I have an IIS7 server that's hosted out outside (as in a completely different location) of our HQ. It was going to be used for a new project, but it subsequently fell through and now we have a server that's not being used. I've basically converted it to a storage provider for our Salesforce account because Appirio is just priced ridiculously.
I have IP address and domain restrictions set to block all except for the ones I select, like our offices. The problem is that we have field workers that use Salesforce outside of the offices like at their homes or via mobile devices. That's where the IP restrictions become a hindrance because they'll be blocked and won't be able to do what they need to do.
So, is there a way to restrict access to the server without IP restrictions? I can't do authentication through Windows or Salesforce. I was thinking about using a token in the URL string to validate the visitor because they'll only be accessing the server through Salesforce which I can control, to a degree, but I'm not sure. I also have an available SSL certificate which I could put into use, but I'm not sure what to couple it with?
Yes, you just need to add the iis7 server role for Ip Restriction. You the need to delegate the feature to the required site in iis so the option appears at that level.
Then you can specify simple rules for ip restrictions. Once enabled you can also manage this setting directly from the web.confg file depending how iis is configured so you could even manage this setting from your own website scripting language.