I have various sites in old asp that limit access to various parts of the sites based upon authentication. This authentication is done firstly via the incoming http request ip address. if it is within a speicifed range (held in a database) then authentication is automatic if the ip address is not in the database then a user has to input a username and password to authenticate themselves. I was wondering about the possibility of developing this kind of security model for DNN so i can build alternative sites using the CMS. I know its not the most ideal way to authenticate but I have no choice over the matter. I could do it at the IIS level but it is easy to manage it in the database.

I'm not to sure where to begin with it. What are the current classes used in DNN. I have been looking for the portal security class but can't find it.

You'd want to setup a membership provider project, duplicate the existing project and start modifying that project to fit your specific needs. Then make the appropriate web.config changes to hook into your new membership provider.

That's the approach I would take. Though, I haven't worked with the membership project at all to be able to tell you where to begin inside that project.

You could also set up an http handler that would detect if the IP address is int he range and authenticated the user using the existing membership provider. this would be a smaller change I would think.

Good idea there Ims, that would probably be a bit easier.

You could also simply implement pieces of the Login module and your IP logic in a SkinObject....if not authenticated, check IP & allow or redirect to a page with the standard Login module...