Sharepoint Internal / External Urls
We have a question regarding standard practices for authentication to Sharepoint using internal versus public URL’s via an ISA server. Here is the setup. We have SharePoint server configured to use windows authentication with the Default Zone being https://myportal-internal. We also have to serve users who may or may not be on campus or inside the network. We are facilitating this via an ISA 2006 server, with a public domain name, and using forms based authentication on the ISA server which delegates the users Windows credentials to the SharePoint server.
Our internal users were having a hard time understanding the Windows Authentication dialog boxes that they would sometimes see if they were using the internal URL, such as if they accessed the site via FireFox, or if they were trying to save to a library that was pointing to the internal URL from a laptop they were using from home. The decision was made to have ALL users use the public URL thereby reducing confusion about the URL’s and logon mechanisms, and allowing users to seamlessly move from the internal network to the external network without issues about ensuing they are using the correct URL depending on their location.
The problem with this approach is that when users connect to a list or library with outlook, or any other office program they are prompted to enter credentials via the Windows authentication box if they have not yet logged on to SharePoint using the ISA server, or if they have logged on to SharePoint using the “Public” computer option available from the FBA screen on ISA.
We are trying to determine some standard practices for the URL’s and authentication methods that sites are using.
The two main goals are: It has to be easy for users to login and not be prompted by Windows Authentication dialog boxes throughout the day when accessing resources. The first requirement has to be fulfilled regardless of if the users are on the internal network or accessing SharePoint from home or other remote computer.
Thanks for any information you can provide about your authentication and URL schema’s.