General discussion

  • Creator
    Topic
  • #2081797

    Off-campus user authentication

    Locked

    by agaunt ·

    I am the web coordinator for a small college. One of the services our web site provides to our students is access to commercial library databases, for which the college pays. Most of the database providers require “user authentication” for access; that is, they want to know that the users accessing their databases are legitimate students/associates of the paying institutions. Unfortunately, many of these services are going to IP recognition. This works fine if a student is on campus and the “system” recognizes the campus IP range, but obviously if they are off campus — which is about 85% of the usage — the database doesn’t recognize their IP.

    We’ve been advised away from a proxy server by our ISP. Is there any other way to authenticate off-site users, short of registering every IP they could possibly ever use (which is not an option, btw)?

    Our students are not all geographically close to either of our campuses; and for the most part they are techno-challenged. Asking themto download or reset

All Comments

  • Author
    Replies
    • #3897114

      Off-campus user authentication

      by vinnyd ·

      In reply to Off-campus user authentication

      The only was that I can think of is to have the off campus students dail into a RAS server at the college. Then they will look like they are on campus as they go out to the internet on the normal colleage network.

      You would have to setup a RemoteAccess Server with multiple modems to handle the traffic.

    • #3897078

      Off-campus user authentication

      by wjbailey ·

      In reply to Off-campus user authentication

      There are several ways to do this. The very first that I can think of is restrict is create and extranet by which users would have to authenticate with a domain or NIS structure. This could easily be accomplished by VPN software from some of the major security and NOS vendors. The second would be as stated in previous reply set a Remote Access Server for this pupose. IP address would be assigned to by the RAS box. There are many options at your disposale your ISP should also be able to help youset up a extranet that links the INTER to the INTRA.

    • #3896947

      Off-campus user authentication

      by mcse lee ·

      In reply to Off-campus user authentication

      I would opt for the RAS solution – less expensive and not as complicated to set up and maintain.

    • #3897401

      Off-campus user authentication

      by pjgreene ·

      In reply to Off-campus user authentication

      Although your ISP discourages a Proxy you could accomplish what your are looking for easily with MS Proxy and RRAS. You use Proxy for security and RRAS for VPN and then all of the students use their PPTP (comes with Win98,NT4,W2K) client and then they authenticate to the NT domain.

    • #3900656

      Off-campus user authentication

      by moflic ·

      In reply to Off-campus user authentication

      85% off campus means a lot of modems and phone lines for dial-in RAS. IP authentication is the problem here. So get rid of it. I’m sure a good Java programmer can write an applet to authenticate by username/password (when you login to techrepublic you just do that) and give access to the database. Maybe even the database providers can replace the IP based auth module with a username/password auth module. This may seem the cheapest way.

    • #3899806

      Off-campus user authentication

      by puneet mehta ·

      In reply to Off-campus user authentication

      Well after going thru ur problem what better i can think of is a VPN using IPSEC. If u already know about IPSec then u r there to see the easy way of Authenication and Authorization.In this way a Mediator initiated tunneling would do the needful forIP recogonition whereby 85% of ur users come .Lot of ISP Provide this facility for large corporates where the main concern is security . If u want any further info on this i will provide you.
      But this what seemed me the best and secured way for ur scattered users.

    • #3899292

      Off-campus user authentication

      by al macintyre ·

      In reply to Off-campus user authentication

      Many techno-challenged students can remember their name & student-id number. It is not unusual for a site to ask for some kind of registration of authorized users, and let the system remember who they are from one sign-on to the next

    • #3786030

      Off-campus user authentication

      by bleechack ·

      In reply to Off-campus user authentication

      Okay, we have done is purchased EZProxy from http://www.usefulutilities.com. It is an excellent program and has functionality to authenticate against users you create, email login/password, auth_http, or just about anything else you can think of. EZproxyisn’t a normal proxy in the way most people think of it. The way it works is that it only proxies the requests that have authenticated from off site.

      Before you try doing anything complicated, try this program out!

      Very small program, very good as well(no I don’t work for them). You can download a trial for NT or Linux from their website. About the only tricky part is getting your exproxy.cfg file set up to work with all the databases and that is more time consuming than anything.

      All told it took me about 1/2 an hour to get it set up to work for us. After 3 years of trying to find a good solution, I am adamant that this is the best one.

    • #3743999

      Off-campus user authentication

      by agaunt ·

      In reply to Off-campus user authentication

      This question was closed by the author

Viewing 8 reply threads