|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
- How to setup AD authentication when IIS in in the DMZ?I need to be able to access AD to authenticate users coming to a .NET
application running on an IIS which is in the DMZ... Here are the details: My .NET app resides on a Win 2003 Server with IIS6 in the DMZ of the firewall Win 2000 AD tree can be accessed through a dedicated server via IP + nonstandard port (not 389) + username + password (read-only permissions)... By accessing AD I mean I can see the tree via LDAP browser So far I was able to authenticate only users with local machine accounts... I also tried setting up Digest authentication (by entering IP of the AD server) to no avail... Could someone help me out with this please... I am totally stuck here... What you want to do isn't really a recommended solution security wise.
Two alternate methods I would suggest: a) use ISA Server in your DMZ to publish your IIS server, which is located inside your network. ISA Server needs port 443 (or port 80) access to your internal IIS Server. IIS Server can communicate with AD fine internally b) put a DC in your external DMZ, as another domain in your forest. Create a one-way trust between your two domains (since you have Win2000, you can't use forest trusts IIRC) Cheers Ken Show quoteHide quote "Dan" <da***@softhome.net> wrote in message news:u$SVQyzqGHA.4960@TK2MSFTNGP04.phx.gbl... >I need to be able to access AD to authenticate users coming to a .NET >application running on an IIS which is in the DMZ... > > Here are the details: > > My .NET app resides on a Win 2003 Server with IIS6 in the DMZ of the > firewall > Win 2000 AD tree can be accessed through a dedicated server via IP + > nonstandard port (not 389) + username + password (read-only > permissions)... By accessing AD I mean I can see the tree via LDAP browser > > So far I was able to authenticate only users with local machine > accounts... I also tried setting up Digest authentication (by entering IP > of the AD server) to no avail... > > Could someone help me out with this please... I am totally stuck here... > 
Other interesting topics
Supressing Public ASP Error Codes
Microsoft URL Scan Pass though authenticateion Urlscan 2.5 question Getting Ip address of the actual client 404 errors on downloading files Problem with Anonymous Access IIS default file permissions used improperly? Integrated Windows Authentication results in -2146893052 (0x80090304) SSL warning message for Intranet site |
|||||||||||||||||||||||
