我们如何获取有关用户网络的信息?

NB - it does not matter if you have AD user and pwd. 注意:如果您有AD用户和密码,则没有关系。 If you are on the outside you have to trigger the 2 level auth. 如果您在外面,则必须触发2级身份验证。

NB2 - we do not want any client-side scripts running, so this must be something coming with the initial request NB2-我们不希望任何客户端脚本运行,因此这一定是初始请求所附带的内容

Technology: IIS 7, ISA 2006, .Net 4, MS Sql 2008 server. 技术:IIS 7,ISA 2006,.Net 4,MS Sql 2008服务器。

Question also asked here: https://serverfault.com/questions/354183/what-2-level-authentication-mechanism-is-available-that-can-differentiate-if-the 这里还问了这个问题: https : //serverfault.com/questions/354183/what-2-level-authentication-mechanism-is-available-that-c​​an-differentiate-if-the

Information why ISA server remove the information I need: http://www.redline-software.com/eng/support/articles/isaserver/security/x-forwarded-isa-track.php 有关ISA服务器为何删除我需要的信息的信息: http : //www.redline-software.com/eng/support/articles/isaserver/security/x-forwarded-isa-track.php

1 个解决方案

解决方案1
 1 已采纳  2012-01-19 14:31:05

If it's reasonable, don't expose your web server to anything outside of your LAN -- require VPN access. 如果合理,请不要将您的Web服务器暴露给LAN之外的任何东西-需要VPN访问。

If that isn't reasonable, you should be able to use the REMOTE_ADDR variable to determine the source of the request. 如果那不合理,则应该可以使用REMOTE_ADDR变量来确定请求的来源。 Whitelist your LAN as single-factor and require everything else to be multi-factor. 将您的LAN列入单因素白名单,并要求将其他所有因素都列为多因素。 Depending on the scenario, the server variables will be similar to either 根据情况, 服务器变量将类似于 

Context.Request.ServerVariables ["REMOTE_ADDR"]

or 要么 

Request.UserHostAddress()

If you have a proxy in the way, make the proxy tag the originating IP source in the headers and read the request headers to determine the external IP. 如果您有代理,请在标题中使proxy标签成为原始IP源,并读取请求标头以确定外部IP。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何验证用户访问我的站点? - How to authenticate users to my site? 如何为我的Android应用验证用户身份? - How do I authenticate users for my Android app? 没有用户注册时,如何保护我的 api 端点 - How can i secure my api endpoint when there is no users registration 如何在特定域上提取有关SSL加密的信息 - How can I extract information about SSL encryption on a particular domain 如何使用Windows身份验证同时对IIS7托管的javascript Web客户端和WCF服务进行身份验证? - How can I simultaneously authenticate to an IIS7-hosted javascript web client and WCF service using Windows Authentication? 当他更新实体框架中的行时,如何检查用户是否是实体的所有者? - How can I check if user is owner of entity when he updates row in entity framework? 关闭浏览器时如何让用户注销 - How to get user logout when he close browser 如何在 Java 中隐藏我的数据库信息? - How can I hide my database information in Java? 当我的网站用户单击外部链接时,隐藏引荐信息 - Hide referral information when my site users click on external links 如何让客户端先进行身份验证? - How do I get the client to authenticate first?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM