tags:

views:

165

answers:

0
Q: 

Standard SharePoint internal vs public URL's and authentication

Sharepoint Internal / External Urls

We have a question regarding standard practices for authentication to Sharepoint using internal versus public URL’s via an ISA server. Here is the setup. We have SharePoint server configured to use windows authentication with the Default Zone being https://myportal-internal. We also have to serve users who may or may not be on campus or inside the network. We are facilitating this via an ISA 2006 server, with a public domain name, and using forms based authentication on the ISA server which delegates the users Windows credentials to the SharePoint server.

Our internal users were having a hard time understanding the Windows Authentication dialog boxes that they would sometimes see if they were using the internal URL, such as if they accessed the site via FireFox, or if they were trying to save to a library that was pointing to the internal URL from a laptop they were using from home. The decision was made to have ALL users use the public URL thereby reducing confusion about the URL’s and logon mechanisms, and allowing users to seamlessly move from the internal network to the external network without issues about ensuing they are using the correct URL depending on their location.

The problem with this approach is that when users connect to a list or library with outlook, or any other office program they are prompted to enter credentials via the Windows authentication box if they have not yet logged on to SharePoint using the ISA server, or if they have logged on to SharePoint using the “Public” computer option available from the FBA screen on ISA.

We are trying to determine some standard practices for the URL’s and authentication methods that sites are using.

The two main goals are: It has to be easy for users to login and not be prompted by Windows Authentication dialog boxes throughout the day when accessing resources. The first requirement has to be fulfilled regardless of if the users are on the internal network or accessing SharePoint from home or other remote computer.

Thanks for any information you can provide about your authentication and URL schema’s.

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication