Feature request: Exclusion list for certain IP addresses #170
Comments
|
Hi, Have you done any research on that yet if you were to append the code yourself? |
|
Hello Nils,
Thank you for the quick response. I did not yet do any research as I presumed that I might be able to use the APIs that you describe. I can see that this might be a problem either now or in the future. Perhaps checking the eventviewer for an eventid 25 in the TerminalServices-LocalSessionManager/Operational could be a solution? I found that when an RDP session is successfully authenticated by its user/password combination and before the two-factor authentication is validated the IP address is logged in eventid 25. One might assume that the Windows code used for reading from the eventviewer is not changed in the near future.
Regards,
Ge.
…________________________________
From: Nils Behlen ***@***.***>
Sent: Monday, July 22, 2024 10:36
To: privacyidea/privacyidea-credential-provider ***@***.***>
Cc: gesture1968 ***@***.***>; Author ***@***.***>
Subject: Re: [privacyidea/privacyidea-credential-provider] Feature request: Exclusion list for certain IP addresses (Issue #170)
Hi,
we have had this idea ourself or as request now multiple times.
The problem i found is that there is no reliable way to get the client IP in RDP scenarios. We would need to use interal windows APIs which can break at any time in the future with any update, and even then it seems to work only for RD Gateways.
Have you done any research on that yet if you were to append the code yourself?
—
Reply to this email directly, view it on GitHub<#170 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ACN6UVIFS3GSUNWS6VURYZDZNS77DAVCNFSM6AAAAABLH2HAPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBSGM4TOMBRGI>.
You are receiving this because you authored the thread.
|
|
I have only expored the "direct" way via win32 api, which is not really viable, so maybe an indirect way might work better. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to request a feature in the Windows credential provider client. Although I could try to append the code myself, I'm unable to compile the source code on VS2022 due to Linker errors. The request is to have a registry setting containing a list of IP blocks that are excluded from two-factor authentication. I'm using the client on a number of PC's in my network, and they are accessible from the internet via RDP. I want them to use two-factor authentication, but only from the internet and not when I'm connecting to the PC's via my local network. If the client could check for the list of excluded P addresses, it could skip the two-factor for my internal IP addresses.
Regards,
Ge.
The text was updated successfully, but these errors were encountered: