Have you ever had a need to allow only a subset of your users access to Citrix Web Interface or Secure Gateway? This is especially useful if you use an internal Web Interface and an external Web Interface/Secure Gateway environment. You might want to let anybody log on through the internal Web Interface, but restrict access through the external Web Interface/Secure Gateway. Sam Jacobs created a utility to do just that at http://www.ipm.com/home/freecode/RestrictedUsers.zip. The basic concept of this modification is to place a list of users in a text file on your Web Interface server. Then, the code looks in this file at login time to see if the authenticating user is allowed to continue.

This concept works quite well, but I had a request to allow non-technical people to control the access list. Rather than give them rights to the server to modify the text file, I came up with a slightly different solution - the Web Interface Access Control Center. This solution involves placing the allowed users in a database table and comparing the authenticating user to the database table, rather than a text file, at login time. As an added bonus, this solution logs all access attempts to the database as well.

To help implement this solution, I created an ASP.NET interface to allow adding and removing users from the list. This utility integrates with Active Directory to display available users to add to or remove from the access list. In addition, the utility analyzes usage and presents this information in a drill-down format.

Download the Web Interface Access Control Center


The Components

The Web Interface Access Control Center consists of three logical components; a database to store allowed users and access activity, a Citrix Web Interface server, and an IIS Web Application server running the .NET Framework version 2.0 to host the end-user utilities. I say these are three logical components because all three components can reside on the same physical server.

The Database
The database can be any ODBC compliant database such as Microsoft SQL, MSDE, MySql, etc. The database has a very simple structure consisting of only two tables; the WI_Access table to store which users are permitted access via Web Interface, and WI_AccessLog to store access attempts.

The Web Interface Server
Naturally you will need a Citrix Web Interface server. You will need to make one modification in order for this solution to work. The modification instructions can be found in the setup instructions accompanying the download. One thing to note however is if there is a firewall between the Web Interface server and the database, port 1433 will need to opened in order for SQL communication to occur.

The IIS Web Application Server
The IIS Web Application server reads information from the database and reports this information in a drill down fashion. The virtual directory that the web application runs from will need to be configured to use the .NET Framework version 2.0 (this is covered in the setup instructions).


Component Communications

Web Interface Access Control Center Communications


Screen Shots

Access Control List

Click to enlarge


Usage Calendar

Click to enlarge


Day Detail

Click to enlarge


Hour Detail

Click to enlarge


User Detail

Click to enlarge


I hope you find this tool useful. But, keep in mind that while every effort has been made to test this tool, this tool is still in "beta" and may contain bugs. Also, the modification made to Web Interface is not supported by Citrix.