locked
Intranet / Extranet question RRS feed

  • Question

  • We have a MOSS 2007 Intranet that we will be rolling out soon.

    Right now we don't have any MOSS precense outside the firewall.  We have several departments that need to collaborate with outside businesses.  

    Most likely the communication will be a press release or a new policywill be created on the intranet server, then it will get pushed out to the Extranet environment.  It would be nice for internal users to be able to use windows authentication, while the outsiders have thier own forms based logins.

    Is this something that is advisable to doing and is it easy enough to keep the "forms" users from getting to the Intranet server?  Or should we use 100% forms authentication even for internal users and maybe just use web services to provide communication between the two?
    Friday, August 29, 2008 2:27 PM

Answers

  • Hmmm ..."not supported."

    I think it is.  I think that this configuration you want, GreenWaterBoy, is well supported by SharePoint.

    I'd work with an experience partner to set it up unless you have time and gumption :)

    The process would go roughly along these lines:
    - Determine how you want to authenticate external users.
    - Implement or use pre-existing authentication and role providers.
    - Extend the internal web application out to a new web application accessible over the public internet.
    - Configure the extended web to use the appropriate membership/role providers.
    - Configure security as needed to prevent extenral users from accessing stuff they should not be allowed to get at.

    That's a very rough description.

    Totally doable, being done a lot these day.

    Good luck.

    --Paul Galvin of www.Conchango.com @ http://feeds.feedburner.com/PaulGalvinsSharepointSpace
    Saturday, August 30, 2008 10:42 PM

All replies

  • Forms Authentication worked well in our testing but is not MS supported. Can't vouch for it's security but we used this in testing to set up the db and the SP site:
    http://www.codeproject.com/kb/sharepoint/fba.aspx

    Friday, August 29, 2008 3:39 PM
  • Hmmm ..."not supported."

    I think it is.  I think that this configuration you want, GreenWaterBoy, is well supported by SharePoint.

    I'd work with an experience partner to set it up unless you have time and gumption :)

    The process would go roughly along these lines:
    - Determine how you want to authenticate external users.
    - Implement or use pre-existing authentication and role providers.
    - Extend the internal web application out to a new web application accessible over the public internet.
    - Configure the extended web to use the appropriate membership/role providers.
    - Configure security as needed to prevent extenral users from accessing stuff they should not be allowed to get at.

    That's a very rough description.

    Totally doable, being done a lot these day.

    Good luck.

    --Paul Galvin of www.Conchango.com @ http://feeds.feedburner.com/PaulGalvinsSharepointSpace
    Saturday, August 30, 2008 10:42 PM
  • If you are still looking for an ISV solution to this problem, and not a "build your own" solution, check out the Epok Edition for Microsoft SharePoint (www.epok.net/flash/demo/epokEdition/epok_edition_preso.html).

    This solution provides what you are looking to do (internal users use AD, external users use either an external AD or SQL using FBA) in a secure fashion. It also provides the ability to require policy acknowledgment prior to user gaining access and full auditing and compliance reporting of external user access. Delegated user administration to trusted business partners is also suported.

    More information can be found at www.epok.net.
    Tuesday, October 28, 2008 3:13 PM