I have a task to complete for a customer and it is strange one. they want to host a IIS server in DMZ with also resource on the same IIS server that will only be serving their domain users. ( so what's point having it in DMZ if it not going to be accessible by non-domain users?? no idea! )
this is only one single server with no backend SQL. The main aim is to allow domain users to access this resource from any device. I believe this concept has security concerns since it will be accessible from any device ( at least that is what think!)
my question is what is the best way of authenticating users with their domain when server is in DMZ? my suggestion would be to use citrix to publish the content to users but citrix works with front end and back end system. any way I can have IIS server with its content on a single citrix server?
in the worst scenario I am going to suggest server to be put in normal domain