The IT department of my company refused to host an ASP .Net Web App on our intranet. For security reasons that would be the best solution. Right now I'm considering other options. One of those is to use ipSecurity on the web.config file in order to only allow people inside the organization to access it.
Since every computer in a office branch have the same IP address I'm wondering if the following code is enough to block the access of anyone outside our organization.
<system.webServer>
<security>
<ipSecurity enableReverseDns="true" allowUnlisted="false">
<add ipAddress="123.123.123.123" allowed="true" />
<add domainName="out1.mycompany.com" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
In your opinion what are the security risks involved? Can this not be enough to restrict the audience that can use the web site?