• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Creating a Forgot Password Page

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Creating a Forgot Password Page Page: [1]
Login
Message << Older Topic   Newer Topic >>
Creating a Forgot Password Page - 6.May2008 6:02:29 PM   
dave300

 

Posts: 3
Joined: 6.May2008
Status: offline
I have been customizing the html login forms to create a different look and feel, but I now need to add a link to a "Forgot Password" page. It doesn't appear that you can add new forms within the ISA server, much less edit the server-side code.
 
If the ISA server is the only externally facing server, how/where can I add a new web form to accomplish this? Do I need another web server? Or do I have to add IIS to the ISA Server and set up a separate web application? Somebody mentioned IAG 2007, but I'm not sure how that would help.
 
I'm interested to see what others have done to accomplish this, as it seems like it would be a common request.
 
Any information will help...thanks!!!
 
David
Post #: 1
RE: Creating a Forgot Password Page - 7.May2008 3:54:10 AM   
Tom Decaluwe

 

Posts: 135
Joined: 23.Jul.2003
Status: offline
Hi David,

The ISA server is a firewall and not a webserver, hence why there is no way for you to inject custom html, asp or what ever code into the system. The webforms are there for authentication only and all you can/should do is create custom authentication pages.

If you want to create custom webpages you need a webserver IIS, apache or what ever technology you want. If you stick with MS there are two options with both pro's and con's.

1) Installing IIS on the ISA server:

1.1)Pro's:
- it's a cheap sollutions as you don't need to add an extra system in your network
- It works if you know about the socket pooling and the fact that IIS should bind on an internal IP and you listener on an External IP. more info: http://www.isaserver.org/tutorials/iis6socketpooling.html

1.2) Con's:
- ISA is a firewall and should be treated no differently than any other even if it's a windows server under the hood. Ever installed a webserver on your checkpoint, netscreen, pix,...?
- Not supported setup
- Less secure as a compromise of you IIS wil render your ISA system vulnerable


2) Installing IIS on a second server in your network:


2.1)Pro's:
- The best and most secure setup you can get
- seporate roles are easier to manage as there is no potential conflict, issue,...
- if you webserver starts getting heavy load it will NOT influence the ISA server performance.

2.2) Con's:
- You need an extra server physical or virtual on you internal network
- you need an extra windows license


I have configurations running with both possible setups and both are working perfectly, but for the ISA/IIS combination I ALWAY warn the client about the security risk and have them sign off on this setup to avoid conflicts if anything ever goes wrong. My sugguestion is:

1) Check if there are any other servers on the internal network that have IIS running. You can perfectly add an extra website or virtual directory to an internal exchange system or other webserver.

2) if no other system is available check if you can get a budget for an extra server

3) if there is no other option go for ISA + IIS but warn the end user about the danger and make sure you have it in writing so they don't come yelling at you if something gets compromised.

grtz

Tom

_____________________________

Tom Decaluwť
MCSE 2000/2003 - CCNA
http://www.it-talks.be

(in reply to dave300)
Post #: 2
RE: Creating a Forgot Password Page - 7.May2008 3:26:48 PM   
dave300

 

Posts: 3
Joined: 6.May2008
Status: offline
Thanks for your help!

(in reply to Tom Decaluwe)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Creating a Forgot Password Page Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts