Check if user is logging in from within the company

Asked

Viewed 93 times

5

I will not go into details of the technology used, because the doubt is more on the best way to resolve this situation. I have the following scenario:

  • Company with several subsidiaries;
  • These branches have their employees;
  • The system with the front-end in Angularjs and several back-ends in Java has already been in production for almost 1 year.

When the developer logs in from anywhere, he has full access to the system, as it already works normally. However, you will now have a change, if the user logs into any other location, other than within the company, he will only have access to some parts of the system.

What is the best way to check if the user is logging in from within the company and thus releasing full access or from any other location and thus releasing only partial access?

angularjs spring

  • There’s a question, because you can do it using geolocation, but I don’t know if it’s the best way to do it.

  • In my view, this should be the initial concern of the infra team. Offer you a parameter to know when the request comes from extranet.

1 answer

0

You can create a list of trusted ips and any ip outside of these only accesses parts of the system. Something like this should be controlled in the back end right after the login request. And then on the front you only display what is according to each profile.

  • Thanks for the reply @Vinícius Mussato In case the ips change, because they are branches in Brazil all over, this type of control would be complicated. I have been thinking about the idea of two (2) login levels: - The first branch user (some master user for example); - The second user, where before granting access would check the status of the user Máster; ?

  • It works, instead of using the ip you will use the user profile. I think the ideal would be whenever a user is created it be by default the user with the lowest level of access. Then there would be an Adm user who upgrades his profile.

  • In this way the affiliate’s master user would log in and maintain the status. The next users when logging in, would make a check if the status of the master user is online, so would have full or offline access, so would have partial access. @Vinicius Mussato would work that way?

Browser other questions tagged angularjs spring

You are not signed in. Login or sign up in order to post.