none
regarding server communication between two domains

    Question

  • Hi,

    We are having a sharepoint 2010 medium farm environment for extranet and inranet sites.

    UAG->firewall->dmz(2 web front ends)->firewall ->internal network(1 app server,1search server,2 database clusters) <--2 web fronts

    so we have a pair of web front ends in the public dmz and also in the internal network

    the 2 web fronts(for external users) sit inside the public dmz which is one domain say "DomainA" and the rest(app server,search and the db , 2 web fronts(for internal users)) in other domain say "DomainB"

    how does the communication between the server takes place ...

    for instance if the external user he comes from

    external user -->UAG-->DMZ(2 web front)-->  and lets say he wants to create a list...

    so since it uses the form based authentication he will get authenticated and the web front ends will go and hit the application server ...

    and if at the same time if the internal user wants to create document lib so he comes like

    internal users-->web front ends-->application server-->database

    how does the application server knows from where it is getting wat request....since it is getting request from the external users from a domainA and internal users from domainB .. do the application server get a request in some form , from the web front servers like "domainname/token"? even when the application server talks with the database server does it pass any kind of token? does the communication of user(from web front ends ->application server->database and then back to user)) goes thru any kind of security tunnel?

    Appreciate your help!

    Thanks

    sandesh

     

    Tuesday, August 09, 2011 3:04 PM

Answers

  • Hi,

    1. Sharepoint server appliacations will not care about the requests are from external users or internal users.  sharepoint servers always does what users let them do based on their permissions.

    2. If you want to tell the requests are from external users or internal users, you can get it through spuser object which will tell you which domain the users are from or through request object to get the ips and so on.

    Regards,

    Seven

    • Marked as answer by spcrawler Monday, August 15, 2011 3:52 PM
    Friday, August 12, 2011 8:33 AM
  • Hi,

    This is authentication issue, of course we need to make sure we have configured the farm properly. I think your question is about how the requests from different domain can succeed in going to other servers in another domain. for this question, you need to make sure users in different domain have access to the firewares and another domain and other net components if existed.

    Regards,

    Seven

    • Marked as answer by spcrawler Monday, August 15, 2011 3:52 PM
    Monday, August 15, 2011 8:37 AM

All replies

  • Hi,

    Our current senario looks like this.sharepoint 2010 medium farm(extranet and intranet sites)

    the web front which sit in the public dmz are are for the extranet users and the ones that are in the internal network are intranet users

    public DMZ(UAG-->2 WEB FRONTS) -->Internal network(application server,search server,2 web front ends,database)

    The public dmz has a domain-domainA

    the internal network has a domain-domainB

    we are using forms based authentication for the extranet users..with sql membership provider..

    so lets say the extranet user wants to create a list and the intranet user also wants to create a documet library...how does the

    application server know exactly know the user wants to create a list is an extranet user and same for the intranet..?

    since the extranet user request comes from different domain "domainA"..In what form does the application server recieves the request?

    Appreciate your help!

    Thanks

    sandesh

    • Merged by Seven M Tuesday, August 16, 2011 8:57 AM duplicate
    Wednesday, August 10, 2011 3:03 PM
  • Hi,

    1. Sharepoint server appliacations will not care about the requests are from external users or internal users.  sharepoint servers always does what users let them do based on their permissions.

    2. If you want to tell the requests are from external users or internal users, you can get it through spuser object which will tell you which domain the users are from or through request object to get the ips and so on.

    Regards,

    Seven

    • Marked as answer by spcrawler Monday, August 15, 2011 3:52 PM
    Friday, August 12, 2011 8:33 AM
  • Hi Seven,

    Thanks for the reply!

    so in the first case u meantioned...lets say the web front ends are in the public dmz in domain A and the application server

    is in domain B..the user has permissions to access the particualr site but there is no trust between two domains,...how

    will the application server know abt this?

    Thanks

     

    Friday, August 12, 2011 12:41 PM
  • Hi,

    This is authentication issue, of course we need to make sure we have configured the farm properly. I think your question is about how the requests from different domain can succeed in going to other servers in another domain. for this question, you need to make sure users in different domain have access to the firewares and another domain and other net components if existed.

    Regards,

    Seven

    • Marked as answer by spcrawler Monday, August 15, 2011 3:52 PM
    Monday, August 15, 2011 8:37 AM