[alane]

I have a website secured by a membership control program (aMember) that works great as a stand alone site. Members log in using a unique username/password combination.

I have been approched by a fair sized company that wants to access my site by around 400 of their workers and I am thinking along the lines that as they have their own intranet that their workers log into could I have a 'gateway' from their intranet to my site they would control access via their login process and thereby have access to mine.

I can easily setup a portion of my site to provide the information, bypassing my log in section, but I am looking for pointers as to allowing access from their side of the gateway to my site but at the same time making it impossible to access my site that way from the open internet. Would this even be possible?

Presumably I would have a page on their system that would link through a page or link on mine that would only be availailable to them (Passwords exchanged between the two pages/links?) but blocked to the open world.

At the moment I am looking for suggestions if this is even feasable and , if so, some general ideas of how to pass the information between the two servers so I have a starting point from which to try setting up the system.

Once I have started to actually code the two links I might need to come back with that code for some more specific advise (Sorry!!).

Thanks in advance
Alan

I have posted this in the PHP section as my site runs on PHP and presumably this gateway would be programmed in PHP, at least on my side.

[wirehopper]

Ideas
Allow all their people to create accounts on your system and access them like everyone else
Install a copy of your system in their intranet (if that make sense based on content/functionality)
Use their existing login data to authenticate into your server, Should use HTTPS for communication.
See if you can use their authentication system, such as LDAP or ActiveDirectory for authentication (if possible).
Restrict access to a particular login page for your site by IP address, meaning only requests that come through that IP address will be served.
Use an alternate port to serve their pages.

[projo]

If the employees will connect through the company's unbrella with a static IP or a narrow range of static IP's then you could check for that. Additionally, with an IP match, you could require just a password (no user name), i.e. a single password that the company distributes to the employees. You could give the company several passwords so that they could manage who had access and who did not by groups (for example, a visiting team could be given access for the time of the visit and then the password deleted bu you). You could also reassign passwords on a yearly basis, for whatever reason. They could use the company name, or nickname, as a user name if desired (You could expand to other companies).

Of course this assumes that more than one login from the same virtual user is not an issue with the operation of your site.

Gary

[alane]

Thanks for the suggestions. Just couldn't think of a way (brain dead probably!!).

Will go with the IP checking I think together with a password if it becomes necessary.

[scott2500uk]

Presumably this big company will be running some sort of Windows network?

If yes then all their staff will have window login accounts to their systems. If you can get access to one of their domain controllers you can use LDAP to authenticate their members with the usernames and passwords they use to login to their office computers.

Then when they first login to your site you can auto create a username and password for them in your website as LDAP can read all the bits such as firstname lastname email etc etc

Just an idea.

[searchmarketing]

There will be a problem while accessing the code. Many companies will not give privileges to the employees to access the code. A remote desktop allows them the access the code which is remote to them from the server.