IIS Server Security - IIS AD authentication on Perimeter server

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > May 2007 > IIS AD authentication on Perimeter server





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author IIS AD authentication on Perimeter server
templar.m@gmail.com

2007-05-02, 7:19 am

I have an IIS 6 server on our DMZ. I also have a developer that
requires his application to authenticate users into Active directory
this will provide the access to a back end SQL server.

If this was purely an Intranet site I would have only a little
hesitation in allowing all the ports required from the DMZ to the LAN
DC. I want the users experience on the site not to change. So if I can
purely use the browser and not a client VPN that would be perfect. If
an SSL certificate is installed that's fine.

What are some options available?

Thanks....
M

Ken Schaefer

2007-05-02, 1:31 pm

You could use ADAM in the DMZ? and same way to replicate AD -> ADAM

Alternatively, setup AD in DMZ with a one-way trust to the domain
internally.

Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
publish the IIS site.

Cheers
Ken

<templar.m@gmail.com> wrote in message
news:1178101149.423413.320030@p77g2000hsh.googlegroups.com...
>I have an IIS 6 server on our DMZ. I also have a developer that
> requires his application to authenticate users into Active directory
> this will provide the access to a back end SQL server.
>
> If this was purely an Intranet site I would have only a little
> hesitation in allowing all the ports required from the DMZ to the LAN
> DC. I want the users experience on the site not to change. So if I can
> purely use the browser and not a client VPN that would be perfect. If
> an SSL certificate is installed that's fine.
>
> What are some options available?
>
> Thanks....
> M
>

Consultant

2007-05-02, 7:19 pm

or adfs

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:uXN0fmMjHHA.4520@TK2MSFTNGP02.phx.gbl...
> You could use ADAM in the DMZ? and same way to replicate AD -> ADAM
>
> Alternatively, setup AD in DMZ with a one-way trust to the domain
> internally.
>
> Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
> publish the IIS site.
>
> Cheers
> Ken
>
> <templar.m@gmail.com> wrote in message
> news:1178101149.423413.320030@p77g2000hsh.googlegroups.com...
>


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com