Re: IIS AD authentication on Perimeter server

---

• From: "Consultant" <consultant_mcngp@xxxxxxxxx>
• Date: Wed, 2 May 2007 12:38:13 -0700

---

or adfs

"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uXN0fmMjHHA.4520@xxxxxxxxxxxxxxxxxxxxxxx

You could use ADAM in the DMZ? and same way to replicate AD -> ADAM

Alternatively, setup AD in DMZ with a one-way trust to the domain
internally.

Or lastly, put IIS in your internal network. Use ISA Server in the DMZ to
publish the IIS site.

Cheers
Ken

<templar.m@xxxxxxxxx> wrote in message
news:1178101149.423413.320030@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have an IIS 6 server on our DMZ. I also have a developer that
requires his application to authenticate users into Active directory
this will provide the access to a back end SQL server.

If this was purely an Intranet site I would have only a little
hesitation in allowing all the ports required from the DMZ to the LAN
DC. I want the users experience on the site not to change. So if I can
purely use the browser and not a client VPN that would be perfect. If
an SSL certificate is installed that's fine.

What are some options available?

Thanks....
M

.

---

• References:
  • IIS AD authentication on Perimeter server
    • From: templar . m
  • Re: IIS AD authentication on Perimeter server
    • From: Ken Schaefer

• Prev by Date: IIS administrator tool
• Next by Date: Authentication Timeout
• Previous by thread: Re: IIS AD authentication on Perimeter server
• Next by thread: Unable to getfolder from Virtual Directory
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Firewall & DMZ ... The IIS server not knowing that the internal network exists is not entirely ... the IIS in the DMZ should be connected to the internal network ... (microsoft.public.inetserver.iis.security) Re: IIS/DC on DMZ? ... >I inherited configuration with IIS and DC (and Exchange Server) on the same ... Network firewall is 3COM with DMZ. ... >computers and DB server on internal network? ... (microsoft.public.inetserver.iis.security) Re: Domain Authenication with the public dmz ... You could have a separate domain in the DMZ. ... But my personal suggestion is look at ISA Server web publishing. ... through to the IIS box. ... (microsoft.public.dotnet.framework.aspnet.security) Re: IIS/DC on DMZ? ... Having a DC and IIS box ... DMZ and use your firewall to NAT the connections and only ... >>computers and DB server on internal network? ... (microsoft.public.inetserver.iis.security) Re: PLEASE HELP! Authentication problem ... Have you considered ISA Server Web Publishing? ... ISA Server acts as a reverse proxy to the IIS box, so you only need to open ... or a sub-domain in the DMZ where the trust does not flow back up the tree ... : I'm looking for some secure solution:) ... (microsoft.public.inetserver.iis)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2007-05