I'm trying to create a web.config file for security on an intranet.
I want it to have the following rules:
- If someone browses to the site on a specific IP range, they get straight in.
- If someone doesn't fall into that IP range, they are presented with a log in box that authenticates against an LDAP query.
I have gone down the route so far of the following method for IP access and it works fine.
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="x.x.x.0" subnetMask="255.255.255.0" allowed="true"/>
</ipSecurity>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
How could I then combine this with LDAP authentication (if that's even possible)? Or should I take a different approach? My only concern so far is that the ipsecurity method is too specific and you are either allowed in or you're not with no room for another form of authentication.
Any tips would be much appreciated!
Thanks in advance,
Tom