From: MR. UNDERHILL (anonymous_at_discussions.microsoft.com)
Date: Fri, 28 May 2004 12:01:06 -0700
I know that there is a LOT of info around related to this, but I'm in a middle of a rush an I need a quick answer. I want to confirm something:
I'm planning to distribute my application using .NET Remoting, I have my UI connection to a IIS hosting the Service Layer, communication between clients and server (UI and IIS) is tranmited over HTTPS/BINARY. My concern is in relation to the authentication mechanisms. I'll like to use windows authentication check-point at the IIS side. I just want to confirm if I'm right thinking that if, my UI clients are connection over the WAN not part of the domain, the credentials transmited are gonna need to match a user/password define on my server (IIS). I want to have my IIS hosting the Service Layer in a DMZ, so, I'll like not to have my server (IIS) as part of the domain, that means that every client will need to match user/password define at the server level as local machine users. Is that right? or I'm totally lost?
Please give me ideas for best practice, I really want to use IIS to use it as a security platform and HTTPS/BINARY as communication, but I'm not sure about authentication is this kind of scenerio, what will be the best?