Security·4,794 discussions

Off-campus user authentication

Locked

I am the web coordinator for a small college. One of the services our web site provides to our students is access to commercial library databases, for which the college pays. Most of the database providers require “user authentication” for access; that is, they want to know that the users accessing their databases are legitimate students/associates of the paying institutions. Unfortunately, many of these services are going to IP recognition. This works fine if a student is on campus and the “system” recognizes the campus IP range, but obviously if they are off campus — which is about 85% of the usage — the database doesn’t recognize their IP.

We’ve been advised away from a proxy server by our ISP. Is there any other way to authenticate off-site users, short of registering every IP they could possibly ever use (which is not an option, btw)?

Our students are not all geographically close to either of our campuses; and for the most part they are techno-challenged. Asking themto download or reset

Topic

Off-campus user authentication

In reply to Off-campus user authentication

The only was that I can think of is to have the off campus students dail into a RAS server at the college. Then they will look like they are on campus as they go out to the internet on the normal colleage network.

You would have to setup a RemoteAccess Server with multiple modems to handle the traffic.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

There are several ways to do this. The very first that I can think of is restrict is create and extranet by which users would have to authenticate with a domain or NIS structure. This could easily be accomplished by VPN software from some of the major security and NOS vendors. The second would be as stated in previous reply set a Remote Access Server for this pupose. IP address would be assigned to by the RAS box. There are many options at your disposale your ISP should also be able to help youset up a extranet that links the INTER to the INTRA.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

I would opt for the RAS solution – less expensive and not as complicated to set up and maintain.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

Although your ISP discourages a Proxy you could accomplish what your are looking for easily with MS Proxy and RRAS. You use Proxy for security and RRAS for VPN and then all of the students use their PPTP (comes with Win98,NT4,W2K) client and then they authenticate to the NT domain.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

85% off campus means a lot of modems and phone lines for dial-in RAS. IP authentication is the problem here. So get rid of it. I’m sure a good Java programmer can write an applet to authenticate by username/password (when you login to techrepublic you just do that) and give access to the database. Maybe even the database providers can replace the IP based auth module with a username/password auth module. This may seem the cheapest way.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

Well after going thru ur problem what better i can think of is a VPN using IPSEC. If u already know about IPSec then u r there to see the easy way of Authenication and Authorization.In this way a Mediator initiated tunneling would do the needful forIP recogonition whereby 85% of ur users come .Lot of ISP Provide this facility for large corporates where the main concern is security . If u want any further info on this i will provide you.
But this what seemed me the best and secured way for ur scattered users.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

Many techno-challenged students can remember their name & student-id number. It is not unusual for a site to ask for some kind of registration of authorized users, and let the system remember who they are from one sign-on to the next

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

Okay, we have done is purchased EZProxy from http://www.usefulutilities.com. It is an excellent program and has functionality to authenticate against users you create, email login/password, auth_http, or just about anything else you can think of. EZproxyisn’t a normal proxy in the way most people think of it. The way it works is that it only proxies the requests that have authenticated from off site.

Before you try doing anything complicated, try this program out!

Very small program, very good as well(no I don’t work for them). You can download a trial for NT or Linux from their website. About the only tricky part is getting your exproxy.cfg file set up to work with all the databases and that is more time consuming than anything.

All told it took me about 1/2 an hour to get it set up to work for us. After 3 years of trying to find a good solution, I am adamant that this is the best one.

Off-campus user authentication

In reply to Off-campus user authentication

Poster rated this answer

Off-campus user authentication

In reply to Off-campus user authentication

This question was closed by the author

[Author]

Replies