Regulation user access to the site on IIS

Question

I have an application that should be open to the Internet at the time of development. The application has its own authorization (forms).

We can not restrict access to the server over a range of IP addresses. We also need the site to behave similarly as in the absence of global access check (QA test application in this environment).

How to access can be arranged at IIS?

User steps:

1. Go to site.com
2. User sees a pop-up window (global user name; global password - the same for all users)
3. Redirect to site (as anonymous user)
4. Go to login page and enter local user name and password (specific for current user)

I will be grateful for any advice

Thanks

Answer 1

1. Create filter (inherit from ActionFilterAttribute)

2. Override OnActionExecuting method (check custom cookie). If custom auth cookie absent:

   filterContext.HttpContext.Response.Clear(); filterContext.HttpContext.Response.StatusDescription = "Unauthorized"; filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", "Basic realm=\"Secure Area\""); filterContext.HttpContext.Response.Write("401, please authenticate"); filterContext.HttpContext.Response.StatusCode = 401; filterContext.Result = new EmptyResult(); filterContext.HttpContext.Response.End(); base.OnActionExecuting(filterContext);

3. Register filter in Global.asax in Application_Start()