|
awj -> Web publishing from DMZ authentication methods (2.May2008 11:48:47 AM)
|
I am looking for suggestions on what the best approach to publishing an SSL web site in this scenario might be.
The configuration all on Windows 2003 server
IIS Web Server for the application located in the DMZ using SSL with same certificate also installed on ISA Listener set to SSL only traffic.
- currently on stand along machine
Backend Server for the application on internal LAN
- rule setup to allow required traffic between web server and back end server
Firewall is member of the internal Domain
The application is capable of checking who the currently logged on user is in windows and then pass through authenticating them if the username matches one in its internal database (the domain is not checked only the username e.g john.smith)
I want to either authenticate with the internal domain by setting up a group of users on the firewall rule pulled from the internal domain and then the username should be available for the app to check against
or
Other option i had considered was creating a new Domain in the DMZ and trying to use this to authenticate the users but i am not sure how i can link a domain the firewall is not a member of to be used for authentication at the firewall.
PS The application can present a web form that allows a user to login but i am trying to prevent anyone even getting to the web site until they hae succesfully authenticated.
Any suggestions or further questions most welcome.
|
|
|
|