开发者

how can a registered member only can access my company website from android phone

i want my company website to ac开发者_如何学编程cess from my android phone but that website can only be accessed by registered member

i have login page in that i have to enter registered email and passwrd than directly from the login page only i have to redirect to my company web url ???

Please give suggestion

Thanks in advance


Edited, to be more explicit :

How to secure and restrict access to a website ?

Restrict network access

Maybe the simpliest solution. A web site is not always available on the internet or for everybody. In fact if your website sit in some machine in your company office, make it available on the net require more effort than just let local computers access to it.

What does that mean ? You configure your firewall and your network to allow access of your server for only some IP address/port. To continue on this network only solution, you can create a VPN that include your mobile phone devices.

Include authentification and authorization management directly in the application

The first solution is a first pass. It allow you to forbidd access to most people out of your organisation. But maybe you want more, you want for exemple that only people from marketing do have access to the web site. Or maybe you want depending of the user (or user group), allow them to do differents things.

The best way to do that is to directly manage uses rights into your website. You authenticate users, and when a specific functionnality is requested your firt verify is user has credential.

If you already have an IT department, it is likely that a directory is available with all users, their password and their groups. You can base your check on the directory, avoiding the harsle to create/delete users in your application directly.

Using a proxy to secure or authenticate access

This solution is like a melt of the other ones. First you make sure sure using network restriction that your web site is only accessible using the proxy machine (so only one IP basically). Then you use a web server (like Apache HTTPD server) as a proxy, or a gateway to access the website.

Basically, when a user want to request your website, it doesn't directly ask the application that manage it, but the proxy. Because the application server is isolated in the network, it doesn't have to be secured.

The proxy allow you to fine tune the behaviour of your web site :

  • you can add encryption using SSL to all data that transit from the client to server, so no senssible data is sent unprotected
  • you can compress all data that transit to optimize the bandwidth usage (really important for mobile device and their not so good
    internet connexion).
  • you can use HTTP authentification to check user has the right to access to the page. This can be just a login/password check, or a client certificate to fully secure the connexion, allowing only device with the certificate to be granted access.

You can tune access per group to certain part of the site, but this is not as flexible as retrictions done directly by the web site application.


Didn't catch you very well. Do you mean that you want your company website can just be accessed by android phone for registered member? If so, I think you can check what browser type can be used in android phone, and in your website check it from http request, like "String browserType=(String)request.getHeader("User-Agent");" .

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜