Forums / Setup & design / Ip based Intranet authentication

Ip based Intranet authentication

Author Message

Andy Masiar

Tuesday 08 March 2005 7:25:27 am

Hi,

Is it possible to authenticate users based on their IP?

I would like to give users "read" access if they are coming from certain range of IP's and requiring them to authenticate if they are accessing the company's intranet from home for example.

Thank you for your help,

Andy

Björn Dieding@xrow.de

Tuesday 08 March 2005 7:29:43 am

No sorry, Not out of the box...

you would need to hack the kernel or supply a custom loginhandler

Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs
Looking for hosting? http://hostingezpublish.com
-----------------------------------------------------------------------------
GMT +01:00 Hannover, Germany
Web: http://www.xrow.com/

Mark Marsiglio

Tuesday 08 March 2005 7:55:14 am

If you use URL based siteaccesses, you can kind of do this with Apache configurations. I think the limitation is that you would have access or not, no chance to login would be provided.

If you disallowed all outside network access, and then required VPN into the network to access the intranet you could get around this. The VPN would handle the authenication.

http://www.thinkcreative.com
Turning Ideas Into Strategic Solutions

Kristian Hole

Wednesday 09 March 2005 12:31:59 am

Hi!

I have made a patch for login based on IP. This is made for only one user, but you get the idea of how to do it.

This patch gets the IPaddress and the corresponding user from the site.ini.append.php file. (Patch is for 3.5.1)

--- ezpublish_releases/ezpublish-3.5.1/pre_check.php     2005-02-24 12:05:54.000000000 +0100
+++ precheck_fixedfor351.php    2005-03-09 09:26:30.999605632 +0100
@@ -89,6 +89,19 @@
 //     $uri =& $GLOBALS['eZRequestedURI'];
     $check = array( "module" => "user",
                     "function" => "login" );
+
+       //---LoginOnIP-HACK
+    if ( $ini->hasVariable( 'LoginOnIP', 'IPAddress' ) && $ini->hasVariable( 'LoginOnIP', 'UserID' )
+         && $_SERVER['REMOTE_ADDR'] == $ini->variable( 'LoginOnIP', 'IPAddress' ) )
+    {
+        include_once( 'kernel/classes/datatypes/ezuser/ezuser.php' );
+
+        $userID = ( int ) $ini->variable( 'LoginOnIP', 'UserID' );
+        $user = eZUser::fetch( $userID );
+        eZUser::setCurrentlyLoggedInUser( $user, $userID );
+    }
+       //---LoginOnIP-HACK
+
     if ( $http->hasSessionVariable( "eZUserLoggedInID" ) and
          $http->sessionVariable( "eZUserLoggedInID" ) != '' and
          $http->sessionVariable( "eZUserLoggedInID" ) != $ini->variable( 'UserSettings', 'AnonymousUserID' ) )
@@ -173,4 +186,4 @@
 }

It is _not_ recommended to change the kernel, because upgrades will be much harder. But if you really want to do it, this is how.

Kristian

http://ez.no/ez_publish/documenta...tricks/show_which_templates_are_used
http://ez.no/doc/ez_publish/techn...te_operators/miscellaneous/attribute

Andy Masiar

Thursday 10 March 2005 8:35:10 am

Thank you for your replies.

Since ez is going to be authenticating to LDAP anyway, I think I'm going to end up using mod_auth_ldap apache module to authenticate intranet users when not on intranet.

I'm going to try to get it to work this weekend.

Andy