General discussion

Locked

Off-campus user authentication

By agaunt ·
I am the web coordinator for a small college. One of the services our web site provides to our students is access to commercial library databases, for which the college pays. Most of the database providers require "user authentication" for access; that is, they want to know that the users accessing their databases are legitimate students/associates of the paying institutions. Unfortunately, many of these services are going to IP recognition. This works fine if a student is on campus and the "system" recognizes the campus IP range, but obviously if they are off campus -- which is about 85% of the usage -- the database doesn't recognize their IP.

We've been advised away from a proxy server by our ISP. Is there any other way to authenticate off-site users, short of registering every IP they could possibly ever use (which is not an option, btw)?

Our students are not all geographically close to either of our campuses; and for the most part they are techno-challenged. Asking themto download or reset

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Off-campus user authentication

by VinnyD In reply to Off-campus user authentic ...

The only was that I can think of is to have the off campus students dail into a RAS server at the college. Then they will look like they are on campus as they go out to the internet on the normal colleage network.

You would have to setup a RemoteAccess Server with multiple modems to handle the traffic.

Collapse -

Off-campus user authentication

by agaunt In reply to Off-campus user authentic ...

Poster rated this answer

Collapse -

Off-campus user authentication

by wjbailey In reply to Off-campus user authentic ...

There are several ways to do this. The very first that I can think of is restrict is create and extranet by which users would have to authenticate with a domain or NIS structure. This could easily be accomplished by VPN software from some of the major security and NOS vendors. The second would be as stated in previous reply set a Remote Access Server for this pupose. IP address would be assigned to by the RAS box. There are many options at your disposale your ISP should also be able to help youset up a extranet that links the INTER to the INTRA.

Collapse -

Off-campus user authentication

by agaunt In reply to Off-campus user authentic ...

Poster rated this answer

Collapse -

Off-campus user authentication

by MCSE Lee In reply to Off-campus user authentic ...

I would opt for the RAS solution - less expensive and not as complicated to set up and maintain.

Collapse -

Off-campus user authentication

by agaunt In reply to Off-campus user authentic ...

Poster rated this answer

Collapse -

Off-campus user authentication

by pjgreene In reply to Off-campus user authentic ...

Although your ISP discourages a Proxy you could accomplish what your are looking for easily with MS Proxy and RRAS. You use Proxy for security and RRAS for VPN and then all of the students use their PPTP (comes with Win98,NT4,W2K) client and then they authenticate to the NT domain.

Collapse -

Off-campus user authentication

by agaunt In reply to Off-campus user authentic ...

Poster rated this answer

Collapse -

Off-campus user authentication

by moflic In reply to Off-campus user authentic ...

85% off campus means a lot of modems and phone lines for dial-in RAS. IP authentication is the problem here. So get rid of it. I'm sure a good Java programmer can write an applet to authenticate by username/password (when you login to techrepublic you just do that) and give access to the database. Maybe even the database providers can replace the IP based auth module with a username/password auth module. This may seem the cheapest way.

Collapse -

Off-campus user authentication

by agaunt In reply to Off-campus user authentic ...

Poster rated this answer

Back to Security Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Security Forums