I have a company that has a custom database program accessable by browser on their LAN. It automatically created a virtual directory which is accessable on the network, and all machines access it by IE. Is it wise to have them ALWAYS authenticate first by their windows passwords, then type in a 2nd login to this jobtracker program? Or let maybe Outlook Web Access, and JobTracker have anonymous web access and use their own credentials first.
At first whoever set this up for them had ALL sites from default site down restricted by IP to the internal LAN range, and nothing worked from outside the network. So I changed that at Default site (but did not propogate it to anything in sub folders) and sure enough I could access both the default site and the /jobtracker/ subfolder from outside on the net.
Not sure on the "best practice" here as I rarely do IIS stuff, so any advice is appreciated. How should I restrict IPs? How should authentication be handled?