logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: How to force url to use login page first if not authnticated
Author
vivek2k18



Joined: 23 Jul 2018
Posts: 1
Location: India

PostPosted: Mon 23 Jul '18 17:36    Post subject: How to force url to use login page first if not authnticated Reply with quote

Hello All,

I am struggling with one scenario. I hope you guys can suggest some good solutions here.

Case: I have one application like https://xyz.domain.com
It is actually login page for internal user and external user and it is handled by IIS web server, all authentications are managed by IIS only, after authentication this url forwarded to Apache web server, where application is hosted. URL is https://xyz.domain.com:449/t2y.
Issue is if someone copy this Apache url and open in new browser then anyone can access this url without any issue. I expect it should not run if user is not authenticated and url go to login page which i have explained earlier.
I have seen that after authentication IIS keep AUTH_SESSION_ID, So my question is -- Is it possible in Apache to check AUTH_SESSION_ID, if it exist then user can access Apache url and if there is no value or missing AUTH_SESSION_ID then it should forward to login url?

Any idea how to fix that scenario?

Thanks in Advance!!

Regards,
Vivek
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Fri 27 Jul '18 10:39    Post subject: Reply with quote

When on the same server you can add port 449 to the firewall.
Back to top


Reply to topic   Topic: How to force url to use login page first if not authnticated View previous topic :: View next topic
Post new topic   Forum Index -> Apache