I am evaluating Dynamic Login and I have a requirement from our IT Director to only allow certain roles (e.g. admin, host, customer service) to login from our internal IP address while other roles (e.g. customers) can only login from an external IP address.

After looking more closely at Dynamic Login it isn't clear this is "out of the box". I came up with some ideas ...

1. HTTP Module does the police work on every request. In this approach, it seems the DNN UserInfo object could be accessed and if it exists, roles could be checked against IP rules. In the event a rule is violated, the user could simply be logged out.
   
2. Sql Validation does the work only at login. In this approach, a stored proc would be called with @UserID and @IPAddress and the DNN roles would have to be checked manually against the IP rules.

Is there an easier way to prevent host/admin accounts from accessing a DNN site from an external IP? I wanted to avoid custom development as much as possible on this site and I can't imagine I am the first body to wander into this minefield ...

It seems like the IP restriction feature could be slightly enhanced to be positive and negative (allow/block) with some role matching thrown in on each rule for great effect.

Regards,

Stuart

Hello Stuart,

I believe there are Role Redirection Rules that you can configure.

You can use this type of logic with the Role Redirection Rules:

Valid Role:

If a User Account with Role A is logging in: Then redirect them to a page on your site.

Invalid Role:

If a User Account with Role B is logging in: Then redirect them to this page:

http://www.yoursite.com/admin/secur...ogoff.aspx

This will automatically log the user out.

Just an idea, you may want to try it out to see if it works for your use case.

Thanks,

Ryan