3

I am deploying a public ASP.NET website on an IIS7 web farm.

The application runs on 3 web servers and is behind a firewall.

We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.

/admin/somepage.aspx

What is the best way to control access to this page? We need to:

  1. Prevent all external (public) users from accessing the URL.
  2. Permit specific internal users to access the page, only from certain IPs or networks.

Should this access control be done at the (a) network level, (b) application level, etc.?

Improve this question

3 Answers 3

Reset to default
2

I found the best solution was to place an irule on our F5 load balancer.

We created a rule that the load balancer would drop all external requests for the specific directory. Internally, we could still hit the pages by connecting directly to the servers in the farm.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Here is how to secure specific page for specific users and only them

<configuration>
    <location path="admin/somepage.aspx">
        <system.web>
            <authorization>
                <allow users="User1,User2" />
                <deny users="*" />
            </authorization>
        </system.web>
    </location>
</configuration>

To set allowed IP you need to configure web site in IIS via IPv4 Address and Domain Restriction where add a wildcard Deny Entry and specif Allow Entries.

Also you can setup all this programmatically.

Improve this answer

Comments

0

A simple implementation would be to set File Security on that File in IIS to Integrated Windows Authentication only.

Then in that file's code behind, check for the user's ID..if they are authenticated, they will have an ID, and let them access the page.

if(!HttpContext.Current.User.Identity.IsAuthenticated)
{
   //Direct user to other page or  display message.
}

When users go to that page, it will ask them for their network login

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.