PANVEGA’s Blog

DotNet Development, SharePoint Customizing, Silverlight, MS Infrastructure and other tips and tricks

Dual Authentication Providers in SharePoint 2007

Posted by PANVEGA on March 17, 2009

In a production environment, I would opt to install both on to a machine even though it will be primarily Internet\Extranet facing, even if it is using the local directory services.  This gives a backdoor to managing the site should you have problems with the forms authentication mechanism (or other).

In order having many different third party authenticatin providers for your SP application you can solve this problem in SharePoint 2007. In the new version different authentication providers are supported. In fact, different providers can be used together for the same site! A major improvement which will make a lot of people very happy.

A single web application only supports a single authentication provider, such as Windows, Forms, etc. That mean, you can not use one application (Domain namsepace) for 2 or more authentication providers.

Zones: A zone is a way to map multiple web applications to a single set of content databases.  It is also can be a division of authentication providers.  For example, you can create a new web application, create a content database and configure it to use Windows authentication.  You can then create a second web application and map it to the first.  When you do that you need to assign a zone with which the second web application is associated, such as Intranet, Internet, Custom, or Extranet.  The second web application can also use a completely different authentication mechanism, such as forms.

Necessary steps:

  1. Internet users logon to a membership database using forms based authentication (FBA).
  2. Internal users logon to the domain.*
  3. The SharePoint site is not duplicated for internal and external, thus they share the same site and resources.

The goal is to provide an experience that achieves three requirements:

  • Allow content owners/authors to authenticate on the site using their corporate Active Directory credentials in order to manage the Web site’s content.
  • Allow unauthenticated, anonymous users, to browse the unrestricted areas of the Web site.
  • Require anonymous user to provide a friendly Web-based form to login in order to consume restricted content.

Iwill demonstrate in a few steps how all three goals can be achieved using MOSS 2007 and WSS v3 in this article.

For detail steps follow the post from Andrew Connell

  1. Setting Up ASP.NET 2.0 Forms Authentication User & Role Data Store

    1. Create the ASP.NET 2.0 Database
    2. Configure Membership & Role Providers
    3. Create A User
  2. Creating Two Web Applications, One For Each Authentication Mechanism

    1. Creating the http://extranet IIS Web site
    2. Creating the http://internet IIS Web site

    First, I am going to create a web application for the public facing site, when the web application is created I will use host headers to indicate the site name, this will leave us with a default zone.  Then the internal site will be added by extending the web application, to with a different host header. Create a web application, at this point I did a standard NTLM site and did not configure anything else.

  3. Configure The Web Applications To Communicate With The ASP.NET 2.0 Forms Authentication Data Store

    1. Configure http://extranet & http://internet
    2. Configure SharePoint Central Administration
  4. Enabling Forms Authentication On One Web Application

  5. Enabling Anonymous Access

  6. Configuring A Section Of the Site For Authenticated Users Only

More Links:

http://grounding.co.za/blogs/brett/archive/2008/01/09/setting-up-dual-authentication-on-windows-sharepoint-services-3-0-forms-and-ntlm.aspx

http://blogs.msdn.com/sharepoint/archive/2006/08/16/702010.aspx

http://blogs.tamtam.nl/mart/AuthenticationProvidersInSharePoint2007.aspx

Advertisements

2 Responses to “Dual Authentication Providers in SharePoint 2007”

  1. This post is awesome, nice work!

  2. Deb said

    Your post was great! Question though: When extending a website shouldn’t the second iis website contain the same database name as the first created website?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: