This is something I've been pondering, if there is a better way to solve this please feel free to say so.
We have a country-wide VPN network running on leased lines. Our server is hosted on one site, and our windows-based application (using WCF) connects to our server over the VPN.
Some of our (trusted)users need access from outside the physical locations of our sites, for this they have a username and password to connect their PC's to the VPN via the internet cloud.
However, we now have a few people wanting to use our application and access the data through their internet connections. But for these users specifically we do NOT want to give out our VPN's usernames and passwords. Neither do we want to use port-forwarding.
I think this should technically be possible... can I make a TCP connection to our PPTP server and create a secure VPN connection from WITHIN the application (NOT a Windows connection), thereby granting VPN access to the application, but not the user's entire computer. This username-password can be hardcoded or dynamic or whatever.
Good Idea? Bad Idea?
Possible?
Can this type of connection be hijacked? (this will grant access to our entire VPN)