eZ Community » Forums » Setup & design » Ip based Intranet authentication
expandshrink

Ip based Intranet authentication

Ip based Intranet authentication

Tuesday 08 March 2005 4:25:27 pm - 4 replies

Hi,

Is it possible to authenticate users based on their IP?

I would like to give users "read" access if they are coming from certain range of IP's and requiring them to authenticate if they are accessing the company's intranet from home for example.

Thank you for your help,

Andy

  • Related forum topics

Tuesday 08 March 2005 4:29:43 pm

No sorry, Not out of the box...

you would need to hack the kernel or supply a custom loginhandler

Tuesday 08 March 2005 4:55:14 pm

If you use URL based siteaccesses, you can kind of do this with Apache configurations. I think the limitation is that you would have access or not, no chance to login would be provided.

If you disallowed all outside network access, and then required VPN into the network to access the intranet you could get around this. The VPN would handle the authenication.

Wednesday 09 March 2005 9:31:59 am

Hi!

I have made a patch for login based on IP. This is made for only one user, but you get the idea of how to do it.

This patch gets the IPaddress and the corresponding user from the site.ini.append.php file. (Patch is for 3.5.1)

--- ezpublish_releases/ezpublish-3.5.1/pre_check.php     2005-02-24 12:05:54.000000000 +0100
+++ precheck_fixedfor351.php    2005-03-09 09:26:30.999605632 +0100
@@ -89,6 +89,19 @@
 //     $uri =& $GLOBALS['eZRequestedURI'];
     $check = array( "module" => "user",
                     "function" => "login" );
+
+       //---LoginOnIP-HACK
+    if ( $ini->hasVariable( 'LoginOnIP', 'IPAddress' ) && $ini->hasVariable( 'LoginOnIP', 'UserID' )
+         && $_SERVER['REMOTE_ADDR'] == $ini->variable( 'LoginOnIP', 'IPAddress' ) )
+    {
+        include_once( 'kernel/classes/datatypes/ezuser/ezuser.php' );
+
+        $userID = ( int ) $ini->variable( 'LoginOnIP', 'UserID' );
+        $user = eZUser::fetch( $userID );
+        eZUser::setCurrentlyLoggedInUser( $user, $userID );
+    }
+       //---LoginOnIP-HACK
+
     if ( $http->hasSessionVariable( "eZUserLoggedInID" ) and
          $http->sessionVariable( "eZUserLoggedInID" ) != '' and
          $http->sessionVariable( "eZUserLoggedInID" ) != $ini->variable( 'UserSettings', 'AnonymousUserID' ) )
@@ -173,4 +186,4 @@
 }

It is _not_ recommended to change the kernel, because upgrades will be much harder. But if you really want to do it, this is how.

Modified on Wednesday 09 March 2005 9:34:31 am by Kristian Hole

Thursday 10 March 2005 5:35:10 pm

Thank you for your replies.

Since ez is going to be authenticating to LDAP anyway, I think I'm going to end up using mod_auth_ldap apache module to authenticate intranet users when not on intranet.

I'm going to try to get it to work this weekend.

Andy

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu