You may also want to have a read of these: Downloadable book: Planning an Extranet Environment for Office SharePoint Server http://technet.microsoft.com/en-us/library/cc262400.aspx and also: http://technet.microsoft.com/en-us/library/cc268155.aspx and: http://technet.microsoft.com/en-us/library/cc262834.aspx
I've got other useful links here: http://www.diigo.com/user/jthake/sharepoint+extranet -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, 8 April 2009 11:17 AM To: [email protected] Cc: [email protected] Subject: RE: Preparing MOSS for internet access Hi Paul, That makes perfect sense, forms authentication for external party access, cant believe i am not seeing that picture until now! I was confused what's all the fuss with that because that means the internal staff will have to remember 2 passwords instead of 1 but of course we can use AD as provider instead of SQL but there is no difference with browser prompting for credentials, or is there? what's the issue with browser prompting for password compared to forms authentication that is using AD as provider? The ISA is not really in the picture, but it was mentioned by them before however i doubt they will approve that. Many thanks for your help, Christian "Paul Culmsee" <paul.culm...@sev ensigma.com.au> To Sent by: <[email protected]> [email protected] cc Subject 04/08/2009 11:08 RE: Preparing MOSS for internet AM access Please respond to [email protected] Hi Client certificates = good thing. Reduce the surface for exploitation. I assume you already have a decent PKI infrastructure set-up because that is a project in itself. FBA I use in general when the logins are not internal staff members. So this tends to fall into the group of 'client extranet' as opposed to 'staff extranet'. Integrated auth is obviously an issue with the way that the browser prompts for credentials, but this can be mitigated by using ISA Server to publish the site. You never mentioned ISA server - is that in the picture? Regards Paul -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, 8 April 2009 10:37 AM To: [email protected] Cc: [email protected] Subject: Preparing MOSS for internet access Hi guys I am wondering what would be the best practice, from architecture and development point of view to have moss exposed on the internet. I have a site that have been configured with 2 zones, one is default and the other one is extranet. The public facing website will not allow any login activity as it will automatically redirect the authenticate.aspx page to https (extranet) site and will require client certificate to access. Extranet will be used by our staff to update the contents of the public site. We are currently thinking to use forms authentication for extranet site but was wondering what does forms authentication have over integrated windows in term of security. What is the best practice out there and the most secure way or what did you actually do for your public facing MOSS projects to secure logins/authentication? I would love to hear everyone's experience :) Regards, Christian ===================================================================== Disclaimer: This message is intended only for the use of the person to whom it is expressly addressed and may contain information that is confidential and legally privileged. If you are not the intended recipient, you are hereby notified that any use, reliance on, reference to, review, disclosure or copying of the message and the information it contains for any purpose is prohibited. If you have received this message in error, please notify the sender by reply e-mail of the misdelivery and delete all its contents. Opinions, conclusions and other information in this message that do not relate to the official business of the Company shall be understood as neither given nor endorsed by it. ---------------------------------------------------------------------------- ---- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists ===================================================================== Disclaimer: This message is intended only for the use of the person to whom it is expressly addressed and may contain information that is confidential and legally privileged. If you are not the intended recipient, you are hereby notified that any use, reliance on, reference to, review, disclosure or copying of the message and the information it contains for any purpose is prohibited. If you have received this message in error, please notify the sender by reply e-mail of the misdelivery and delete all its contents. Opinions, conclusions and other information in this message that do not relate to the official business of the Company shall be understood as neither given nor endorsed by it. -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.46/2046 - Release Date: 04/07/09 17:53:00 -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists
