| Author |
Read Write production site in SSL
|
|
|
| Hi There
We are developing a MSCMS2002 enabled site for a client and want to get some
points clarified to check that we are actually on the right track for the
deployment.
The client is using MSCMS standard edition (1cpu) but has opted the
production server to be hosted by a third party as they dont have the
capability to host it themselves. But has indicated that they wish to
takeover the hosting at a later stage.
My questions are around these.
Content Authoring:
To author content we propose to have a Forms login page such as
https://site.com/Login.aspx
And for security reasons (set down by the hosting provider) we have to force
the authors to edit content in SSL mode.
Would this be possible for a site with host headers turned on?
I assume that this will be an entry in web.config with authentication set to
forms?
I understand that there will be a performance hit on the server when Content
editing is done in SSL mode.
Are there any other gotchas! that we need to be aware of when we do actual
development to support this model.
Any considerations that we need to take into account when developing
templates and setting up workflow etc?
The site will be read/write as content editing will be enabled for the site.
Also is it possible to setup CMS to have a separate URL for content authors
and a separate URL for subscribers
Ex: Authors: https://site.authoringmode.com/
Subscribers: http://site.com
Production server build.
We have to make a call whether to use Windows 2000 as the production server
or Windows Server 2003.
What would be the better option?
any comments are greatly appreciated
many thanks
Chan
| |
| Stefan [MSFT] 2004-07-28, 6:10 pm |
| Hi Chan,
standard edition does not allow to have the map channel to host header
feature turned on.
And IIS host header mapping will not work with SSL.
Cheers,
Stefan.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
MCMS FAQ:
http://download.microsoft.com/downl...6a/MCMS+2002+-+(complete)+FAQ.htm
MCMS Blog: http://blogs.msdn.com/stefan_gossner/category/4983.aspx
MCMS Sample Code:
http://www.gotdotnet.com/community/...t+S
erver
MCMS Whitepapers and other docs:
http://blogs.msdn.com/stefan_gossne...2/07/41859.aspx
--------------------------------
"Chan" <chan_synergy@hotmail.com> wrote in message
news:OlwNUEDdEHA.3392@tk2msftngp13.phx.gbl...
> Hi There
>
> We are developing a MSCMS2002 enabled site for a client and want to get
some
> points clarified to check that we are actually on the right track for the
> deployment.
>
> The client is using MSCMS standard edition (1cpu) but has opted the
> production server to be hosted by a third party as they dont have the
> capability to host it themselves. But has indicated that they wish to
> takeover the hosting at a later stage.
> My questions are around these.
> Content Authoring:
>
> To author content we propose to have a Forms login page such as
> https://site.com/Login.aspx
> And for security reasons (set down by the hosting provider) we have to
force
> the authors to edit content in SSL mode.
> Would this be possible for a site with host headers turned on?
> I assume that this will be an entry in web.config with authentication set
to
> forms?
>
> I understand that there will be a performance hit on the server when
Content
> editing is done in SSL mode.
> Are there any other gotchas! that we need to be aware of when we do actual
> development to support this model.
> Any considerations that we need to take into account when developing
> templates and setting up workflow etc?
>
> The site will be read/write as content editing will be enabled for the
site.
> Also is it possible to setup CMS to have a separate URL for content
authors
> and a separate URL for subscribers
> Ex: Authors: https://site.authoringmode.com/
> Subscribers: http://site.com
>
> Production server build.
>
> We have to make a call whether to use Windows 2000 as the production
server
> or Windows Server 2003.
> What would be the better option?
>
> any comments are greatly appreciated
>
> many thanks
>
> Chan
>
>
>
>
| |
|
| Chan,
For the separate SSL access part of your questions; you can set up a second
ip address on the NIC or even install a second NIC. Create an addtional web
site using the second IP address. Add a certificate to the second web site
for SSL. I can't remember IIS 5.0s config, but I think there is a check box
in IIS 6 that you tick to allow only SSL traffic. Through SCA on the Web
tab you nominate that the second site is to be used by MCMS by clicking on
config. Once this is completed MCMS adds the NR virtual directory to the
web site. You could also make the original web site a read-only for extra
security. The second web site will also need the ASP.NET application virual
directory to get access to the aspx temple files. This will have to be
added manually by simply taking note of the config of the app directory on
the original site and creating a new virual directory in the new site with
the same settings. In DNS you ensure that the original site host entry
remains the same. For editor/author access you could add a new host entry
for the new web site to the domain and have the editors/author access that
host or if you do not what the host name displayed you could issue each
editor/author with a hosts file containing the IP and host name of the
authoring web site. If the DNS server supports dynamic DNS you may need to
ensure that the authoring IP address does not register (easiest done by
having a second NIC)
Going from memory so I think I have put forward a working solution.
I remember speaking to an MS consultant last year at TECH ED (Australia) and
he said the MCMS could not take advantage of the advanced features of IIS 6
(something about the HTML rendering - I think) and therefore there was no
advantage in that area. However 2003 is supposed to be a more secure
out-of -the-box setup. (Maybe too secure at first for a MCMS install)
Hope this helps
Ray T
"Chan" <chan_synergy@hotmail.com> wrote in message
news:OlwNUEDdEHA.3392@tk2msftngp13.phx.gbl...
> Hi There
>
> We are developing a MSCMS2002 enabled site for a client and want to get
some
> points clarified to check that we are actually on the right track for the
> deployment.
>
> The client is using MSCMS standard edition (1cpu) but has opted the
> production server to be hosted by a third party as they dont have the
> capability to host it themselves. But has indicated that they wish to
> takeover the hosting at a later stage.
> My questions are around these.
> Content Authoring:
>
> To author content we propose to have a Forms login page such as
> https://site.com/Login.aspx
> And for security reasons (set down by the hosting provider) we have to
force
> the authors to edit content in SSL mode.
> Would this be possible for a site with host headers turned on?
> I assume that this will be an entry in web.config with authentication set
to
> forms?
>
> I understand that there will be a performance hit on the server when
Content
> editing is done in SSL mode.
> Are there any other gotchas! that we need to be aware of when we do actual
> development to support this model.
> Any considerations that we need to take into account when developing
> templates and setting up workflow etc?
>
> The site will be read/write as content editing will be enabled for the
site.
> Also is it possible to setup CMS to have a separate URL for content
authors
> and a separate URL for subscribers
> Ex: Authors: https://site.authoringmode.com/
> Subscribers: http://site.com
>
> Production server build.
>
> We have to make a call whether to use Windows 2000 as the production
server
> or Windows Server 2003.
> What would be the better option?
>
> any comments are greatly appreciated
>
> many thanks
>
> Chan
>
>
>
>
| |
|
| Hi Ray
Thanks, This seems to be a good solution.
much appreciated
Chan
"Ray T" <rtrattles@itteducation.com.au> wrote in message
news:O9vQ2nHdEHA.1656@TK2MSFTNGP09.phx.gbl...
> Chan,
>
> For the separate SSL access part of your questions; you can set up a
second
> ip address on the NIC or even install a second NIC. Create an addtional
web
> site using the second IP address. Add a certificate to the second web
site
> for SSL. I can't remember IIS 5.0s config, but I think there is a check
box
> in IIS 6 that you tick to allow only SSL traffic. Through SCA on the Web
> tab you nominate that the second site is to be used by MCMS by clicking on
> config. Once this is completed MCMS adds the NR virtual directory to the
> web site. You could also make the original web site a read-only for extra
> security. The second web site will also need the ASP.NET application
virual
> directory to get access to the aspx temple files. This will have to be
> added manually by simply taking note of the config of the app directory on
> the original site and creating a new virual directory in the new site with
> the same settings. In DNS you ensure that the original site host entry
> remains the same. For editor/author access you could add a new host entry
> for the new web site to the domain and have the editors/author access that
> host or if you do not what the host name displayed you could issue each
> editor/author with a hosts file containing the IP and host name of the
> authoring web site. If the DNS server supports dynamic DNS you may need
to
> ensure that the authoring IP address does not register (easiest done by
> having a second NIC)
>
> Going from memory so I think I have put forward a working solution.
>
> I remember speaking to an MS consultant last year at TECH ED (Australia)
and
> he said the MCMS could not take advantage of the advanced features of IIS
6
> (something about the HTML rendering - I think) and therefore there was no
> advantage in that area. However 2003 is supposed to be a more secure
> out-of -the-box setup. (Maybe too secure at first for a MCMS install)
>
> Hope this helps
>
> Ray T
>
> "Chan" <chan_synergy@hotmail.com> wrote in message
> news:OlwNUEDdEHA.3392@tk2msftngp13.phx.gbl...
> some
the[vbcol=seagreen]
> force
set[vbcol=seagreen]
> to
> Content
actual[vbcol=seagreen]
> site.
> authors
> server
>
>
|
|
|
|