I am preparing a website for private beta. The website can be used anonymously as well as allowing users to sign in (using Identity).
During Private beta, I need the entire site to be password protected so that only users with the password are able to access the main site. Once they get there, they can choose to browse the site "Anonymously" or they can signup for an actual account and browse with an account.
I am after any good/cheap solution to this problem whether it be
- a 3rd party website that can wrap my entire site in a secure/private setting
- A simple "gatekeeper" application that receives all requests for the website and just forwards them onto the full website if the user is authenticated
- some other solution (maybe using proxy server like nginx/HAproxy or somethine else entirely)
The solution has to be non intrusive to my current code base which is why I need it to completely wrap my application. Once beta is complete, I will then be able to remove the wrapping (and maybe repoint some DNS records) and the site will continue working without the authentication step.
So far I have not been able to find a suitable 3rd party site to use.
My attempt at creating my own wrapper
I have tried to create a very simple MVC application which takes a general route and sends it to a simple action that checks if the user is authenticated (private beta user) before requesting the proper page from the actual website (some internal url)
if(authenticated());
string url = "http://internalurl"+ Request.Url.LocalPath;
This has allowed me to keep my proper URL as the one that faces the user and their requests are just forwarded to the application that does all of the work.
The user has no idea that the request is forwarded since they only see properURL.com/somepage Basic concept on getting ActionResult from External site
I am having issues with this too because it only partially works. The HTML is retrieved from the internal site however the requests for the css and js files fail because when the wrapper site gets a request like
properURL.com/Content/css/style.css
the wrapper site tries to find the style.css file locally instead of catching the request for the static file and treating it as an action (to request it from the internal site).
I have tried many ways to get IIS to ignore this file type request and give the request to the RouteConfig to get caught in a route as follows:
routes.MapRoute(
"Content",
"Content/{*something}",
new { controller = "Home", action = "Content" } defaults
);
However this does not do anything to help
I have also tried adding a handler to the Web.config but it does not seem to help either.
<add name="CssFileHandler" path="Content*" verb="GET" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
Any ideas?
You can create a windows user account for this and then set up basic auth in IIS with permissions to the site. Then users can log in with that to get to the site. This is independent of your site's auth logic so they can then browse anonymously or create an account and log into the site using the asp.net authentication. This solution would also not require any modification to your application code.
https://technet.microsoft.com/en-us/library/Cc772009(v=WS.10).aspx