Providing Authentication to users on a Secure Subnet

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have a website that is built around a web-application that my
company purchased. My company has full ownership and administrative
rights to this software and its corresponding files.  It uses HTTP
Basic Authentication and that cannot be changed at all (it is compiled
into the web-application itself).  

This is my problem:

We have a secure subnet (a customer of ours) that regularly uses this
website and they don't want to have to log in to this server (as they
have already had to log in to their own network).  We used to get
around this problem by using the username and password on the URL line
( but since Microsoft
eliminated that with one of their service packs it is no longer
possible. (And the customer won't go to all their computers
....numbering some 200-300... and change the registry).  Is their any
way to supply the client browser with the proper credentials through
scripting (or any mechanism, for that matter) so that this automation
can be achieved WITHOUT any browser-user interaction?

My idea was to point the customer to an different "home page" for this
website, check their REMOTE_ADDR to see if they are in the approved
subnet, and, if so, give them the username and password whereupon they
would be pointed to the original home page.  I'm getting stuck at the
point where those credentials need to be implemented by the browser
without the user's intervention.

Any insight into this problem would be greatly appreciated.


Re: Providing Authentication to users on a Secure Subnet

Quoted text here. Click to load it

Create a proxy server of sort with PHP. Your special customers would go to a
URL looking something like this:

The web server would launch proxy.php, with /somewhere/outthere.jsp as the
PATH_INFO. The script now checks REMOTE_ADDR, then retrieve the contents
from the web application with a call to readfile():

<?php readfile($PATH_IFNO?$QUERY_STRING");

If you want to get fancy, you can use Apache rewrite to reroute visitors
from the specific IP range:

RewriteCond %       ^123\.45\.67\.[8-9]$
RewriteRule ^/(.*)   /proxy.php/$1

Now they don't have to use remember the special URL.

Site Timeline