Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Multiple Authentication to SPS2003 Server

  Asked By: Jayshree    Date: Dec 09    Category: Sharepoint    Views: 1044

I've got an external facing SPS 2003 server. It's a stand along box
with everything running on it, and it authenticates to an AD DC.

It's currently configured to use HTTPS and basic authentication.

The problem is that internal users (on the domain) get tons of logon
requests. When they hit the box, they get a logon request. When they
open an office document, they get a logon request.

Is there any way for me to support multiple authentication types?

I'd like to have the external users use HTTPS / Basic and the internal
users use NTLM.

Can it be done? If so, what do I do?

Share: 

 

8 Answers Found

 
Answer #1    Answered By: Bhavesh Doshi     Answered On: Dec 09

You can have a different authentication  type for each Web Application
Zone. Simply extend the existing WebApplication to a new URL. Then in
Central Admin and IIS adjust that URL to use NTLM non-ssl
authentication. If you go to that URL you'll get the same content but
NTLM authentication. The original URL will still be Basic with SSL.

 
Answer #2    Answered By: Elisa Santos     Answered On: Dec 09

When you do this don't forget your to extend Shared Service Provider as
well. Your SSP needs to be extended with the same zone settings as your
sites in order for it to return the proper paths for all extended sites
in search results.

 
Answer #3    Answered By: Tatiana Houston     Answered On: Dec 09

Actually, I just noticed the question was about 2003 and my answer was
for 2007.

But in 2007, NO you wouldn't have to extend the SSP as well. The paths
returned from things like search will be based on the Alternate Access
Mappings of the original site. The SSP is normally on a custom port and
that address is only used to administer the SSP. If the SSP Web
Application also hosts MySites you may have to extend it to get Mysite
access. But search results will not be affected.

 
Answer #4    Answered By: Arlene Hodge     Answered On: Dec 09

Your right. My MySites is on a separate web app, thats why I needed the
additional extending when crawling the main site content. The Zones
needed to matchup.

 
Answer #5    Answered By: Jolene Sandoval     Answered On: Dec 09

One issue worthy of note is that if you have alternate access mappings
that means a new domain. Every time you cross domains you have to
reauthenticate, even if it is the same authentication  method (integrated
works invisibly for IE Intranet Zone sites, but it still
reauthenticates)

What I have done (just yesterday so we'll see how it turns out) is given
my root / website both Integrated and Basic Authentication. ( As
suggested by a blog post that I can no longer find: ) I created a
virtual directory and a redirector forces it to do basic authentication
and then return to the home site. I have to sign out to return to
integrated authentication and client integration (I get mixed results
doing this) but if I'm already signed in with integrated auth, I just
have to link to

https://share.point.app/[VIRTUALDIR]/[MANAGEDPATH]/[SITECOLLECTION]

And it will reauthenticate to basic authentication at
/[MANAGEDPATH]/[SITECOLLECTION].

Using this method I can use the exact same URLs and bookmarks and it
will check my session to see what entry point I came through and which
authentication method it will use for the rest of the session, instead
of making me authenticate AGAIN because some of my links are domain1 and
some are domain2 and the cookies don't match.

 
Answer #6    Answered By: Brandan Roach     Answered On: Dec 09

I didn't completely follow what you are doing here, but keep in mind
there are some known issues with Office clients when both NTLM and Basic
are enabled in the same IIS web application. If you are depending on an
NTLM failure "falling back" to Basic, this doesn't work properly.

 
Answer #7    Answered By: Kai Carney     Answered On: Dec 09

Take a look at
www.microsoft.com/.../en
-us/stsc04.mspx - the approach is to use 2 virtual servers (one
NTLM/HTTP(S) for internal and one Basic/HTTPS) pointing to the same
content.

 
Answer #8    Answered By: Gaurav Nemane     Answered On: Dec 09

Whose machine and camera shal we use for this ?

 
Didn't find what you were looking for? Find more on Multiple Authentication to SPS2003 Server Or get search suggestion and latest updates.