Home
ASP.NET Forums » General ASP.NET » Security » Is this secure?

Is this secure?

Last post 03-27-2005 11:23 PM by wrytat. 0 replies.

Sort Posts:

  • Is this secure?

    03-27-2005, 11:23 PM
    • Member
      120 point Member
    • wrytat
    • Member since 02-22-2005, 10:40 PM
    • Posts 25

    My company will have a web application hosted on a shared server. We can't do windows authentication on the server, but only form authentication.

    There's a part of the application that will be restricted to my company's admin access only. My company wants to restrict this  section such that only my company's computers can access (something like an "intranet", but since the web server is not ours and we can't do windows authentication, I can't really call that).

    So I thought of this:

    I use a form authentication that checks not only the user name and password, but also the IP address of the client machine (using REMOTE_ADDR). 

    So when the user get to the login page, I check his IP first. If it's not my company's IP, I will display error message. Otherwise, I'll let him login using the form authentication method.

    Does this sound secure?

    I read that the IP REMOTE_ADDR returns maybe masked by proxy servers, so we can't entirely rely on it being unique. Which means my method is not workable?

    Also if I want to implement a form authentication with SSL, what do I have to do? Is there any website that teaches how to?

    Sorry, I'm really new to this language and need to learn a lot.
Page 1 of 1 (1 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.