Different Authentication Provider for extranet and intranet RRS feed

  • Question

  • Hi,

    We are going to create one sharepoint web farm that can be accessed through Intranet or Internet, but we'd like to have different authentication mode for intranet access and internet access and have two categories of users (coorperate employees and partners, where partner account information is stored in database).

    For intranet access, we'd like to authenticate the users through through LDAP (IBM X500, instead of AD).

    For extranet access, we'd like to use form-based authentication against the partner accounts information stored in SQL server (in ASP.NET membership database).

    Is this possible for claims-based web sites?

    Thanks in advance.


    Monday, July 26, 2010 1:15 PM


All replies

  • Hi KevinLi,

    It is possible to configure forms - based authentication for a claims-based web application and then that you can expose for extranet access.

    Find mentioned links below:


    Hope this helps you.

    Regards Badal Ratra
    Monday, July 26, 2010 1:37 PM
  • Thanks,  Badal Ratra.

    I can configure forms-based authentication for the claims-based web application, but how to configure the same web application to allow LDAP authentication for internal users in the same time?

    Here is my understanding about OTB claims-based authentication: default claims-based can only support Windows Authentication and Forms-based authentication in the same time, but it seems not possible to support forms-based authentication (against SQL database) and LDAP authentication (with IBM X500) in the same time.

    So here are two questions I'd like to know:

    1. How to configure two authentication providers for the same web applications? In this case, SQL database and LDAP (X500).

    2. I do not want the end user to choose the authentication types. Instead, I'd like the system to automatically detect how the users are accessing the web application(internal or extranet). I'd like to customize the default login page to achieve this goal if we have a way to detect internal or external accessing.

    Can anybody help me out?

    Many thanks.


    • Edited by KevinLi Monday, July 26, 2010 2:28 PM update
    Monday, July 26, 2010 1:55 PM
  • The scenario you described where you have content you want different people to access using different authentication is the exact reason you can extend web applications and set up alternate access mappings.
    Monday, July 26, 2010 3:45 PM
  • Thanks, Todd Wilder.

    So the claims-based mechanism in 2010 cannot support this scenarios, right? Still need to do like SharePoint 2007?


    Monday, July 26, 2010 10:35 PM