IIS AD authentication on Perimeter server

IIS AD authentication on Perimeter server

am 02.05.2007 12:19:09 von templar.m

I have an IIS 6 server on our DMZ. I also have a developer that
requires his application to authenticate users into Active directory
this will provide the access to a back end SQL server.

If this was purely an Intranet site I would have only a little
hesitation in allowing all the ports required from the DMZ to the LAN
DC. I want the users experience on the site not to change. So if I can
purely use the browser and not a client VPN that would be perfect. If
an SSL certificate is installed that's fine.

What are some options available?

Thanks....
M

Re: IIS AD authentication on Perimeter server

am 02.05.2007 16:53:05 von Ken Schaefer

You could use ADAM in the DMZ? and same way to replicate AD -> ADAM

Alternatively, setup AD in DMZ with a one-way trust to the domain
internally.

Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
publish the IIS site.

Cheers
Ken

wrote in message
news:1178101149.423413.320030@p77g2000hsh.googlegroups.com.. .
>I have an IIS 6 server on our DMZ. I also have a developer that
> requires his application to authenticate users into Active directory
> this will provide the access to a back end SQL server.
>
> If this was purely an Intranet site I would have only a little
> hesitation in allowing all the ports required from the DMZ to the LAN
> DC. I want the users experience on the site not to change. So if I can
> purely use the browser and not a client VPN that would be perfect. If
> an SSL certificate is installed that's fine.
>
> What are some options available?
>
> Thanks....
> M
>

Re: IIS AD authentication on Perimeter server

am 02.05.2007 21:38:13 von Consultant

or adfs

"Ken Schaefer" wrote in message
news:uXN0fmMjHHA.4520@TK2MSFTNGP02.phx.gbl...
> You could use ADAM in the DMZ? and same way to replicate AD -> ADAM
>
> Alternatively, setup AD in DMZ with a one-way trust to the domain
> internally.
>
> Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
> publish the IIS site.
>
> Cheers
> Ken
>
> wrote in message
> news:1178101149.423413.320030@p77g2000hsh.googlegroups.com.. .
>>I have an IIS 6 server on our DMZ. I also have a developer that
>> requires his application to authenticate users into Active directory
>> this will provide the access to a back end SQL server.
>>
>> If this was purely an Intranet site I would have only a little
>> hesitation in allowing all the ports required from the DMZ to the LAN
>> DC. I want the users experience on the site not to change. So if I can
>> purely use the browser and not a client VPN that would be perfect. If
>> an SSL certificate is installed that's fine.
>>
>> What are some options available?
>>
>> Thanks....
>> M
>>
>