IIS AD authentication on Perimeter server
I have an IIS 6 server on our DMZ. I also have a developer that
requires his application to authenticate users into Active directory
this will provide the access to a back end SQL server.
If this was purely an Intranet site I would have only a little
hesitation in allowing all the ports required from the DMZ to the LAN
DC. I want the users experience on the site not to change. So if I can
purely use the browser and not a client VPN that would be perfect. If
an SSL certificate is installed that's fine.
What are some options available?
Thanks....
M
Re: IIS AD authentication on Perimeter server
You could use ADAM in the DMZ? and same way to replicate AD -> ADAM
Alternatively, setup AD in DMZ with a one-way trust to the domain
internally.
Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
publish the IIS site.
Cheers
Ken
<templar.m [at] gmail.com> wrote in message
news:1178101149.423413.320030 [at] p77g2000hsh.googlegroups.com.. .
>I have an IIS 6 server on our DMZ. I also have a developer that
> requires his application to authenticate users into Active directory
> this will provide the access to a back end SQL server.
>
> If this was purely an Intranet site I would have only a little
> hesitation in allowing all the ports required from the DMZ to the LAN
> DC. I want the users experience on the site not to change. So if I can
> purely use the browser and not a client VPN that would be perfect. If
> an SSL certificate is installed that's fine.
>
> What are some options available?
>
> Thanks....
> M
>
Re: IIS AD authentication on Perimeter server
or adfs
"Ken Schaefer" <kenREMOVE [at] THISadOpenStatic.com> wrote in message
news:uXN0fmMjHHA.4520 [at] TK2MSFTNGP02.phx.gbl...
> You could use ADAM in the DMZ? and same way to replicate AD -> ADAM
>
> Alternatively, setup AD in DMZ with a one-way trust to the domain
> internally.
>
> Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
> publish the IIS site.
>
> Cheers
> Ken
>
> <templar.m [at] gmail.com> wrote in message
> news:1178101149.423413.320030 [at] p77g2000hsh.googlegroups.com.. .
>>I have an IIS 6 server on our DMZ. I also have a developer that
>> requires his application to authenticate users into Active directory
>> this will provide the access to a back end SQL server.
>>
>> If this was purely an Intranet site I would have only a little
>> hesitation in allowing all the ports required from the DMZ to the LAN
>> DC. I want the users experience on the site not to change. So if I can
>> purely use the browser and not a client VPN that would be perfect. If
>> an SSL certificate is installed that's fine.
>>
>> What are some options available?
>>
>> Thanks....
>> M
>>
>
