Discussion:
Portal Server/IIS config
(too old to reply)
Jason Wells
2004-06-22 00:41:33 UTC
Permalink
I'm running an IIS6/SharePoint Portal Server 2003 config that will be used
for external clients and internal clients. I have a trust between my
internal domain and the DMZ domain where the SharePoint server is.

My problem is the following. My client wants external users to not have to
enter a domain name to gain access. Simple solution if I didn't have the
trust setup for internal users right? Just use Basic Auth and get an SSL.
However, if I set it to Basic Authentication, my internal trusted users are
prompted for credentials.

When a user simply enters their name and password without domain\username
they get rejected and a re-prompt for credentials but it puts in the
www.mysite.com\username in. I would settle for it saying
mydmzdomain\username at the least.

I'm currently setup for Intergrated Authentication. Does anyone have any
advice or questions?

My only good thought so far has been to setup a second web pointing to the
same files. I'll be using SSL on the outside so I'll use port 80 for
internal trusted connections and 443 for external. I haven't spent much
time on this, but I'm not sure SharePoint is liking that.

Thanks for your advice,

Joey
Ken Schaefer
2004-06-22 02:08:03 UTC
Permalink
Hi,

If you use Basic Auth, then you can specify a default domain. HOWEVER, IE
will not "auto-logon" if you are using Basic Auth.

If you are using Integrated Windows Auth (NTLM v2, or Kerberos), then IE can
autologon, but there is no way to specify the domin - the user needs to
supply it manually.

See:
http://support.microsoft.com/?id=258063

Cheers
Ken

"Jason Wells" <***@verizon.net> wrote in message news:1fLBc.20263$***@nwrddc02.gnilink.net...
: I'm running an IIS6/SharePoint Portal Server 2003 config that will be used
: for external clients and internal clients. I have a trust between my
: internal domain and the DMZ domain where the SharePoint server is.
:
: My problem is the following. My client wants external users to not have to
: enter a domain name to gain access. Simple solution if I didn't have the
: trust setup for internal users right? Just use Basic Auth and get an SSL.
: However, if I set it to Basic Authentication, my internal trusted users
are
: prompted for credentials.
:
: When a user simply enters their name and password without domain\username
: they get rejected and a re-prompt for credentials but it puts in the
: www.mysite.com\username in. I would settle for it saying
: mydmzdomain\username at the least.
:
: I'm currently setup for Intergrated Authentication. Does anyone have any
: advice or questions?
:
: My only good thought so far has been to setup a second web pointing to the
: same files. I'll be using SSL on the outside so I'll use port 80 for
: internal trusted connections and 443 for external. I haven't spent much
: time on this, but I'm not sure SharePoint is liking that.
:
: Thanks for your advice,
:
: Joey
:
:
:
:
Jason Wells
2004-06-22 02:34:22 UTC
Permalink
Thanks Ken,

What did you think of my work around?
Post by Ken Schaefer
Hi,
If you use Basic Auth, then you can specify a default domain. HOWEVER, IE
will not "auto-logon" if you are using Basic Auth.
If you are using Integrated Windows Auth (NTLM v2, or Kerberos), then IE can
autologon, but there is no way to specify the domin - the user needs to
supply it manually.
http://support.microsoft.com/?id=258063
Cheers
Ken
: I'm running an IIS6/SharePoint Portal Server 2003 config that will be used
: for external clients and internal clients. I have a trust between my
: internal domain and the DMZ domain where the SharePoint server is.
: My problem is the following. My client wants external users to not have to
: enter a domain name to gain access. Simple solution if I didn't have the
: trust setup for internal users right? Just use Basic Auth and get an SSL.
: However, if I set it to Basic Authentication, my internal trusted users
are
: prompted for credentials.
: When a user simply enters their name and password without
domain\username
Post by Ken Schaefer
: they get rejected and a re-prompt for credentials but it puts in the
: www.mysite.com\username in. I would settle for it saying
: mydmzdomain\username at the least.
: I'm currently setup for Intergrated Authentication. Does anyone have any
: advice or questions?
: My only good thought so far has been to setup a second web pointing to the
: same files. I'll be using SSL on the outside so I'll use port 80 for
: internal trusted connections and 443 for external. I haven't spent much
: time on this, but I'm not sure SharePoint is liking that.
: Thanks for your advice,
: Joey
Ken Schaefer
2004-06-22 02:54:03 UTC
Permalink
I think that may be the best way to go...

Cheers
Ken

"Jason Wells" <***@verizon.net> wrote in message news:OUMBc.20298$***@nwrddc02.gnilink.net...
: Thanks Ken,
:
: What did you think of my work around?
:
: "Ken Schaefer" <***@THISadOpenStatic.com> wrote in message
: news:OG8zv2$***@TK2MSFTNGP12.phx.gbl...
: > Hi,
: >
: > If you use Basic Auth, then you can specify a default domain. HOWEVER,
IE
: > will not "auto-logon" if you are using Basic Auth.
: >
: > If you are using Integrated Windows Auth (NTLM v2, or Kerberos), then IE
: can
: > autologon, but there is no way to specify the domin - the user needs to
: > supply it manually.
: >
: > See:
: > http://support.microsoft.com/?id=258063
: >
: > Cheers
: > Ken
: >
: > "Jason Wells" <***@verizon.net> wrote in message
: > news:1fLBc.20263$***@nwrddc02.gnilink.net...
: > : I'm running an IIS6/SharePoint Portal Server 2003 config that will be
: used
: > : for external clients and internal clients. I have a trust between my
: > : internal domain and the DMZ domain where the SharePoint server is.
: > :
: > : My problem is the following. My client wants external users to not
have
: to
: > : enter a domain name to gain access. Simple solution if I didn't have
the
: > : trust setup for internal users right? Just use Basic Auth and get an
: SSL.
: > : However, if I set it to Basic Authentication, my internal trusted
users
: > are
: > : prompted for credentials.
: > :
: > : When a user simply enters their name and password without
: domain\username
: > : they get rejected and a re-prompt for credentials but it puts in the
: > : www.mysite.com\username in. I would settle for it saying
: > : mydmzdomain\username at the least.
: > :
: > : I'm currently setup for Intergrated Authentication. Does anyone have
: any
: > : advice or questions?
: > :
: > : My only good thought so far has been to setup a second web pointing to
: the
: > : same files. I'll be using SSL on the outside so I'll use port 80 for
: > : internal trusted connections and 443 for external. I haven't spent
much
: > : time on this, but I'm not sure SharePoint is liking that.
: > :
: > : Thanks for your advice,
: > :
: > : Joey
: > :
: > :
: > :
: > :
: >
: >
:
:

Loading...