Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 542
  • Last Modified:

Sharepoint 2010 - Internal / External security setup - proper way

I just installed a new Sharepoint site - it's working internal as

http://sharepoint.company.com

I want to make it work externally as

https://sharepoint.company.com

I have extended the site to the new URL, and I can go in IIS an setup the SSL for that site.

My questions are:

1. Is it easier to just do everything (internal and external as https?  Or will it create more overhead internally?
2. I want people on Domain machines internally, to not have to enter their password - how do I set that up?
3. What is the proper way to authenicate the external people comming in via SSL?  (What authenication provided should I use?)

0
erikwhiteway
Asked:
erikwhiteway
  • 3
  • 2
1 Solution
 
GeorgeGerguesCommented:
There are so many ideas.

but from years in this area , I think it would be better to go for the most common solution

In general web servers should have the same name whether they are internal or external  . they can do http and https as needed .

On the other hand restricting the type of traffic is more of firewall / network policy that is restricted to the external users and not the internal user .. etc.


So with that being said. ,


Make single application for internal and external users with windows authentication .

create http://sharepoint.company.com

on the Alternative access mapping add https://sharepoint.company.com

that is all


If you want to have multiple zones ( which I would not do serving the same security level "Internal Users" ) is Extend to a different name .


Best of luck.
0
 
ufarooqCommented:
Hey  George,  are  you saying that  its ok to use AAM for  same sharepoint site with out extending it to a new web app ? . for example if i have site http://ABC and if i want to access using http://xyz i can just go to AAM and enter there ( no need to extend my web app ??)


1. Is it easier to just do everything (internal and external as https?  Or will it create more overhead internally?
it depends what application  you are using for this purpose . lets say if you are using F5 , yes its easy to configure https for both authentication . it is also better to do it this way for increased security .  you can also configure internal people with http and external with https but it just more work for you.

2. I want people on Domain machines internally, to not have to enter their password - how do I set that up?
even if you will configure all with https people who are internal using win authenticaion will not have to enter password

3. What is the proper way to authenicate the external people comming in via SSL?  (What authenication provided should I use?)
you can have farm based authentication set up for this purpose using membership providers . you can either use dat abase authenticaion meethod where external users will be stored inthe database and you can also use ADAM ?Light weight directory which ever you feel comfortable with .

0
 
erikwhitewayAuthor Commented:
I've got the basic setup done, but internal users (and I guess external users too) keep getting password prompts everytime they log in and when they go to open a file.

Is there a way to auto log in with the domain user account.
and a way to stop it from prompting for users everytime they open a file?
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
GeorgeGerguesCommented:
can you add the site to the local intranet zone on your Internet explorer. ?
0
 
erikwhitewayAuthor Commented:
That made no change (make it intranetl zone).
0
 
erikwhitewayAuthor Commented:
I fixed the site so users can open PDF that are attatched (how stupid is that default).

I still have users complaining that they have to put the password in to word everytime they open a file (on an internal computer).
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now