0

A lot of our products get demoed to clients at certain development milestones, and to do this we generally set up a separate instance of the web app on a demo.product.com domain, or something similar. We like to restrict access to these so people can't access the domain after seeing the product in a WebEx etc. so we usually do something like:

  • Restrict access by IP, which works if the demos are done in our offices (as we know the IP)
  • Turn off anonymous authentication and require Windows authentication to gain access (demoers can sign in with domain credentials)

Things become a bit more tricky when the following is true:

  • Demos are being done off our premises (we don't know the IP address)
  • Things affect using Windows authentication (Owin doing the auth, or we are hosting on Azure)

I'm at a bit of a loss about how I can go about securing sites which are affected by the latter set of bullet points. How have others gone about it?

James
  • 1,028
  • 9
  • 20
  • If the demo is done over WebEx (I assume they connect to your session) they why would the application need to be exposed externally? Ideally, you simply have an internal test network that allows you to deploy multiple instances for your demo application. – Juxhin May 23 '16 at 12:30
  • Some are done over WebEx, but others are done on the client's premises - there is no black and white rule around this sadly. – James May 23 '16 at 12:31
  • If it's done in the clients network environment there isn't much you can do unfortunately. Not sure how Web shops handle such situations unless you decide to give arbitrary subdomains for each demo, e.g 756jsiduaj.demo.host.com – Juxhin May 23 '16 at 18:03

0 Answers0